AI is in its inception phase in terms of industrialization. Individuals and organizations are experimenting with applications of AI. One participant said it is a bit “Wild West” when it comes to security.
On March 20, 2024 Elizabeth Press from D3M Labs and Hannah Suarez from Superuser OÜ co-hosted a round table about AI & Information and Cyber Security with Founders, Data Leaders and Cyber Security Leaders.
What are the new Risks and Opportunities with using AI in my company/organization?
Large Language Models
Open LLMs are trained on a wide range of data sources, offering versatility across tasks. However, their use may inadvertently lead to information leakage. Moreover, concerns exist regarding data poisoning, hallucinations, and transparency regarding input and data quality. Notably, not all companies, particularly smaller organizations, can leverage Local LLMs.
Samsung had highly publicized information leakages due to employees inputing sensitive data into ChatGPT.
The Blackwell Superchip
Microsoft Azure announced that it will adopt NVIDIA Grace Blackwell Superchip, which will advance AI Architecture that is available on the market, availing trillion-parameter foundation models through the Grace Blackwell.
The potential impact of Generative AI on employment poses a significant social risk. Presently, the quality of the output is limited, and use of Generative AI often serves to enhance efficiency, such as using Copilot for code generation. Human intervention remains essential for ensuring output quality. Yet, the question remains: for how long will this reliance on human intervention remain?
The Modern Data Stack and Cloud-based Supply Chains
In the dynamic landscape of modern data teams, data science competencies, and digital enterprises, supplier risk looms large. The “modern data stack,” cloud-based supply chains, and interdependencies introduce complexities. Organizations rely on various vendors for critical components, from storage to analytics. However, this reliance comes with inherent risks. Vendors’ reliability, security vulnerabilities, data privacy compliance all impact data continuity.
Trello, a popular project management software platform, was scraped and leaked on the dark web. Approximately 15 million users were affected by this breach.
How do you foster a cyber and information security aware culture in a digital organization, especially in a data team?
Standardized Work, Documentation, Transparency
A culture characterized by standardized work, meticulous documentation, and adherence to best practices establishes a solid groundwork for fostering a healthy work environment conducive to heightened security awareness. Additionally, promoting transparency simplifies the path to frameworks such as ISO 27001:2022 and SOC 2 Type 2.
Acceptable Usage
Policies on acceptable usage of LLMs is also a great way to foster a security aware culture when it comes to Generative AI. The International Society of Computational Biology (ISCB) has published a Policy for Acceptable Use of Large Language Models.
Empowered CISO
Empowering the CISO with accountability and responsibility to create a security aware culture and adhere to frameworks is also important.
How can AI be used to enhance cybersecurity?
AI can be very effective in detecting phishing, often better than humans.
Cyber attackers frequently innovate at a pace surpassing that of cyber defenders. Cybercrime has evolved into a significant industry, sometimes backed by state actors. The methods and sophistication exhibited by attackers in your organization’s threat landscape are contingent upon the profile and nature of your organization.
AI-powered features are indeed becoming an expected standard in cybersecurity and among various digital service providers, including those operating in the cloud
Conducting due diligence on third-party suppliers is crucial. Both SOC 2 Type 2 and ISO 27001:2022 emphasize the importance of evaluating and managing third-party suppliers effectively. They require organizations to assess the security posture and practices of their suppliers to ensure they meet certain standards and requirements. This includes conducting risk assessments, implementing controls, and establishing agreements to address security concerns associated with third-party relationships.
Do you want to create a security-aware AI-ready organization? Would you like an assessment, roadmap and assistance getting ISO 27001 : 2022 certified? Email: Elizabeth.Press@d3mlabs.de
The German version: Mutige Fragen zu KI & Information und Cybersicherheit Round Table # 1 – The Data-Driven Decision Making Blog (d3mlabs.de)
Read Bridging the Gap: AI and Information & Cybersecurity
Watch „Unlocking Business Value Through Cyber and Information Security,“ and conversation with Hannah Suarez and Elizabeth Press.
Interview with Hannah Suarez from Superuser OÜ about how ISO 27001 : 2022 certification drives business value.
