Enterprises must follow five key steps to adopt AI securely

Padlock against circuit board/cybersecurity background
(Image credit: Future)

Businesses have experienced huge changes through the integration of artificial intelligence (AI). Those incorporating this technology have the potential to revolutionize all facets of their business operations. In fact, everything from customer-facing applications and services, back-end data and IT infrastructure and workforce engagement can all be boosted using AI. However, with great opportunity comes new risks, and business leaders need to consider the security implications of adopting AI into their business.

A primary concern when it comes to adopting AI is identity management. The incidence rate of identity-related breach has seen a rise in recent times, with 68% of companies reporting a significant impact on business due to such attacks in 2022. The utilization of AI by cyber attackers for sophisticated deep fake fraud attacks and machine learning-based social engineering adds a new layer of complexity to the identity-related threats organizations are facing, making them challenging to predict.

While AI tools offer valuable opportunities for IT and security executives to innovate, it is crucial to acknowledge these associated risks. Businesses must prioritize security and adapt to the evolving threat landscape, and the following five steps are particularly essential for securely embracing AI and harnessing its full potential.

Omer Grossman

Chief Information Officer, CyberArk.

1) Security comes first

Businesses should begin by defining their stance on AI while considering its impact on cybersecurity, particularly identity security given the threat AI poses here. Whether your company is already using generative AI at the enterprise level, or just exploring a proof of concept to test the waters, clarity from the top down is essential. A well-communicated position ensures alignment throughout your organization and also ensures security processes are established with AI in mind.

2) Communicate properly to promote awareness

Establishing AI-specific company guidelines and employee training is crucial, but genuinely impactful dialogue is a two-way street. Encouraging employees to share AI-related questions and ideas is a great way to tackle emerging challenges and devise creative AI strategies as a team. Creating cross-functional teams that can address these submissions from all standpoints – including innovation, growth and security – is also important as it ensures employees feel their inputs are adequately actioned.

3) Switch up your adoption strategy

According to the 2023 CyberArk Identity Security Threat Landscape Report, employees in 62% of organizations use unapproved AI-enabled tools, increasing identity security risk. This shows that IT and security leaders have to change the way they approach AI adoption, encouraging AI-powered innovation rather than blocking its potential.

Furthermore, IT departments in a range of industries are experiencing a surge in workforce requests for AI-enabled tools and add-ons. Rather than enforcing blanket ‘no AI’ policies, organizations should instead look to enhance how they vet third-party software and ensure it won’t jeopardize security. AI-fueled phishing campaigns are becoming increasingly convincing, so having the right level of due diligence ensures workers can benefit from AI without putting security at risk.

4) Mapping the needs of the CFO

The onus on technology leaders to build operationally efficient platforms and environments continues to grow, particularly given the current economic climate. Demonstrating AI as more than just a nice to have but instead as a tool with real business value is essential to getting buy-in from CFOs. An honest, rational approach backed by hard data is critical; illustrating how a tool can help safely advance multiple business priorities is even more powerful.

5) Staying up to date with the latest risk landscape

Vigilantly assessing AI-enabled tools before and during their use is the only way to continuously assure their safety. Businesses must be prepared to block and roll back any AI-enabled tool if it’s necessary for security reasons. Ultimately, staying one step ahead of attackers means thinking like one, focusing on the vulnerabilities that an AI tool might pose.

Leveraging AI to traverse the threat landscape

AI is playing a significant role in bolstering cybersecurity efforts and resilience for IT and security teams. Although human expertise remains essential in combatting emerging threats, AI can help bridge some of the gaps caused by the 3.4-million-person cybersecurity worker shortage.

The evolving potential of Generative AI is further promising to revolutionize security functions, with the impacts it can have on security operations centers (SOC) a prime example. Automation of time-intensive security tasks, such as triaging level-one threats or updating security policies, can free up SecOps professionals to focus on more rewarding work. This could potentially alleviate staffing shortages, employee turnover, and attrition—key contributors to the cyber skills shortage according to the latest (ISC)2 Cybersecurity Workforce Study.

Despite the advantages brought about by rapid technological progress and increased AI usage in enterprises, new challenges are emerging for business leaders. True leadership involves making informed decisions, even in uncertain situations, and by prioritizing identity security and maintaining an open mindset, technology leaders can confidently embrace AI. Not only can this help leaders create new business opportunities, but it allows them to do so without compromising their company's reputation or eroding consumer and employee trust.

We've listed the best Zero Trust network access solution.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

Omer Grossman, Chief Information Officer, CyberArk.