Every year, we see new artificial intelligence (AI) breakthroughs. First, we saw AI triumph in chess. Next, AI has moved to success in other games like GO. Companies have noticed and have started to adopt AI. Research from IDG found that 41% of companies are currently using AI in some form. From an IT security perspective, this increasing adoption means we must deal with AI thoughtfully.
How To Avoid “Crying Wolf” In AI and Security
In the IT security profession, it is natural to be on alert for new threats. You probably check websites every week to detect new software vulnerabilities. However, you need to be thoughtful about how you talk about AI to your senior leadership. If you sound the alarm about AI without thinking through the issues, you are going to lose credibility.
To avoid losing face in front of your managers and peers, you need some tools to assess AI. We recommend thinking about AI in IT security from two perspectives. First, view it from a risk assessment perspective – determine how AI and machine learning can threaten your organization. Second, evaluate the benefits of AI to your organization. To guide you through the process of assessing AI, we have developed five guiding questions for you.
You can use these questions on an annual, quarterly or even monthly basis to measure AI’s changing impact on your cybersecurity.
Five Simple Self-Assessment Questions To Evaluate AI’s Impact On Security
1) Where is the organization currently using AI and machine learning internally, and how is it being used?
Since there are no universally accepted definitions for AI and machine learning, you need to start by gathering information. In our experience, many organizations are currently using AI to optimize marketing and sales. However, your organization may be experimenting with AI in other ways.
2) Which of our vendors and third parties are using AI and machine learning, and how is it being used?
Most of the world’s largest technology companies are already using AI and machine learning. That includes Google, IBM, Microsoft and other technology firms you rely on each day. Make it a priority to check with your technology suppliers to understand how they are used AI today. Note that AI and machine learning may be embedded in other products, so it is not good enough to review a product list.
3) How explainable are your organization’s AI operations?
Many AI tools operate like a black box – a system that generates results without any clear explanation. From a security and risk standpoint, this type of mysterious outcome is problematic. In the event of an IT security problem, you are going to have problems because you will struggle to get a root cause explanation. This risk is even higher for AI tools that are used to manage IT security.
4) Have you completed IT security tests related to your AI tools?
Like any other part of your technology infrastructure, it is essential to assess AI for security threats periodically. For instance, does your AI system uncritically accept user input? If so, it may become vulnerable to SQL attacks and other classical security threats. Until you assess AI tools, it is dangerous to make assumptions about their security implications.
Tip: What if you have a large number of AI tools to evaluate? To prioritize your resources effectively, we recommend focusing on AI tools that interact with high-risk data such as customer data and financial data.
5) What AI tools do the IT security team have available?
So far, we have considered AI from the perspective of risk and threats. That is just one side of the coin. You also need to look at ways that AI can benefit your organization. To reduce the risk of AI in IT security, we recommend considering narrow band AI. This type of AI is specialized in a specific range of tasks like responding to users about their orders. In the IT security context, narrow band AI is a perfect way to handle administrative tasks like password resets.
You Have Three Ways To Get Started With AI In IT Security
Now that you have a better understanding of AI’s current role in your organization, you have some choices to make. Broadly speaking, there are three options to manage IT security in the age of AI.
1) Business As Usual
In the short term, you might choose to ignore AI’s impact. This is a reasonable choice if your answers to the five questions in this article reveal minimal use of AI. However, we suggest reviewing the questions twice per year to see if your environment changes.
2) AI Avoidance
If you encounter a significant number of “black box” AI tools, you may decide to avoid AI as much as possible. Since other companies are increasing their AI adoption rates, this is not a sustainable strategy.
3) Leverage AI To Improve Security
The third and best option is to look for strategic ways to harness the power of AI to improve security. For example, use a security software solution like Apollo to handle password resets. With this approach, the IT security team will have more capacity to carry out other activities. For instance, if you can save four hours of work per week using Apollo, that means more time to carry out AI security risk vulnerability assessments.
What Else You Need To Manage In IT Security While artificial intelligence is a new threat in IT security, it is important to take a balanced approach. You also need to regularly monitor other security risks like inactive user accounts. To keep up with these emerging risks, we recommend a simple solution. Set aside two 30-minute appointments on your calendar each week. In the first block, review internal security reports like monitoring reports generated by your analysts, feedback from managers and alerts from security apps. In the second block, scan for new threats like AI and other technologies that may disrupt your environment. By practicing constant vigilance, you will be more likely to avoid a security incident.