4 Ways Generative AI Will Impact CISOs and Their Teams
Overview
Impacts
A proliferation of overoptimistic generative AI (GenAI) announcements in the security and risk management markets could still drive promising improvements in productivity and accuracy for security teams but also lead to waste and disappointments.
Consumption of GenAI applications, such as large language models (LLMs), from business experiments and unmanaged, ad hoc employee adoption creates new attack surfaces and risks to individual privacy, sensitive data, and organizational intellectual property (IP).
Many businesses are rushing to capitalize on their IP and develop their own GenAI applications, creating new requirements for AI application security.
Attackers will use GenAI. They’ve started with the creation of more seemingly authentic content, phishing lures, and impersonating humans at scale. The uncertainty about how successfully they can leverage GenAI for more sophisticated attacks will require more flexible cybersecurity roadmaps.
Caveat Emptor (Let the Buyer Be Aware)
Recommendations
To address the various impacts of generative AI on their organizations’ security programs, chief information security officers (CISOs) and their teams must:
Initiate experiments of “generative cybersecurity AI,” starting with chat assistants for security operations centers (SOCs) and application security.
Work with organizational counterparts who have active interests in GenAI, such as those in legal and compliance, and lines of business to formulate user policies, training, and guidance. This will help minimize unsanctioned uses of GenAI and reduce privacy and copyright infringement risks.
Apply the AI trust, risk, and security management (AI TRiSM) framework when developing new first-party, or consuming new third-party, applications leveraging LLMs and GenAI.
Reinforce methods for assessing exposure to unpredictable threats, and measure changes in the efficacy of their controls, as they cannot guess if and how malicious actors might use GenAI.
Attackers Will Use Generative AI
CISOs and their teams must approach this threat without a strong fact base or direct proof of the full impact of the adversarial use of GenAI. In How to Respond to the 2023 Cyberthreat Landscape, Gartner categorized “attackers using AI” as an uncertain threat. Uncertain threats can often be real but lack a direct and obvious immediate response from targeted enterprises. Assess third-party security products for non-AI-related controls and AI-specific security functions.
Test emerging products for potential risks like misinformation, biases, and illegitimate information.
Implement temporary manual review processes if needed.
Deploy automated actions gradually with accurate tracking metrics.
Ensure automated actions can be easily reverted.
All AI and LLMs are susceptible to hacks. It is too early to adopt AI if you want privacy or security. It is highly advisable to obtain a cybersecurity expert before implementing any A.I. application for sensitive or proprietary data
Include LLM model transparency in third-party application evaluations.
Consider the advantages of private hosting for LLMs while assessing operational challenges.
Address security challenges specific to AI applications, including explainability, ModelOps, security, and privacy.
Establish corporate policies and user guidelines to minimize risks associated with generative AI applications.
Prioritize security resource involvement in critical areas to mitigate threats.
Evaluate and adapt security infrastructure to address emerging threats posed by GenAI.
Run experiments with new security features and benchmark generative cybersecurity AI against other approaches.
Determine corporate feedback mechanisms to enhance the efficacy of AI applications.
Ensure transparency in data processing and supply chain dependencies.
Choose fine-tuned models aligned with specific security use cases.
Explore prompt engineering and API integrations for enhanced security controls.
Prefer private hosting options for added security and privacy measures.
These points summarize the essential considerations and recommendations provided in the Gartner Reprint for the effective adoption and management of generative AI technologies in cybersecurity.
How can organizations effectively assess third-party security products for both general controls and AI-specific security functions in the context of generative AI technologies?
What are some key security challenges specific to AI applications, such as explainability, ModelOps, security, and privacy, and how can these challenges be effectively addressed in the cyber security domain?
The United States Computer Emergency Readiness Team (CERT) defines a malicious insider as one of an organization’s current or former employees, contractors, or trusted business partners who misuse their authorized access to critical assets in a manner that negatively affects the organization. Malicious insiders are harder to detect than outside attackers, as they have legitimate access to an organization’s data and spend most of their time performing regular work duties. Thus, detecting malicious insider attacks takes a long time. The 2020 Cost of Insider Threat [PDF] Report by the Ponemon Institute states that it takes an average of 77 days to detect and contain an insider-related security incident.
Origin: https://www.ekransystem.com/en/blog/portrait-malicious-insiders
© Ekran System
Gartner Reprint