AI: Security risk versus business reward in a hybrid working world

Global, Jul 22, 2024

This article was first published in Forbes July 18, 2004

Since the pandemic, flexible working has become the new norm-whether fully remote or using a hybrid model, the majority of global workers today expect some degree of flexibility. That has meant a significant shift in infrastructure and new security considerations for many organizations.

Today's employees have access to multiple devices and operating systems-and not all of which are necessarily in the control of organisations. My company's recent global CIO survey found that "of the 83% of CIOs who experienced cyber-attacks in the last 12 months, only 43% feel prepared for another breach." AI is reshaping cybersecurity, both as tools for defenders and as weapons for attackers, and that is only exacerbated by an increasingly remote workforce. I believe CIOs and IT leaders need to strike the balance in managing this.

The AI Era

The transformative potential of AI is enormous, particularly with the advancements in quantum computing and generative pre-trained transformers (GPTs) and their potential to boost business efficiencies through automation. The technologies are also fast becoming crucial tools for CIOs and IT leaders to bolster their security with the ability to identify and triage cyber threats.

AI can scan systems and codebases to identify potential vulnerabilities, and generative AI can predict and design potential exploits, even for Zero Day vulnerabilities where previously hackers were able to exploit security flaws before developers have a chance to fix them. More importantly, AI offers the benefit of being able to automate specific security responses, such as isolating infected machines or blocking suspicious traffic, which should accelerate reaction times and help businesses contain attacks early.

Still, AI and generative AI introduce new risks for businesses, too. A recent World Economic Forum report highlights that advancements in adversarial capabilities, such as convincing phishing emails, tailored social media posts, malware, and deepfakes, pose the most significant cyber threat from generative AI. Generative AI may also enable attackers to develop Zero Day ransomware, which can cause significant financial and reputational losses for organizations. It also poses the risk of employees inadvertently leaking sensitive data when using public GPTs.

AI is becoming a crucial tool for cybercriminals, and the threat has only been enhanced by geopolitical instability and a global skills shortage. Risks no longer exist in silos, and CIOs and IT leaders need to think about their entire digital footprint to limit business consequences. With "anytime, anywhere" working here to stay, proactive steps need to be taken to protect our workplaces, connectivity and cloud infrastructure.

Securing the workforce: Anytime, anywhere

Device security is one of the biggest cyber threats businesses face, particularly as the definition of "workplace" becomes more divergent. Reports of employees being "tricked" into giving away sensitive business and customer data as a result of AI deepfakes are becoming more common.

At the same time, hybrid and remote working also means that networks need to be able to support IoT, 5G and edge computing.

Meanwhile, the infrastructure needed to successfully support remote workforces means complex hybrid cloud environments also need to be secured. According to the PWC Global Digital Trust Insights Report, the hybrid cloud is the top security concern for nearly half of all organizations.

As threats grow in scale and sophistication, it's important to rethink your company's approach to security. To do that, it's important to consider:

1. How you stay on top of emerging threats: Cyber security threats are not only on the rise, but they are also getting increasingly more sophisticated. To mitigate this risk, you need to ensure that teams are going through continuous training to stay ahead.
2. Fostering a culture of security: It is not just the tech teams that need to stay across security risks. Employees across the whole organization need to be alive to the latest types of threats. With AI enhancing the sophistication of threats such as phishing emails, you need to use training and insights to foster a culture of security across the whole organisation and at every level, particularly in a hybrid working world.
3. Preparation, preparation, preparation: A key tool in managing the threat of AI is through modelling and simulations. Regularly running simulation tests and tabletop exercises helps employees put into practice all that they learn through training. It will also help your IT teams understand where the gaps are so they can be filled before a real threat arises.
4. Putting security first at every stage of the organisation: To ensure security at every level, CISOs should be involved in digitization projects from the very beginning.
5. Working with a partner: Working with the right strategic security partner can not just stave off threats but secure future business success. My company's survey found that in the past year, there has been a 300% surge in demand globally for AI-ready managed security services to help ensure employees are protected wherever they are in the world. You need to look for a partner that will help you by enhancing the tools and expertise needed to safeguard your organisation and integrate security across your infrastructure.

When it comes to AI, the opportunities are immense but so too is the risk. In order to leverage the benefits whilst also limiting the risks they pose, business leaders need to take an intelligent approach to security. Only then can they ensure that their infrastructure is properly protected, particularly as workforces become increasingly disparate with more and more employees working outside of the 'traditional' office environment.