Back to all resources
As with all tech innovation, generative AI’s ability to expand business value and increase operational efficiency can be accompanied by an inverse expansion of risk. Externally, threat actors leverage AI to attack AI-enhanced cybersecurity tools, leading to an AI vs. AI dynamic that has forced cybersecurity to become pre-emptive, not just preventative. Internally, shadow AI and indiscriminate use of AI tools and platforms can also broaden an organization’s threat surface.
In both cases, being discerning about what generative AI tools to use and when is vital to ensuring a robust cybersecurity stance.
This article will explore the risks of indiscriminately leveraging generative AI in business and offer suggestions on when to use—and not use—generative AI tools.
Internal Risks of AI in Business: Shadow AI
Shadow AI, or the use of unapproved AI tools without a company’s knowledge, is rapidly becoming a serious issue in many organizations as employees begin using generative AI-based technology to enhance their performance.
According to a 2024 survey of 150 IT security leaders by HiddenLayer, 61% report shadow AI as a problem within their organizations. Surprisingly, 75% of those security leaders see the threats posed by unauthorized use of third-party AI tools as greater than already-existing cyber threats faced by an organization.
Shadow AI use can lead to proprietary data and IP being fed into external databases. Answers, predictions, and reports may include wildly inaccurate information. Many security vulnerabilities can be inadvertently created by well-meaning but ill-prepared employees, such as when they use a generative AI platform to generate passwords. As generative AI evolves to go beyond aggregating and informing users to take action, internal company risks will only grow.
The solution is not to simply ban AI. The pervasive use of shadow IT in many companies illustrates how bans are, at best, temporarily effective and, at worst, a waste of valuable company resources.
A better solution is to add AI information and education to an organization’s cyber hygiene training program. Reasonable monitoring guardrails may also need to be employed, such as checking employee credit card charges for unauthorized software purchases.
Secondly, accept and embrace the fact AI in business is here to stay. Identify what specific AI-based tools are useful to employees, vet them for risk, and encourage employees to use software, platforms, or tools that pass the test. This creates an internal employee culture in which good cyber hygiene is a matter of course for all employees and is no longer siloed as an “IT issue.”
Finally, balance security with efficiency. If an internal process, such as creating a report or drafting a memo about a developing product, can be done more securely without the assistance of generative AI but also may take longer, the extra time taken in the short run may be worth the time saved dealing with a security breach. Knowing when not to use AI in business is just as important as knowing when to use it.
Using Gen AI for External Risks
Understanding how to use generative AI tools is no longer optional. Nowhere is this more true than in an organization’s cybersecurity suite.
These tools fill a dangerous gap left by the chronic shortage of cybersecurity professionals. Automated, AI-enhanced tools are the only way to keep up with today’s threat actors, who maliciously use generative AI to create adaptive and evolving threats.
This is where AI in tech has the greatest potential to enhance organizational cybersecurity. Simply assessing the number of endpoints and analyzing potential entry points into a network will no longer suffice to keep a business safe.
Machine learning is evolving into deep learning. This has led to the creation of AI security solutions that react to malware in milliseconds, sometimes before an attack even occurs. Some of these tools will then adapt in real time to prevent potential future attacks. Thus, the peace of mind that stems from automated, continuous monitoring increases with the knowledge that real-time evolution and adaptation to threats is pre-empting them altogether.
Discretion Remains the Better Part of Valor
That said, as with internal processes, there may be times when other components of a comprehensive security approach will not benefit from the use of generative AI. As of yet, there is no advanced technology that can simulate a physical break into a secure section of a building or fully replicate human social engineering (though some platforms with voice-mocking technology are rapidly approaching this point). Though an AI solution may exist, that does not mean it is the right solution for a specific set of high-priority vulnerabilities.
Assessing the correct generative AI tool for your organization’s cybersecurity approach is crucial. Not all generative AI is the same. Technology that uses machine learning rather than deep learning processes is just one example of a key difference. Yes, an organization’s holistic cybersecurity approach will increasingly include generative AI tools. However, what specific tools to use and where to direct them remain important determinants of how robust a security profile is.
Remove the Guesswork with CyVent
CyVent protects organizations using an overarching philosophy of holistic cybersecurity. Our team of former CISOs, senior line executives, academic thought leaders, and cybersecurity technologists leverages their collective expertise to assess cybersecurity tools, vet potential technology partners, and ultimately create a comprehensive solution specifically designed for the environments they serve.
Whether it’s the latest generative AI monitoring platform or a comprehensive, all-in-one cybersecurity suite like Haven, our team has fully investigated and assessed all cybersecurity solutions to ensure they’re a good fit for our clients.
Gain peace of mind knowing you have the right tools to protect your organization in place by contacting CyVent today. It takes just one click to schedule a completely confidential call with me and the CyVent team!
~Yuda
Share
