Written by Bisham Kishnani, Evangelist & Head, SE, APAC & Japan, Check Point Software Technologies
In today’s rapidly evolving digital landscape, the use of Artificial Intelligence (AI) has become increasingly prevalent, revolutionising industries and transforming processes. Since the launch of Generative Artificial (GenAI) tools like ChatGPT, many organisations see its huge potential and are rushing to incorporate AI tools and capabilities into their organisation, as if to “stay on trend” and to catch the “next big thing”.
According to a recent ESG research, experts agree that GenAI is already prevalent today. The technology will be a key factor in cybersecurity purchasing decisions and become widespread in business applications by the end of 2024. In fact, an APAC Chief Information Security Officer (CISO) from the financial industry revealed that the boards are allocating as much as 30% of their IT spending budget to AI, as they recognise the value AI could bring to their business.
However, the same research also illuminates apprehension. Approximately 70% of survey participants emphasised the difficulty of incorporating GenAI into current security frameworks, while 60% highlighted the dangers related to potential biases and ethical dilemmas. From the CISOs’ perspective, It is also worrying that there is no clarity in how the information shared with these platforms are being managed or utilised. This is much different from past practices, like the adoption of cloud technology for example. The proliferation of cloud services really took off when regulations were put in place by the various governments to establish boundaries and ensure data safety.
In a series of roundtable sessions across the APAC region, we spoke to multiple CISOs from various industries including financial institutions, governments, critical infrastructure, utilities, manufacturing and more, on the current status of adoption of Generative AI into their enterprises. Similar to research findings, we hear that most of the CISOs acknowledged that GenAI technology is here to stay and would play a significant role for cyber security. However, the majority were hesitant to move ahead with large-scale adoption across their enterprise due to other AI concerns.
Granted, AI holds immense promises, including transformative capabilities, increased efficiency, enhanced data analysis, and solving the cybersecurity talent crunch, amongst other things. Despite these bright promises and push for adoption, we discover that APAC CISOs feel that there are still too many unknowns in the technology. The verdict? According to APAC CISOs, GenAI is presently deemed impractical for businesses, until essential adjustments are made with the technology and operating environment.
In this article, we delve into the key highlights, reflecting the valuable insights from these APAC CISOs on their thoughts about GenAI, their concerns, challenges, and how they envision a successful implementation of the technology into their organisations.
APAC CISOs’ perspective: Thoughts about GenAI
- AI and GenAI are not the same things: APAC CISOs recognise that AI is not a new concept and has been present for many years. Virtual assistants like Siri and Alexa, self-driving cars, robotics, video games are all leveraging AI. The crux of distinction between the two lies in GenAI’s ability to mimic human intelligence, capable of comprehending and problem-solving — and that’s the draw and power of GAI.
- Is it just another fad?: These CISOs are deliberating whether GenAI technology is a want or a need at present — They believe that it is no immediate necessity to incorporate this technology across the entire business, and advocate for a more gradual implementation. CISOs want to feel confident about the technology, infrastructure and the processes. The current rush appears to be more about aligning with a “trend”, akin to the past with cloud and blockchain.
- Maybe it’s not time yet: CISOs understand that the technology is here to stay and the boards are relentlessly pushing for its adoption due to its transformative promises like fast tracking development processes and cost savings. However, there needs to be more control over the technology to embrace it. Protocols, process and education are a must, so that boundaries are established, and knowing that the information entered into the GenAI platform is safe from outsiders.
- GenAI needs to live up to its expectations — to predict accurately and manage never-seen-before threats. The power of GenAI can only be fully beneficial to organisations when it can be applied to a consolidation of knowledge, data and insights across the entire organisation without any errors or misinformation used.
Challenges with GenAI
- GenAI is the “fancy” problem: Presenting a realistic and common occurrence, CISOs including the ones in APAC are strapped on time and resources. They already face a multitude of other pressing concerns, including foundational issues like fighting cyberattacks and monitoring malware threats, leaving GenAI as a secondary consideration.
- Resistant workforce: Culture plays a huge role in the adoption. Engineers and security teams may think that changes are not necessary or because they feel uncomfortable exploring unfamiliar territory. This discomfort may stem from a lack of understanding in terms of the usage, capabilities and liabilities, thus resulting in high resistance on adoption.
- Information bias: These GenAI tools typically generate content based on input data, making them susceptible to biases and misinformation. With no way to fact check this massive amount of information fed into the system, false information might instead be circulated and used, posing a significant challenge in maintaining accurate and reliable knowledge.
- Security dilemma: The common agreement amongst the key group of APAC CISOs was that adoption of GenAI opens up more problems than it solves. To aid in the adoption of GenAI within the organisations for its employees, security teams have to lower the guardrails to support the use of GenAI, but continue to keep this ‘padded’ and secure as the workforce navigate through the new technology. It adds an unnecessary layer of complexity for the already overworked team, which may negatively impact security and monitoring of the other systems.
Concerns about GenAI
- Unchartered waters: There are still many unknowns in GenAI technology — How is the information stored and used? Who owns the rights to the data entered into the platform? How do we ensure proprietary property are not leaked and used for other purposes? There are so many unanswered questions that APAC CISOs feel uncomfortable of GenAI as a viable option at present.
- Processes, regulations & guidelines: One of the biggest echoes we hear in all of our sessions with these APAC CISOs are that there are no regulations and guidelines set in place and CISOs are not confident with moving forward. For example, in the case of Microsoft Copilot, Copilot feels that “if users have the rights to the document, Copilot also has the rights to it” — and this makes such ‘ownership’ an issue.
- For the privacy and data protection of companies, the rights to the data/ information should always stay within the company, despite using a third party tool/ platform. Such limitations give voice to the hesitation these APAC CISOs feel in adopting GenAI fully. Fortunately, we are already seeing initiatives on regulating AI from government bodies, including discussions from the Singapore government, and the European Parliament passing the first ever AI regulation — the EU AI Act, earlier this year.
- Diluting talents: One of the promises GenAI is alleged to bring is narrowing the cybersecurity talent gap. However, APAC CISOs have observed that delegating “lower rank” tasks to AI risks the erosion of industry knowledge and relevant experience among human talents. Code writing skills is already diminishing, and analyst jobs will eventually be lost. Because of the lack of knowledge, APAC CISOs are concerned about diluting the skill sets and capabilities of the workforce. This also means that individuals with the ground-level experience may become more sought after in future. However, this trend does not bode well for future security teams, as it may lead to a shortage of professionals equipped with the requisite expertise and experience to effectively prevent cyberattacks.
The future of GenAI within the Enterprise
Looking ahead, the future of GenAI in cybersecurity is promising. As the technology continues to mature, and organisations and governments alike start to look into GenAI solutions like AI-copilots to be used in their environment, we can expect increasingly advanced and sophisticated solutions to emerge. It is already revolutionising the way we work. However, for enterprises to fully adopt GenAI across their entire enterprise, there is a long way more to go. Nonetheless, it’s great to know things are moving, slowly but surely. It’s a significant milestone to have witnessed the passing of the EU AI Act earlier this week. This will stimulate broader societal conversations, encourage stakeholders to contemplate not just the potential achievements of the technology, but also its potential consequences. This lays the groundwork for a future where AI contributes positively, guided by ethical principles and societal agreement.
Through the combined thoughts and feedback of all the APAC CISOs gathered, we concluded that GenAI will only truly gain mass and complete adoption by companies if the following prerequisites are fulfilled:
-
- Trust in the technology: when there is a foundation of trust in all its capabilities
- Controlled & trusted access: to ensure the security and integrity of business operations — when companies are able to confidently access GenAI in a controlled and trusted environment
- Reduced adoption costs: for a lower barrier of entry, especially in provision of the underlying infrastructure that supports it
- Overcoming current obstacles: Having the current roadblocks that hinder seamless integration of GAI removed
- Successful use cases: Demonstrating the value of GenAI through practical, enterprise-level use cases that showcase enhanced security, reduced risks, and the availability of relevant tools, such as in the realm of cloud security and infrastructure development.
- Consolidated eco-system: Applying GenAI with valid examples demonstrating security and no-risks with relevant tools available for use eg. Cloud security depends on processes and steps to build the infrastructure
- Recognising the true value of GenAI: Encouraging businesses to understand the intrinsic value of GenAI, even in sectors where its relevance might not be immediately apparent, such as property management. For example, a property management company may recognise the future promise of GenAI for security and management. However, the mall tenants would rather have the budget be spent on other concerns. Acknowledging GenAI’s significance in safeguarding their digital assets will be necessary.
- Gradual transition: Currently, GenAI is predominantly seen as an innovation rather than a security concern, particularly for low-risk documents. Collaborative efforts are needed to develop controls and check points to address this evolving landscape.
- Managing Expectations: Understanding that the adoption of GenAI may either become a groundbreaking discovery or a potential disappointment and should not be driven solely by the fear of missing out.
An additional noteworthy observation is the recognition by APAC CISOs of AI as a strong ally for cyber defence. Engaging with C-Level leaders in region has underscored the accelerated evolution of threat actors, implying techniques, tactics, and procedures that can adeptly challenge even the most robust defence systems. The escalating impact of ransomware and data theft has prompted organisations to reassess their defence capabilities, prompting a critical evaluation of the need for a new approach.
GenAI emerge as transformative solutions for cybersecurity, particularly for mature industry leaders seeking global intelligence that can learn and predict, enabling the proactive adoption of security controls in real-time. GenAI capabilities are viewed as tools that assist defenders by automating certain tasks, such as research and correlation, thereby alleviating the burden and relegating lower-level work to GenAI. Furthermore, the predictive abilities of GenAI in anticipating potential mutations of malware provide organisations with the means to preemptively block never-seen before attacks. Today’s organisations are actively seeking robust cybersecurity partnership to fortify their defences while maintaining agility to drive business objectives securely.
In fulfilling these prerequisites, the path to embracing GenAI in cybersecurity becomes not only feasible but also highly rewarding for enterprises as they strive to fortify their digital defences and adapt to the evolving security landscape.
Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)