Page 179 - Cyber Defense eMagazine September 2023
P. 179
To mitigate the risks of AI tools, organizations need to take a proactive approach. They should conduct
thorough risk assessments to understand their exposure and ensure that appropriate security measures
are in place, such as encryption, access controls, data leakage protection, and active monitoring. Proper
policies must be defined and approved. Until such policies and controls are in place, the use of ChatGPT
and similar tools must be blocked—just as they would (or should) any other non-approved IT system.
Though powerful and seemingly useful, organizations must not allow ChatGPT and similar tools access
to their systems and data until they can clearly understand the risk inherent in them and can control
against or accept those risks. And, as AI and technologies like ChatGPT and Bard are evolving at a
lightning pace, continuously securing these iterations will certainly provide new challenges for both
organizational IT and security researchers.
There continues to be much debate about the risk vs. reward of AI/AGI in enterprise settings. Clearly, a
tool that produces instant data, content, and analysis provides value; whether the risks can be contained,
controlled, and managed to a sufficient degree to justify these rewards will be tested over time. Just like
any other tool, AI’s effectiveness and impact must be weighed. Organizations need to separate hype
from reality before even considering the use of these tools. After all, an OpenAI spokesperson recently
commented on its product’s ability to “hallucinate” and “make up information that’s incorrect but sounds
plausible.”
While the fear of AI evolving into Terminator or Skynet is certainly fun to hypothesize, the immediate risk
is to today's data and customers' networks. Therefore, it is essential to prioritize data security to protect
our organizations and the clients we serve.
About the Authors
John A. Smith is CEO of Conversant Group and its family of IT infrastructure and
cybersecurity services businesses. He is the founder of three technology
companies and, over a 30-year career, has overseen the secure infrastructure
design, build, and/or management for over 400 organizations. He is currently
serving as vCIO and trusted advisor to multiple firms.
A passionate expert and advocate for cybersecurity nationally and globally who
began his IT career at age 14, John Anthony is a sought-after thought leader, with
dozens of publications and speaking engagements. In 2022, he led the design and
implementation of the International Legal Technology Association’s (ILTA’s) first annual cybersecurity
benchmarking survey.
John Anthony studied Computer Science at the University of Tennessee at Chattanooga and holds a
degree in Organizational Management from Covenant College, Lookout Mountain, Georgia.
John can be reached at @ConversantGroup on Twitter and at Conversant’s website:
https://conversantgroup.com/
Cyber Defense eMagazine – September 2023 Edition 179
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.