The Emergence of AI In the Enterprise: Know the Security Risks

As is often the case with any new, emerging technology, using AI comes with security risks, and it's essential to understand them and impose the proper guardrails around them to protect company, customer, and employee data.
There are real, tangible risks businesses must address today, as AI/AGI is a relatively immature technology actively making its way into the corporate environment.
Specific to ChatGPT, there are many unknowns regarding its ongoing evolution and how it impacts data and information security.
Even if an organization secures its connectivity to OpenAI, it is challenging to ensure data protection, particularly granting the tremendous data troves gathered by ChatGPT. In late March, OpenAI disclosed a data breach that exposed portions of user chat history as well as personal user information including names, email/payment addresses, and portions of credit card data over a nine-hour window.
Samsung employees also leaked sensitive data into the ChatGPT program; as a result, Samsung lost control of some of its intellectual property.
These issues highlight the vulnerability of the product and raise serious concerns about the security of sensitive information that businesses, knowingly or unknowingly, entrust to ChatGPT. As with all third parties, these platforms must be vetted and their vendors contractually bound to protect the data to your organization's standards before being permitted access to it.
The security issues also underscore the legal obligations of organizations to secure their own and their clients' data.
Law firms with attorney-client privilege and those subject to regulations such as the Health Insurance Portability and Accountability Act and the EU's General Data Protection Regulation are particularly affected.
Organizations must ensure the security and privacy of their information.
The lack of clarity and transparency around how data is being handled creates a real risk for businesses using ChatGPT. Yet, lacking direct action by IT or security teams to impose controls, users can easily copy and paste data of any level of corporate sensitivity into the platform, without their organization's knowledge or consent.
Fortinet, Palo Alto Networks, Cisco, and other security vendors have not yet created holistic lists that include all the OpenAI and ChatGPT options available.
To mitigate the risks of AI tools, organizations need to take a proactive approach.
They should conduct thorough risk assessments to understand their exposure and ensure that appropriate security measures are in place, such as encryption, access controls, data leakage protection, and active monitoring.
Though powerful and seemingly useful, organizations must not allow ChatGPT and similar tools access to their systems and data until they can clearly understand the risk inherent in them and can control against or accept those risks.
As AI and technologies like ChatGPT and Bard are evolving at a lightning pace, continuously securing these iterations will certainly provide new challenges for both organizational IT and security researchers.
There continues to be much debate about the risk vs. reward of AI/AGI in enterprise settings.
Clearly, a tool that produces instant data, content, and analysis provides value; whether the risks can be contained, controlled, and managed to a sufficient degree to justify these rewards will be tested over time.
While the fear of AI evolving into Terminator or Skynet is certainly fun to hypothesize, the immediate risk is to today's data and customers' networks.
It is essential to prioritize data security to protect our organizations and the clients we serve.
He has over 25 years of expertise as an information technology consultant, with a focus on aligning IT strategies to current and future organizational goals, developing cloud migration and security strategies, and helping services businesses get laser focused on the security and efficiency needs of their clients.


This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Thu, 14 Dec 2023 06:13:05 +0000


Cyber News related to The Emergence of AI In the Enterprise: Know the Security Risks

CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
The Imperative for Zero Trust in a Cloud-Native Environment - The security policy is dynamically updated with the changes of users, devices, data and external risks. Due to the dynamic, containerized and microservice characteristics of cloud-native environments, traditional boundary security protection policies ...
1 year ago Securityboulevard.com
Lost in Translation: Mitigating Cybersecurity Risks in Multilingual Environments - With increased connectivity and linguistic diversity comes a new set of cybersecurity risks. This article will delve into the unique cybersecurity challenges in multilingual environments, focusing on solutions and best practices to mitigate such ...
1 year ago Cyberdefensemagazine.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM - With the rapidly evolving threat landscape and complexity of interconnected applications, identifying real, business-critical application risks is more challenging than ever. Application security teams need a better solution than their current siloed ...
1 year ago Helpnetsecurity.com
The Emergence of AI In the Enterprise: Know the Security Risks - As is often the case with any new, emerging technology, using AI comes with security risks, and it's essential to understand them and impose the proper guardrails around them to protect company, customer, and employee data. There are real, tangible ...
1 year ago Cyberdefensemagazine.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
2 months ago Cyberdefensemagazine.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
7 months ago Blog.checkpoint.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
11 months ago Techtarget.com
Stress-Testing Security Assumptions in a World of New & Novel Risks - The most devastating security failures often are the ones that we can't imagine - until they happen. Prior to 9/11, national security and law enforcement planners assumed airline hijackers would land the planes in search of a negotiated settlement - ...
5 months ago Darkreading.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
1 year ago Esecurityplanet.com
Top 10 Cybersecurity Interview Questions and Answers - Interviewing for a job in information security can be daunting. According to security experts, memorizing hundreds of terms isn't the ticket to a successful interview for a cybersecurity job. The best candidates have a sense of what they want to ...
5 months ago Techtarget.com
CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
3 years ago
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com
Continuous Vulnerability and Exposure Management: Unifying Detection Assessment and Remediation for Elevated IT Security - A typical enterprise Security Operations Center employs a diverse array of security tools to safeguard against cyber threats. This includes Security Information and Event Management for log analysis, firewalls for network traffic control, and ...
10 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)