Requesting your opinion on data sovereignty and information system security when utilizing cloud based Enterprise Resource Planning systems, specifically in a Government department. Any guidance to share?

1.7k views3 Comments

Sort by:

Chief Information Security Officer in IT Services8 months ago

It's still early days for AI-powered attacks. I handle a significant number of attacks and they remain largely traditional. I recently encountered an AI-generated email thread that attempted to impersonate my CEO, so it is important that your users understand the potential for attackers to use AI in crafting more sophisticated phishing attempts. But, while AI can aid in data correlation and packaging information, the use of AI in automated attacks is still evolving. The threat of deepfakes and impersonation is real, but we have yet to see widespread AI-generated attacks. It's a frequent topic at conferences, but I think we have a lot to learn before fully understanding its implications.

1 Reply

no title8 months ago

Agreed, the focus right now is on phishing and related threats. AI is being used to scrape information from various sources and that leads to more targeted attacks. For instance, new employees might be targeted if their personal information is inadvertently shared online, so stronger education and awareness from day one are crucial to mitigate these risks.<br>

Chief Data Officer in Healthcare and Biotech8 months ago

At this point, I believe it's too early to make definitive decisions about AI-powered attacks. While AI and machine learning are frequently mentioned in the context of cyber attacks, much of what we see is still driven by algorithms. In the education sector, we're more focused on adapting our teaching methods to incorporate AI, such as grading students on the quality of their prompts rather than worrying excessively about AI-driven cheating. When it comes to actual incident response use cases, I think it will take some time before we can comfortably rely on AI.

Content you might like

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.

It's time for 2024 predictions: Note that these are just ideas or off-the-wall predictions. However, choose the one you think is most likely to come about December 29th, 2024.

The First Human (Universal Translator) will be created using AI10%

Generative AI, will be added to children's Toys and be the hottest toy in 202435%

AGI (Artificial General Intelligence) will be created (Denial, Scared, and Hope) may come out of this. 15%

AI and GenAI will be able to communicate with (an animal species) in 2024. -There is work going on now to do this. 12%

Lawmakers will force AI Platforms to provide extensive lists of what information is in use, or being used within any AI model. If the company or entity cannot provide such information there will be fines. (This will force AI Models to be built on known data or purchased data)16%

Employment concerns spike in 2024. Concerns with companies asking for 10+ years, no job training, people let go and AI hired on, Schooling not keeping up with the innovation of this new technological innovation. 11%

View Results

What action do you take when a user fails a simulated phishing test?

No action taken7%

Extra training required by user 95%

Permissions revoked5%

Disciplinary action taken against user3%

View Results

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

With Gartner highlighting the urgency of post-quantum cryptography (PQC), I would like to know if there are other members of the group already involved in the discussion or in the planning to face the threat of attacks like 'harvest-now, decrypt-later'?