The age of AI is upon us – the role of the CISO in shaping the AI security debate
Undoubtedly, 2023 will be looked back on as a pivotal year for artificial intelligence (AI). The emergence of ChatGPT and the surge of interest in generative AI has catapulted the subject into the public eye and elevated the issue to the attention of business leaders and governments alike.
Central to the AI debate are security concerns.
The AI revolution opens up exciting new possibilities but as frontiers expand, so do the associated security risks. President Biden’s Executive Order on safe, secure and trustworthy AI and the EU’s impending AI Act are two major pieces of legislation seeking to harness AI’s transformative power while ensuring that security concerns are adequately addressed. In the UK, the AI Safety Summit at Bletchley Park brought together some of the industry’s greatest minds in an effort to determine how to manage the risks of the most recent advances in AI. For now though, there are still a lot of grey areas.
AI’s complexity and innovative nature present several big questions, and its value proposition remains to be determined. In other words, is the risk associated with AI currently worth its potential rewards? Then, of course, there’s the compliance debate. To truly reach its potential AI must leverage vast pools of data. How can businesses make the most of new tools while protecting sensitive customer and employee data? With the new NIS2 cyber regulation coming into force in October 2024, with hefty financial penalties attached, there is very little margin for error.
Alan Jenkins, Trusted Advisor & Interim CISO says AI can be both a threat and an opportunity. We in Cybersecurity tend to look on the downside risks from things but something like AI is a dual-use technology that will be – if not already is – useful to Cyber Defenders as well as Attackers.
Amar Patel, Chair of IoCR, brings a positive view on the AI topic Despite AI challenges, I’m optimistic. With the right balance and some smart regulation, I think we can make the most of AI in keeping our digital world secure. It’s about being vigilant and adapting to new threats, but that’s what keeps this field so exciting!
Matthew Thompson, Independent Responsible AI researcher predicts We need to prepare for Artificial Capable Intelligence. In practical terms, we will see this via the development and deployment of AI systems agents. They will have various levels of Autonomy and Operational Scope and need clear risk management and transparency of actions.
This is both an opportunity and a threat, the crux is whether we develop and deploy these responsibly.
Many companies will also be evaluating how best to leverage AI for defensive cybersecurity purposes, and cyber threat actors will never cease to find ways to use it for nefarious purposes. Add to this a skills shortage and the need to train employees on emerging AI technologies, and there is a lot to be ironed out before AI can be truly leveraged to its full potential.
The role of CISOs and cyber security leaders
CISOs and senior cyber security leaders will play a critical role in determining whether AI is ultimately a threat or an opportunity for businesses, and the ClubCISO community is central to the future direction of this critical technology.
Our initial canvassing of opinion within the ClubCISO community points to a sense of optimism and confidence amongst members that we can make the most of AI while keeping our digital world secure with the right balance and some smart regulation. In the right hands, AI can lead to incredible advancements, but in the wrong hands, it could be quite destructive. As security leaders, we will be looked to for guidance on how best to use develop and, in particular, utlise AI tools responsibly and ethically.
AI is here to stay. Rather than viewing it as a threat, we should embrace the opportunities it offers, evaluating its use with the same caution applied to any digital risk. Erhan Temurkan, CISO at Fleet Mortgages concludes.
Making your voice heard
As the technology evolves, the insights from ClubCISO can shape and define industry debate around AI security. Your individual expertise and contributions to this community over the years have helped make the Information Security Maturity Report a seminal piece of industry research, and over the past few years, we’ve seen your insights gaining momentum with the media.
Your Call to Action!
With such a pivotal issue as AI security, there is a significant opportunity to capitalise on the media interest and further cement your collective voice within the discussion. In the coming weeks, we’ll be issuing a series of short surveys around the big AI security debate, and your support in contributing to the survey would be invaluable. Stay tuned for more information in the next few weeks.