Blogs

Navigating the global cybersecurity landscape with generative AI

Published on May 29, 2024

Table of Contents

The digital era has fundamentally changed how industries worldwide operate. To stay competitive, businesses are turning towards new innovative technologies and leveraging generative artificial intelligence (GenAI) solutions to augment productivity and streamline operations. However, with massive leaps of progress aided by GenAI, come new challenges for organisations, specifically in the critical area of cybersecurity.

The rise of GenAI in the workplace

GenAI tools, such as ChatGPT, Copilot for Microsoft 365 and DALL·E, are transforming workplaces and workers are embracing these new tools, as confirmed by a study referenced by the World Economic Forum where AI had a staggering 70% adoption rate in the workplace among 30,000 employees surveyed in 23 countries. The use of GenAI tools in workplaces is also soaring higher every month, inclusive of ChatGPT which hit a new traffic high in February 2024, with 208.8 million visits or an 87% year-over-year increase.

Human reasoning, one could argue, will always be necessary to manage and oversee any aspect of AI integration but it is clear that the benefits are tremendous and that GenAI is here to stay. A report by McKinsey & Company found that GenAI will play a pivotal role in the productivity of businesses, leading to adding trillions of dollars in value to the worldwide economy and could even lead to the automation of employee tasks that absorb 60 to 70 per cent of their time today.

While GenAI and AI tools offer numerous benefits, there is also less than desirable outcomes, especially in terms navigating cybersecurity.

Leaders worry about GenAI’s effect on cybersecurity

The rise of GenAI has also given birth to new global cybersecurity concerns with roughly 71 per cent of senior IT leaders who indicated that they believe GenAI technology is introducing new security risk to their data. Forbes has described GenAI as a “game-changer”, allowing for hackers to use machine learning for a variety of nefarious deeds, including hacking code, affecting not only individuals but businesses.

However, one option available to businesses is to fight AI with AI. According to Gartner, 34 per cent of organisations are currently employing artificial intelligence (AI) application security tools to help stop GenAI risks in their tracks and another 56 per cent of surveyed individuals said they are reviewing these new solutions. Though, leaders should take precautions to be aware of the data security protocols of each GenAI tool they use.

The security model of GenAI tools, such as Copilot

Copilot for Microsoft 365 has emerged as a leader as one of the most used GenAI tools globally. In terms of its numerous measures to guarantee data security, the platform runs on tenant isolation and only uses data from the present user’s Microsoft 365 tenant, guaranteeing no cross-tenant data leaks. Training boundaries are established to block business data from being exploited to train the foundational Large Language Models (LLMs) that Copilot for Microsoft 365 uses. Additionally, Copilot surfaces all organisational data to which unique users have at minimum view permissions, thus preserving data integrity.

Even with these security measures in place, according to Microsoft Copilot’s data security documentation, it’s critical that users employ “the permission models available in Microsoft 365 services, such as SharePoint, to help ensure the right users or groups have the right access to the right content within your organisation.”

Employing the principle for Copilot of the lowest degree of privilege in Microsoft 365, safeguards access and acts as a gatekeeper to ensure that entrance is limited, which is tied into protecting enterprise data and data labelling.

The challenge of data labelling

One of the main obstacles in the secure adoption of GenAI tools like Copilot for Microsoft 365 is data labelling. Microsoft specifically relies strongly on sensitivity labels to enforce Data Loss Prevention (DLP) policies, apply encryption, and inhibit data leaks. Sensitivity labels can also offer an additional level of protection when used on content. Despite its effectiveness, the biggest blocker to utilising data labelling is that maintaining correct labelling can be arduous, especially due to the volume of data produced by AI tools.

How does data governance fit in with GenAI?

To ensure that GenAI is fit-for-purpose for businesses and that they remain secure, a comprehensive data governance and privacy framework must be in place to protect the data AI has access to and to remain compliant. By combining tightened data access measures, employing data encryption, utilising data anonymization techniques, all of these actions will support that businesses stay compliant with acts, such as Australia’s Privacy Act of 1998, and the European Union’s General Data Protection Regulation (GDPR).

Further, PricewaterhouseCoopers (PwC) suggests an effective Responsible AI (RAI) strategy bolstered by data classification and tagging. To help optimise these particular tasks, involved parties can use AI to automate the organisation and labelling of data by its context, content, and sensitivity, while administering data governance strategies to guarantee proper data treatment, including an easier data discovery and retrieval process.

Are businesses prepared for global GenAI adoption?

As businesses set out to harness the power of GenAI and more automated tools become widely available, leaders must prepare for all of the complexities that will arise, including cybersecurity challenges, strategies, and safeguards. By grouping all sensitive AI-generated content, checking that labels are properly applied, enforcing least privilege permissions, and constantly supervising sensitive data, businesses can be more in control of their data governance and potentially limit GenAI vulnerabilities.

Table of Contents

Featuring
William Lam
Group Innovation Director
Related posts

Enter your details to subscribe

Get Experteq exclusive monthly thought leadership, insights, latest trends, and customer spotlights directly in your inbox.

Subscriber form
Acceptance

Please enter your details to download

Web download
Acceptance

Enjoy your read?

Subscribe and get Experteq exclusive monthly thought leadership, insights, latest trends, and customer spotlights directly in your inbox.

Subscriber form
Acceptance