t cht lk
t cht lk
Anand Oswal , SVP and GM of Network Security ,
Palo Alto Networks
How AI usage may be breaching your defences
Well-intentioned use of GenAI may result in an unintentional increase in risk . Blocking these technologies may limit your organisation ’ s ability to gain a competitive edge , so that is not the answer either . Companies can , and should , take the time to consider how they can empower their employees to use these applications securely .
The adoption of unsanctioned GenAI applications can lead to a broad range of cybersecurity issues , from data leakage to malware . That is because your company does not know who is using what applications , what sensitive information is going into them , and what is happening to that information once it is there .
And because not all applications are built to suitable enterprise standards for security , they can also serve malicious links and act as entryways for attackers to infiltrate a company ’ s network , giving them access to your systems and data . All of these issues can lead to regulatory compliance violations , sensitive data exposure , IP
Thierry Nicault , AVP theft , operational disruption and and General financial Manager losses , .
Salesforce Middle East Here are a few areas for considerations .
Embedded in AI
The potential for exploits and vulnerabilities can be lurking underneath the surface of the GenAI tools being used by your teams . Given the incredibly fast rate at which many of these tools have been developed and brought to market , you often do not know whether the model being used was built with corrupt models , trained on incorrect or malicious data , or is subject to a broad range of AI-specific vulnerabilities .
Visibility
You cannot protect what you do not know about . One of the biggest challenges IT teams face with unsanctioned applications is that it is difficult to respond to security incidents promptly , increasing the potential for security breaches . Every enterprise must monitor the use of third-party GenAI applications and understand the specific risks associated with each tool .
Data security
Are your teams sharing sensitive data with the applications ? IT teams need to block sensitive data from leaking to protect your data against misuse and theft . This is especially important if your company is regulated or subject to data sovereignty laws .
In practice , this means monitoring the data being sent to GenAI applications , and then leveraging technical controls to ensure that sensitive or protected data , such as personally identifiable information or intellectual property , is not sent to these applications .
Tools in use
Building on the understanding of which tools are being used , IT teams need visibility into what data is flowing in and out of corporate systems . This visibility will also help detect a security breach so it can be identified and rectified quickly .
Control
IT teams need the ability to make an informed decision on whether to block , allow or limit access to third-party GenAI applications , on either a per-application basis or leveraging risk-based or categorical controls . For example , you might want to block all access to code optimisation tools for all employees but allow developers to access the third-party optimisation tool that your information security team has assessed and sanctioned for internal use .
It is a recommended best practice to monitor and control data flowing from the applications to your organisation for malicious or suspicious activity . global events , presents new challenges for maintaining cybersecurity . In response to these challenges , organisations need to implement secure access solutions like Virtual Private Networks and robust endpoint security measures to protect devices and sensitive data outside the traditional network perimeter .
Leveraging Artificial Intelligence , AI and machine learning can also provide a significant advantage in this ongoing battle . AI-powered systems can analyse vast amounts of data in real-time to detect anomalous behaviour and potential threats , enabling quicker and more effective responses to security incidents . That being said , shoring up digital defences means leaving no stone unturned and addressing every possible vulnerability . This is why it ' s essential to ensure that all aspects of infrastructure have been thoroughly guarded and protected .
Every component , from the most visible systems to the often overlooked , must be scrutinised and fortified . This comprehensive approach is crucial to safeguarding against potential threats and ensuring the resilience and security of the entire digital ecosystem .
Custom OS
Because a chain is only as strong as its weakest link , securing critical infrastructure requires a multi-layered defence , starting with the very components themselves .
Starting from creating a stripped-down Operating System , OS , which includes only the essential components needed for server operations . By eliminating unnecessary features , the OS becomes leaner , more efficient , and less vulnerable to attacks .
80 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com