CIO OPINION unknowns . AI and the growing use of cybersecurity mesh architectures provide the opportunity to turn the size and complexity of this digital environment liability for network defenders into a potential advantage .
Sensors linked in a common architecture allow network operators and defenders to generate data in real time , and increasingly powerful AI and ML can make sense of it in real time .
Malicious cyber actors seldom succeed the first time they attack a target , even using AI , but rely on their failed attacks being missed in the deluge of alerts flooding into an enterprise security operations centre each shift . AI helps spot anomalous activity , determine which anomalies are attacks , generate a real-time response to block the attack and inoculate the rest of the organisation ’ s digital assets against further attacks .
Weakening data privacy levels
Remember , AI and ML are fuelled by data , and the more data they have to train on and work with , the more
Do not let GenAI initiatives weaken your data privacy surface
• Run a foundational model in a private environment so the training data and output remain segregated .
• This will trade off some of the breadth and power of dynamic live LLM data for the assurance that your queries will not expose your organisation ’ s sensitive data to outsiders .
• Use retrieval-augmented generation that uses validated external data to finetune the accuracy of foundational models without feeding them additional training data . This approach reduces security and accuracy risks .
• Run data loss prevention as a filter on input into public LLM .
• Talk to your GenAI provider and tailor your use cases with data security in mind .
• Look into privacy and security settings . Can you prohibit your data from being saved ? Can you do it manually ? On a timed basis ? Can you run queries with anonymised data ?
• If you use third-party apps or Software-as-a-Service providers that have embedded GenAI into their tools , ask the same questions and determine how they safeguard your input and results .
• Incorporate strict access controls .
• Limit the use of specific datasets to authorised users .
• Use privacy-enhancing technologies with data obfuscation , adding noise or removing identifying detail , anonymisation , encrypted data processing , homomorphic encryption , multiparty computation , federated , distributed analytics on centralised housed data , processors cannot see content , and data accountability tools , user defined control .
• Take a hard look at the volume of data . The more data you provide , the greater the likelihood of leakage .
• Train the team using the model to reflect best practices , compliance , and threats .
effective they are . Generally , those who operate and defend an enterprise environment are better positioned to have such data than those seeking to break into the network . Some niches , such as spear phishing , asymmetrically favour the attacker ; but as a general proposition , the big data arms race favours the defender .
As empowering as AI is for CISOs , enterprises face other challenges relating to using AI in the workplace . A key concern is that data contained in GenAI queries becomes part of the large language model dataset used by these models . Other common problems include copyright infringement , revealing personally identifiable information , unknown use of biased or objectionable data , and AI hallucinations , which is glib but patently wrong output .
Many organisations are proceeding cautiously in their use of GenAI ; but in most cases , the workforce does not understand the reasons for this deliberative pace or see the digital guardrails that are being implemented .
They are becoming accustomed to using GenAI in their private lives and experimenting with it independently in the workplace . GenAI has become the latest form of shadow IT that CISOs and CIOs must deal with .
You should look at taking advantage of AI , but be smart about it . Investigate the market and work with providers whose commitment to security matches your needs . p
46 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com