To mitigate the risks of AI tools, organizations need to take a proactive approach. They should conduct
            thorough risk assessments to understand their exposure and ensure that appropriate security measures
            are in place, such as encryption, access controls, data leakage protection, and active monitoring. Proper
            policies must be defined and approved. Until such policies and controls are in place, the use of ChatGPT
            and similar tools must be blocked—just as they would (or should) any other non-approved IT system.

            Though powerful and seemingly useful, organizations must not allow ChatGPT and similar tools access
            to their systems and data until they can clearly understand the risk inherent in them and can control
            against or accept those risks. And, as AI and technologies like ChatGPT and Bard are evolving at a
            lightning  pace,  continuously  securing  these  iterations  will  certainly  provide  new  challenges  for  both
            organizational IT and security researchers.

            There continues to be much debate about the risk vs. reward of AI/AGI in enterprise settings. Clearly, a
            tool that produces instant data, content, and analysis provides value; whether the risks can be contained,
            controlled, and managed to a sufficient degree to justify these rewards will be tested over time. Just like
            any other tool, AI’s effectiveness and impact must be weighed. Organizations need to separate hype
            from reality before even considering the use of these tools. After all, an OpenAI spokesperson recently
            commented on its product’s ability to “hallucinate” and “make up information that’s incorrect but sounds
            plausible.”

            While the fear of AI evolving into Terminator or Skynet is certainly fun to hypothesize, the immediate risk
            is to today's data and customers' networks. Therefore, it is essential to prioritize data security to protect
            our organizations and the clients we serve.




            About the Authors

            John A. Smith is CEO of Conversant Group and its family of IT infrastructure and
            cybersecurity  services  businesses.  He  is  the  founder  of  three  technology
            companies  and,  over  a  30-year  career,  has  overseen  the  secure  infrastructure
            design,  build,  and/or  management  for  over  400  organizations.  He  is  currently
            serving as vCIO and trusted advisor to multiple firms.

            A passionate expert and advocate for cybersecurity nationally and globally who
            began his IT career at age 14, John Anthony is a sought-after thought leader, with
            dozens of publications and speaking engagements. In 2022, he led the design and
            implementation of the International Legal Technology Association’s (ILTA’s) first annual cybersecurity
            benchmarking survey.

            John Anthony studied Computer Science at the University of Tennessee at Chattanooga and holds a
            degree in Organizational Management from Covenant College, Lookout Mountain, Georgia.

            John  can  be  reached  at  @ConversantGroup  on  Twitter  and  at  Conversant’s  website:
            https://conversantgroup.com/








            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          179
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.