{"id":45048,"date":"2023-07-21T07:07:23","date_gmt":"2023-07-21T11:07:23","guid":{"rendered":"https:\/\/centricconsulting.com\/?p=45048"},"modified":"2023-07-20T13:09:51","modified_gmt":"2023-07-20T17:09:51","slug":"ai-and-security-is-your-organization-ready","status":"publish","type":"post","link":"https:\/\/centricconsulting.com\/blog\/ai-and-security-is-your-organization-ready\/","title":{"rendered":"AI and Security: Is Your Organization Ready?"},"content":{"rendered":"<h2 style=\"text-align: center;\">In this segment of \u201c<a href=\"https:\/\/centricconsulting.com\/blog\/office-optional-a-column-by-larry-english\/\">Office Optional with Larry English<\/a>,\u201d Larry explains what your AI security plan should include and why you should be thinking about it now.<\/h2>\n<hr \/>\n<p>In late May, an image showing thick, black billows of smoke rising from the headquarters of the U.S. armed forces building near the Pentagon popped up on a prominent social media platform.<\/p>\n<p>The photos were determined to be a false report of an explosion near the federal building. Local and national officials quickly refuted the claim, but the post was still shared nationally and internationally in investment circles causing the S&amp;P 500 to drop, albeit briefly, before a rebound. <strong>The image, and other similar images with claims of a White House explosion, were likely created using generative AI.<\/strong><\/p>\n<p>Only days later in an <a href=\"https:\/\/www.safe.ai\/statement-on-ai-risk\" target=\"_blank\" rel=\"noopener\">open letter<\/a> signed by more than 350 AI experts and public figures, industry leaders warned that \u201cmitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks, such as pandemics and nuclear war.\u201d<\/p>\n<p>None of this is meant to scare business leaders, but to illustrate a few key points:<\/p>\n<ol>\n<li><strong>Generative AI is already here, and there\u2019s no turning back.<\/strong> Even reigning it in will be difficult. Creating a culture of AI awareness and preparing your team will be critical in navigating unchartered waters.<\/li>\n<li><strong>Legislative guardrails will take time to develop in the United States.<\/strong> We can\u2019t wait for legislation before creating plans around AI\u2019s use, implementation, security, or disaster response. Companies need to realistically assess threats and build defenses now.<\/li>\n<li><strong>For bad actors, AI has significantly lowered the barrier to entry.<\/strong> Those who have bad intentions but who didn\u2019t before have the technical know-how or intelligence to carry out attacks can now engineer something that looks and sounds authentic.<\/li>\n<\/ol>\n<p>Business leaders should ask themselves, \u201cIs my organization ready, and if not, how can I prepare?\u201d<\/p>\n<h2>AI Security Considerations for Enterprises<\/h2>\n<p>A generative AI platform, Writer, <a href=\"https:\/\/www.prweb.com\/releases\/nearly_half_of_senior_leaders_believe_colleagues_have_inadvertently_shared_corporate_data_with_chatgpt\/prweb19332734.htm\" target=\"_blank\" rel=\"noopener\">recently revealed<\/a> nearly half of senior executives believe corporate data has been unintentionally shared with ChatGPT, the most widely used generative AI platform among enterprises. These concerns aren\u2019t baseless.<\/p>\n<p>In fact, cybersecurity veteran David Lefever, founder, principal and CEO of The Mako Group and one of Centric Consulting\u2019s business partners, has found that today, many business leaders are concerned with an increasing number of threats.<\/p>\n<p><strong>Among those is \u201cleaky data,\u201d or the unintentional sharing of information with a third-party system without proper documentation and authorization.<\/strong> This can lead to privacy breaches, invalid and unreliable information, accidental security risks, and other threats.<\/p>\n<p>At a minimum, all AI security plans should include:<\/p>\n<ul>\n<li><strong>Vulnerability management:<\/strong> Zero-day attacks could become more commonplace as AI enables cyberattacks to be found more rapidly. As its name implies, this type of attack means there are zero days between the time a vulnerability is discovered and when an attack takes place.<\/li>\n<li><strong>Fraud and threat detection:<\/strong> AI can enable advanced fraud. Fraud and threat detection are key to creating a cybersecurity program that reduces the risk of an attack and minimizes impacts should one happen.<\/li>\n<li><strong>Continuous penetration testing:<\/strong> Conducting internal and external penetration testing isn\u2019t one-and-done. Company leaders are starting to realize that even quarterly testing is not enough and that ongoing monitoring is required.<\/li>\n<li><strong>IP risks:<\/strong> Generative AI poses unique IP risks in that your information could be exposed without your knowledge. Further, if you ask an AI tool to create something and use it, you may be inadvertently infringing on trademarks or copyrights of other companies.<\/li>\n<li><strong>Monitoring and maintaining compliance:<\/strong> Protecting data isn\u2019t simply an expectation, it\u2019s now becoming law. Monitoring and maintaining compliance are other important considerations in your organization\u2019s overall security strategy.<\/li>\n<\/ul>\n<h2>How to Prepare for AI Security Impacts Now<\/h2>\n<p>The best ways to prepare for the security implications of artificial intelligence are to educate, create governance, remain vigilant and plan for recovery in case of a breach:<\/p>\n<h3>Create Security Awareness Across Your Organization<\/h3>\n<p>With any risk or vulnerability, there\u2019s a software component and a people component. To <a href=\"https:\/\/centricconsulting.com\/blog\/executives-top-14-chatgpt-faqs-an-ai-curated-resource\/\">successfully leverage AI<\/a> in a secure manner, your organization will have to address both, starting with creating awareness and providing comprehensive and ongoing training for the workforce.<\/p>\n<p>\u201cAI can create such convincing content to the average person that it\u2019s going to be difficult for them to discern what\u2019s real without intensive training,\u201d Lefever said. \u201cSocial engineering approaches will become much more sophisticated and convincing, and it will require teaching the workforce to be critical thinkers around security.\u201d<\/p>\n<p><strong>Communicating policies, guidelines, best practices and updates to these living documents will be critical in creating and maintaining a security mindset.<\/strong><\/p>\n<h3>Set Up AI Guardrails and Governance<\/h3>\n<p>A key part to creating a security mindset is establishing a governance plan that promotes the responsible and ethical use of AI tools while helping ensure compliance and managing risk in a continually evolving landscape.<\/p>\n<ul>\n<li>Designate a cross-functional AI governance committee<\/li>\n<li>Define AI guidelines and best practices<\/li>\n<li>Establish a decision-making process for using AI<\/li>\n<li>Audit AI tool usage and monitor performance.<\/li>\n<\/ul>\n<h3>Provide a Safe Environment for Your Team to Be Innovative<\/h3>\n<p>Every company and employee has a certain level of responsibility when they begin interacting with AI tools. <strong>Organizations should promote innovation while ensuring secure collaboration.<\/strong><\/p>\n<p>In cybersecurity, this is often known as a \u201csandbox,\u201d or a place to execute ideas separate from network resources production systems and infrastructure that could otherwise be impacted. These testing environments can also be used to test solutions or custom code before deploying it to a broader audience.<\/p>\n<p>Companies should not only provide a safe place to explore these tools and their capabilities, but they should also make sure employees know about the space and encourage them to make use of it.<\/p>\n<h3>Continually Perform AI Risk Assessments<\/h3>\n<p>As AI usage climbs, companies should frequently conduct penetration testing. Leaders must also provide their teams with tools to help determine human vs. AI-generated content.<\/p>\n<p>Keep close tabs on your technology investments and build in tools that screen and flag <a href=\"https:\/\/centricconsulting.com\/blog\/creating-a-chatgpt-content-policy-best-practices-for-using-chatgpt\/\">AI-generated content<\/a> in communication such as emails, which are used to create phishing and other scams. Other new and evolving technology can help teams better catch and guard against malware and bad code.<\/p>\n<p>It\u2019s also important to reevaluate current technology you\u2019re using to ensure it can support the sophistication AI brings.<\/p>\n<h3>Create an AI Incident and Disaster Recovery Response Plan<\/h3>\n<p>No matter how <a href=\"https:\/\/centricconsulting.com\/blog\/blog-series-adopting-zero-trust-security-for-maximum-protection\/\">proactive you are with cybersecurity<\/a>, you\u2019re never 100 percent \u201csafe.\u201d Bad actors, or even employee mistakes, can sneak in and cause damage to even the most diligent companies. <strong>CIOs and business leaders must plan for an AI incident and plan appropriate responses.<\/strong><\/p>\n<p>Lefever suggested attending or hosting an incident response or disaster recovery tabletop where you present several scenarios and brainstorm together how they might be managed. \u201cResponse scenarios should represent realistic but challenging threats, resulting in better communication and more mature controls. The key is to challenge your leadership team to think through scenarios and execute swiftly with a well-planned response,&#8221; he said.<\/p>\n<p>Depending on the security framework your company has in place, you may have to not only expand your process or framework but expedite the process to build maturity more quickly than you originally planned.<\/p>\n<h3>Security Impacts From AI Aren\u2019t Inevitable<\/h3>\n<p>While we will continue to hear about attacks and security breaches from bad actors with malicious intent, it\u2019s important to remember the proverb \u201can ounce of prevention is worth a pound of cure.\u201d<\/p>\n<p><strong><a href=\"https:\/\/centricconsulting.com\/blog\/ai-adoption-how-to-navigate-and-establish-ai-governance-security-and-ethics\/\">Governance, defined policies, guidelines and best practices<\/a>, communication, a clear decision-making process, and regular audits are all ways to help minimize security risks when leveraging AI tools.<\/strong><\/p>\n<p>Create living documents and response plans with an understanding that they can (and will) change rapidly over the next several years. And don\u2019t be afraid to ask for help from an outside expert. If there\u2019s one thing business leaders have learned over the past three years, it\u2019s that we\u2019re all in this together, and by supporting one another, we can create a secure business landscape where innovation thrives.<\/p>\n\n        <div class=\"inline-cta purple\">\n            <div class=\"inline-cta--content\">\n                Our white paper explains an effective system to ensure you always keep a human in the loop when implementing AI.\n            <\/div>\n            <div class=\"inline-cta--button\">\n                <a\n                    class=\"button\"\n                    href=\" https:\/\/centricconsulting.com\/resources\/collaborative-intelligence-an-ai-powered-system-that-puts-humans-in-control\/\"\n                    target=\"_blank\"\n                    >\n\n                    Get It Here\n                <\/a>\n            <\/div>\n        <\/div>\n<p><em><a href=\"https:\/\/www.forbes.com\/sites\/larryenglish\/2023\/06\/16\/ai-and-security-is-your-organization-ready\/?sh=2a15b74a530f\" target=\"_blank\" rel=\"noopener noreferrer\">This article was originally featured on Forbes.com.<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this segment of \u201cOffice Optional with Larry English,\u201d Larry explains what your AI security plan should include.<\/p>\n","protected":false},"author":41,"featured_media":45051,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[1],"tags":[19112,20871],"coauthors":[15095],"class_list":["post-45048","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-artificial-intelligence","tag-office-optional","resource-categories-blogs","orbitmedia_post_topic-artificial-intelligence","orbitmedia_post_topic-office-optional"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2024-09-13 14:19:22","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"_links":{"self":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/45048"}],"collection":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/comments?post=45048"}],"version-history":[{"count":0,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/45048\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media\/45051"}],"wp:attachment":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media?parent=45048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/categories?post=45048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/tags?post=45048"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/coauthors?post=45048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}