Covering Disruptive Technology Powering Business in The Digital Age

image
To GenAI or Not to GenAI? Insights From APAC CISOs on Navigating Generative Artificial Intelligence Amid 30% It Budget Allocation Challenges
image
August 21, 2024 Bylines

Written by Bisham Kishnani, Evangelist & Head, SE, APAC & Japan, Check Point Software Technologies 

 

GenAI

Bisham Kishnani, Evangelist & Head, SE, APAC & Japan, Check Point Software Technologies 

In today’s rapidly evolving digital landscape, the use of Artificial Intelligence (AI) has become increasingly prevalent, revolutionising industries and transforming processes. Since the launch of Generative Artificial (GenAI) tools like ChatGPT, many organisations see its huge potential and are rushing to incorporate AI tools and capabilities into their organisation, as if to “stay on trend” and to catch the “next big thing”.

According to a recent ESG research, experts agree that GenAI is already prevalent today. The technology will be a key factor in cybersecurity purchasing decisions and become widespread in business applications by the end of 2024. In fact, an APAC Chief Information Security Officer (CISO) from the financial industry revealed that the boards are allocating as much as 30% of their IT spending budget to AI, as they recognise the value AI could bring to their business.

However, the same research also illuminates apprehension. Approximately 70% of survey participants emphasised the difficulty of incorporating GenAI into current security frameworks, while 60% highlighted the dangers related to potential biases and ethical dilemmas. From the CISOs’ perspective, It is also worrying that there is no clarity in how the information shared with these platforms are being managed or utilised. This is much different from past practices, like the adoption of cloud technology for example. The proliferation of cloud services really took off when regulations were put in place by the various governments to establish boundaries and ensure data safety.

In a series of roundtable sessions across the APAC region, we spoke to multiple CISOs from various industries including financial institutions, governments, critical infrastructure, utilities, manufacturing and more, on the current status of adoption of Generative AI into their enterprises. Similar to research findings, we hear that most of the CISOs acknowledged that GenAI technology is here to stay and would play a significant role for cyber security. However, the majority were hesitant to move ahead with large-scale adoption across their enterprise due to other AI concerns.

Granted, AI holds immense promises, including transformative capabilities, increased efficiency, enhanced data analysis, and solving the cybersecurity talent crunch, amongst other things. Despite these bright promises and push for adoption, we discover that APAC CISOs feel that there are still too many unknowns in the technology. The verdict? According to APAC CISOs, GenAI is presently deemed impractical for businesses, until essential adjustments are made with the technology and operating environment.

In this article, we delve into the key highlights, reflecting the valuable insights from these APAC CISOs on their thoughts about GenAI, their concerns, challenges, and how they envision a successful implementation of the technology into their organisations.

APAC CISOs’ perspective: Thoughts about GenAI

  • AI and GenAI are not the same things: APAC CISOs recognise that AI is not a new concept and has been present for many years. Virtual assistants like Siri and Alexa, self-driving cars, robotics, video games are all leveraging AI. The crux of distinction between the two lies in GenAI’s ability to mimic human intelligence, capable of comprehending and problem-solving — and that’s the draw and power of GAI.
  • Is it just another fad?: These CISOs are deliberating whether GenAI technology is a want or a need at present — They believe that it is no immediate necessity to incorporate this technology across the entire business, and advocate for a more gradual implementation. CISOs want to feel confident about the technology, infrastructure and the processes. The current rush appears to be more about aligning with a “trend”, akin to the past with cloud and blockchain.
  • Maybe it’s not time yet: CISOs understand that the technology is here to stay and the boards are relentlessly pushing for its adoption due to its transformative promises like fast tracking development processes and cost savings. However, there needs to be more control over the technology to embrace it. Protocols, process and education are a must, so that boundaries are established, and knowing that the information entered into the GenAI platform is safe from outsiders.
  • GenAI needs to live up to its expectations — to predict accurately and manage never-seen-before threats. The power of GenAI can only be fully beneficial to organisations when it can be applied to a consolidation of knowledge, data and insights across the entire organisation without any errors or misinformation used.

Challenges with GenAI

  • GenAI is the “fancy” problem: Presenting a realistic and common occurrence, CISOs including the ones in APAC are strapped on time and resources. They already face a multitude of other pressing concerns, including foundational issues like fighting cyberattacks and monitoring malware threats, leaving GenAI as a secondary consideration.
  • Resistant workforce: Culture plays a huge role in the adoption. Engineers and security teams may think that changes are not necessary or because they feel uncomfortable exploring unfamiliar territory. This discomfort may stem from a lack of understanding in terms of the usage, capabilities and liabilities, thus resulting in high resistance on adoption.
  • Information bias: These GenAI tools typically generate content based on input data, making them susceptible to biases and misinformation. With no way to fact check this massive amount of information fed into the system, false information might instead be circulated and used, posing a significant challenge in maintaining accurate and reliable knowledge.
  • Security dilemma: The common agreement amongst the key group of APAC CISOs was that adoption of GenAI opens up more problems than it solves. To aid in the adoption of GenAI within the organisations for its employees, security teams have to lower the guardrails to support the use of GenAI, but continue to keep this ‘padded’ and secure as the workforce navigate through the new technology. It adds an unnecessary layer of complexity for the already overworked team, which may negatively impact security and monitoring of the other systems.

Concerns about GenAI

  • Unchartered waters: There are still many unknowns in GenAI technology — How is the information stored and used? Who owns the rights to the data entered into the platform? How do we ensure proprietary property are not leaked and used for other purposes? There are so many unanswered questions that APAC CISOs feel uncomfortable of GenAI as a viable option at present.
  • Processes, regulations & guidelines: One of the biggest echoes we hear in all of our sessions with these APAC CISOs are that there are no regulations and guidelines set in place and CISOs are not confident with moving forward. For example, in the case of Microsoft Copilot, Copilot feels that “if users have the rights to the document, Copilot also has the rights to it” — and this makes such ‘ownership’ an issue.
  • For the privacy and data protection of companies, the rights to the data/ information should always stay within the company, despite using a third party tool/ platform. Such limitations give voice to the hesitation these APAC CISOs feel in adopting GenAI fully. Fortunately, we are already seeing initiatives on regulating AI from government bodies, including discussions from the Singapore government, and the European Parliament passing the first ever AI regulation — the EU AI Act, earlier this year.
  • Diluting talents: One of the promises GenAI is alleged to bring is narrowing the cybersecurity talent gap. However, APAC CISOs have observed that delegating “lower rank” tasks to AI risks the erosion of industry knowledge and relevant experience among human talents. Code writing skills is already diminishing, and analyst jobs will eventually be lost. Because of the lack of knowledge, APAC CISOs are concerned about diluting the skill sets and capabilities of the workforce. This also means that individuals with the ground-level experience may become more sought after in future. However, this trend does not bode well for future security teams, as it may lead to a shortage of professionals equipped with the requisite expertise and experience to effectively prevent cyberattacks.

The future of GenAI within the Enterprise

Looking ahead, the future of GenAI in cybersecurity is promising. As the technology continues to mature, and organisations and governments alike start to look into GenAI solutions like AI-copilots to be used in their environment, we can expect increasingly advanced and sophisticated solutions to emerge. It is already revolutionising the way we work. However, for enterprises to fully adopt GenAI across their entire enterprise, there is a long way more to go. Nonetheless, it’s great to know things are moving, slowly but surely. It’s a significant milestone to have witnessed the passing of the EU AI Act earlier this week. This will stimulate broader societal conversations, encourage stakeholders to contemplate not just the potential achievements of the technology, but also its potential consequences. This lays the groundwork for a future where AI contributes positively, guided by ethical principles and societal agreement.

Through the combined thoughts and feedback of all the APAC CISOs gathered, we concluded that GenAI will only truly gain mass and complete adoption by companies if the following prerequisites are fulfilled:

    • Trust in the technology: when there is a foundation of trust in all its capabilities
    • Controlled & trusted access: to ensure the security and integrity of business operations — when companies are able to confidently access GenAI in a controlled and trusted environment
    • Reduced adoption costs: for a lower barrier of entry, especially in provision of the underlying infrastructure that supports it
    • Overcoming current obstacles: Having the current roadblocks that hinder seamless integration of GAI removed
    • Successful use cases: Demonstrating the value of GenAI through practical, enterprise-level use cases that showcase enhanced security, reduced risks, and the availability of relevant tools, such as in the realm of cloud security and infrastructure development.
    • Consolidated eco-system: Applying GenAI with valid examples demonstrating security and no-risks with relevant tools available for use eg. Cloud security depends on processes and steps to build the infrastructure
    • Recognising the true value of GenAI: Encouraging businesses to understand the intrinsic value of GenAI, even in sectors where its relevance might not be immediately apparent, such as property management. For example, a property management company may recognise the future promise of GenAI for security and management. However, the mall tenants would rather have the budget be spent on other concerns. Acknowledging GenAI’s significance in safeguarding their digital assets will be necessary.
    • Gradual transition: Currently, GenAI is predominantly seen as an innovation rather than a security concern, particularly for low-risk documents. Collaborative efforts are needed to develop controls and check points to address this evolving landscape.
    • Managing Expectations: Understanding that the adoption of GenAI may either become a groundbreaking discovery or a potential disappointment and should not be driven solely by the fear of missing out.

An additional noteworthy observation is the recognition by APAC CISOs of AI as a strong ally for cyber defence. Engaging with C-Level leaders in region has underscored the accelerated evolution of threat actors, implying techniques, tactics, and procedures that can adeptly challenge even the most robust defence systems. The escalating impact of ransomware and data theft has prompted organisations to reassess their defence capabilities, prompting a critical evaluation of the need for a new approach.

GenAI emerge as transformative solutions for cybersecurity, particularly for mature industry leaders seeking global intelligence that can learn and predict, enabling the proactive adoption of security controls in real-time. GenAI capabilities are viewed as tools that assist defenders by automating certain tasks, such as research and correlation, thereby alleviating the burden and relegating lower-level work to GenAI. Furthermore, the predictive abilities of GenAI in anticipating potential mutations of malware provide organisations with the means to preemptively block never-seen before attacks. Today’s organisations are actively seeking robust cybersecurity partnership to fortify their defences while maintaining agility to drive business objectives securely.

In fulfilling these prerequisites, the path to embracing GenAI in cybersecurity becomes not only feasible but also highly rewarding for enterprises as they strive to fortify their digital defences and adapt to the evolving security landscape.

(0)(0)

Archive