October marks the annual Cybersecurity Awareness Month. This year SC Media is delving deep into themes promoted by the Cybersecurity and Infrastructure Security Agency, particularly emphasizing business and product security.
SC Media's Tom Spring spoke with industry expert, Chris Hodson, chief security officer and chief product officer at Cyberhaven. What follows is a video of the interview and a short overview of the conversation.
“While we buzz about AI threats, zero-day exploits and nation-state campaigns, many organizations today grapple with age-old issues like understanding device inventories, the nature of data they process and establishing strong incident response strategies," Hodson said.
Emerging cybersecurity challenges also reflect technology innovations such as artificial intelligence and macroeconomics driving tech layoffs. Faced with tighter budgets and staff reductions some security pros are looking to AI as a way to lessen the economic gut punch, he said.
“These issues are at the forefront of discussions in board rooms and among leadership teams,” Hodson said. He argues companies need to keep focus on the blocking and tackling basics of cybersecurity versus looking for a silver bullet.
“Understanding your data’s journey is key. What assets are processing your company’s sensitive data and what are the user accounts accessing the data is pivotal. By ensuring robust vulnerability management, patch management, multi-factor authentication and data loss identification controls, organizations can establish a solid foundation for how to deal AI, staff layoffs and budget constraints.”
Generative AI: Past is prologue
He added that generative AI and its increasing popularity among employees seeking efficiencies, creates new "shadow IT" challenges.
The importance of a pragmatic approach to integrating AI into business processes and balancing the needs for efficiency are paramount to risk management. Without robust data protection measures, strong employee education and policy enforcement than companies are faced with the same legacy security issues presented by any new technology or first-generation cloud app service of yesteryear.
Click for more special coverage
The AI-powered toothbrush problem
“Understanding and tracking what users copy into these platforms and how the platforms utilize that data should be table stakes for security teams,” he said. However, similar to the boom-days of IoT devices, where everything overnight became internet-enabled, AI is following a similar path.
“The new challenge many companies face is managing the vast array of SaaS applications which are now integrating AI capabilities,” he said. He cited Zoom as an example, which has evolved from a mere video conferencing tool to a platform offering AI-enabled features. This will present organizations with challenges that will need to be addressed - especially concerning data security and potential misuse.
“This cascading issue of third-party AI integration creates complexity with GDPR regulations, privacy and data loss prevention,” he said.
Hodson advised CISOs to collaborate with legal teams while drafting contracts with third parties to ensure transparency tied to AI usage by third-party SaaS providers.