The Dynamic Influence Of AI On Business Cybersecurity

AI has advanced rapidly in recent years. From a commercial standpoint, we're now witnessing  the influence generative AI is having on businesses, both positive and negative. While ChatGPT and Bard have proven to be useful tools for developers, marketers, and consumers, they also run the danger of mistakenly disclosing sensitive and confidential information.

As a result, from a security standpoint, it is always advantageous to plan ahead of time and anticipate what can happen next.

"Interactive AI" is one of the most recent advances in AI technology, and Mustafa Suleyman, co-founder of DeepMind, described it as "a huge shift in what technology can do." To put it simply, interactive AI is more than just data analysis and user instructions in the form of prompts. When engaging with humans and other technological tools, it is far more sensitive and adaptable.

As we continue to explore this new area of AI, it is critical that we keep in mind the security dangers and implications it poses for companies. As cybersecurity professionals, it is our responsibility to maintain control over the technology and to establish clear guidelines and constraints on its capabilities.

Interactive AI can be used for activities like geolocation and navigation or speech-to-text applications, ushering in the next generation of chatbots and digital assistants. While generative AI tools can write code, conduct computations, and engage in human-like discussions, interactive AI can also produce new material.

What We Have Learned From The GenAI Phase

When considering the security implications of advancements in AI technology, such as interactive AI, we must first address existing concerns about generative AI models and LLMs. These include ethical considerations, political and ideological biases, unfiltered models, and offline functionality.

Specifically, ethical considerations allude to the necessity of avoiding LLMs engaging in unethical or inappropriate behaviour.

Developers have been able to construct restrictions and guardrails that ensure AI systems refuse requests for dangerous or immoral content by going through a process of 'instruction tuning' to fine-tune their models. As interactive AI develops and gains more autonomy than generative AI models, we must make certain that these policies and safeguards stay in place to prevent AI from interacting with harmful, objectionable, or unlawful information. 

Moreover, unfiltered AI chatbots have posed a huge security concern since they operate outside of the limits imposed by closed models such as ChatGPT. One distinguishing element of these models is their offline functionality, which makes usage tracking challenging. The lack of control should raise red flags for security professionals, as users may engage in illegal activities without discovery.

Businesses that want to engage with interactive AI must learn from these worries about the generative wave as they implement the technology’s next generation.

Best Practice For Business Security

As with any new technology, organisations must collaborate with IT and security teams, as well as their workers, to create strong security measures to manage the related risks. 

This might include the following as best practice:

Adopting a data-first strategy:   This approach, especially within a Zero Trust framework, prioritises data security within the business. By identifying and understanding how data is stored, used, and moves across an organisation, and controlling who has access to that data, it ensures security teams can quickly respond to threats such as unauthorised access to sensitive data.

Strict access controls:   With hybrid and distributed workforces, this is crucial to preventing unauthorised users from interacting with and exploiting AI systems. Alongside continuous monitoring and intelligence gathering, limiting access helps security teams identify and respond to potential security breaches in a prompt manner. This is a more effective approach than outright blocking tools, which can lead to a shadow IT risk and productivity losses.

Collaborating with AI:    On the opposite end of the scale, AI and machine learning can also play a significant role in enhancing business security and productivity. It can aid security teams by simplifying security processes and improving their effectiveness so they can focus their time where it’s most needed. For employees, adequate training around the safe and secure use of AI tools is a must, while also recognising the inevitability of human error.

Establishing clear ethical guidelines:   Organisations should outline clear rules for the use of AI within their business. This includes addressing any biases and ensuring they have built-in policies and guardrails to prevent AI systems from producing or engaging with harmful content. This is now an ongoing process as businesses have created corporate policies for AI tools, including those leveraging existing GPTs and proprietary AI tools. These policies govern usage and data protection. Large enterprises should look to fine-tune their own Large Language Models (LLMs), requiring expanded AI corporate policies and security policies to protect proprietary company data.

While interactive AI  represents a huge advancement, companies must exercise caution in this new territory.

AI is here to stay - that’s a fact. A more moral and responsible AI-powered future can be achieved by using the advantages of new developments in AI while reducing the danger of exploitation by putting best practices and strong security measures, such as embracing a data-first policy, into effect. 

Jason Kemmerer is Solutions Architect - Data Security and Insider Risk at Forcepoint

Image: Shubham Dhage

You Might Also Read:

AI As A Standalone Cybersecurity Solution:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Prioritising Prevention Is Better Than Paying Ransom
Data Compliance When Using MS Copilot »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service — basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

Tokio Marine HCC

Tokio Marine HCC

Tokio Marine HCC is a leading specialty insurance group with a Financial and Professional product line including Tech and Cyber.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

CyberconIQ

CyberconIQ

CyberconIQ provide an integrated Human Defense Platform that reduces the probability and/or the cost of a cybersecurity breach by measurably improving our clients risk posture and compliance culture.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security