During this technological evolution, business leaders are looking for new and improved IT tools that offer speed and efficiency, but many are blind to the potential security risks. Omer Grossman, Chief Information Officer, CyberArk, offers some effective pointers for businesses to follow in order to securely embrace the enterprise AI opportunity.
Artificial Intelligence (AI) is making its mark on the enterprise. The technology has the potential to revolutionise every aspect of business operations, from customer-facing applications and services to backend data and infrastructure to workforce engagement and empowerment. However, as AI capabilities grow, so too do the security risks.
Identity security is a particular area of concern, with a huge 90% of organisations experiencing at least one identity-related breach in the past year. The potential for cyberattackers to use AI for deepfake fraud attacks and Machine Learning based social engineering creates a new realm of potential identity security threats for businesses to deal with.
To confront this situation, IT and security executives must seize new business opportunities while simultaneously managing the inherent risk posed by AI-enabled tools. A commitment to prioritising security and the ability to adapt and remain agile are crucial – the below five steps are an effective starting point for businesses to follow in order to securely embrace the enterprise AI opportunity.
1. Define your AI position with security in mind
Businesses should begin by defining their organisation’s stance on AI while considering its impact on security. Whether your company is already using Generative AI at enterprise scale or just exploring a proof of concept to test the waters, clarity from the top down is essential. A well-communicated position ensures alignment throughout your organisation and also ensures security processes are established with AI in mind.
2. Open the lines of communication
Establishing AI-specific company guidelines and employee training is crucial, but genuinely impactful dialogue is a two-way street. Encouraging employees to share AI-related questions and ideas is a great way to tackle emerging challenges and devise creative AI strategies as a team. Creating cross-functional teams that can address these submissions from all standpoints – including innovation, growth and security – is also important as it ensures employees feel their inputs are adequately actioned.
3. Rethink internal software request processes
According to the 2023 CyberArk Identity Security Threat Landscape Report, employees in 62% of organisations use unapproved AI-enabled tools, increasing identity security risk. Faced with this practical reality, this shows that IT and security leaders have to change the way they approach AI adoption, encouraging AI-powered innovation rather than blocking its potential.
Further, IT departments in a range of industries are experiencing a surge in workforce requests for AI-enabled tools and add-ons. Rather than enforcing blanket ‘no AI’ policies, organisations should instead look to enhance how they vet third-party software and ensure it won’t jeopardise security. AI-fuelled phishing campaigns are becoming increasingly convincing, so having the right level of due diligence ensures workers can benefit from AI without putting security at risk.
4. Speak the CFO’s language
The onus on technology leaders to build operationally efficient platforms and environments continues to grow, particularly given the current economic climate. Demonstrating AI as more than just a nice to have but instead as a tool with real business value is essential to getting buy-in from CFOs. An honest, rational approach backed by hard data is critical; illustrating how a tool can help safely advance multiple business priorities is even more powerful.
5. Continuous AI threat assessment
Vigilantly assessing AI-enabled tools before and during their use is the only way to continuously assure their safety. Businesses must be prepared to block and roll back any AI-enabled tool if it’s necessary for security reasons. Ultimately, staying one step ahead of attackers means thinking like one, focusing on the vulnerabilities that an AI tool might pose.
Amplifying security approaches with AI
AI is playing a big role for IT and security teams when it comes to enhancing cybersecurity efforts and resilience. Human talent is still critical for combatting emerging threats, however, AI can help bridge some of the gaps caused by the 3.4-million-person cybersecurity worker shortage.
Generative AI also has the potential to transform security functions as it continues to improve. Security Operations Centres (SOC) are a prime example – some of the more time-intensive security tasks, such as triaging level-one threats or updating security polices, can be automated with the right software. This can save SecOps professionals time to focus on more satisfying work, which could potentially reduce staffing shortages and curb employee turnover and attrition – the second largest contributor to the cyberskills shortage, according to the latest (ISC)2 Cybersecurity Workforce Study.
In this era of technological evolution, challenges are inevitable, but real business leadership means making informed decisions amid the uncertainty. With a security-focused approach and an open mind, technology leaders can confidently navigate the AI landscape and seize new business opportunities, all while maintaining consumer and employee trust through secure practices.