AI is a force as transformative as the advent of the internet, bringing with it unprecedented new risks and opportunities in the cyber security space.
This is according to speakers at an executive roundtable dinner for CISOs, hosted by BCX and Fortinet, ahead of the 20th annual ITWeb Security Summit, which took place in Sandton this week.
Trust and explainability crucial in AI ecosystems
Garith Peck, managing executive: cloud and cyber security at BCX, noted how the cyber security landscape had changed over the past 20 years: “In the early days of the ITWeb Security Summit, business saw cyber security as a cost centre. Now it’s a strategic imperative.”
A key change has been the evolution of technology and emergence of AI and generative AI, he said.
“Now we see more than ever, AI is the predominant theme in cyber security discussions. Every day we have better iterations of technology – it’s growing at scale, and AI is one of the most impactful technologies to emerge. I’d equate it to the Manhattan Project, which resulted in the first atomic weapons, or to the invention of the internet. AI is that inflection point for us now, and the flip-side of this is that attack vectors and risks are also scaling exponentially,” Peck said.
“At BCX, we see AI as a force accelerator – it will accelerate any capability or use case it’s applied to,” he said. “However, AI ecosystems demand a certain level of responsibility. Explainability is an anchor point – if you can’t explain how AI has come to a decision, we shouldn’t be rolling it out.”
Peck said: “There has to be a closely coupled relationship between AI and cyber security. We can’t roll out AI without having cyber security in mind, which is why risk management is a key factor. AI also has to be built on trust, which means human oversight must be involved. This is why we collaborate closely with partners like Fortinet, which has been working with AI for over 15 years.”
Convergence, consolidation, collaboration
Melih Kirkgoz, senior director systems engineering, office of the CTO, international emerging GEO at Fortinet, said convergence, consolidation and collaboration were crucial in a changing cyber security landscape.
“CISOs today are racing against time and complexity, and now we have AI or augmented intelligence changing the game. We see offensive AI and defensive AI creating an ‘AI versus AI’ scenario."
Kirkgoz highlighted the importance of cyber security foundations, including achieving full visibility of assets, and breaking down silos of networking and security to ensure threat intelligence was shared between them.
“A zero trust mindset is also crucial – not just for secure remote access, but also for securing devices, systems, applications, supply chains and even your own AI models and systems,” he said.
He said AI and GenAI assistants helped bolster security by reducing human error, simplifying cyber security, helping security professionals troubleshoot, monitoring networks and threat hunting.
Tope Olufon, senior analyst at Forrester, added that AI both enabled threat actors to exploit systems more easily, and helped cyber security professionals to combat growing risk.
“AI is a pattern recognition and statistics machine that focuses on things that stand out,” he said. “It gives us the ability to surface risk. Threat actors experiment extensively with AI, so organisations can’t afford to wait – they need to be experimenting with AI too.”
AI shifts the cyber security conversation from risk management to behavioural analytics, he said.
CISOs attending the roundtable said AI was taking the world into a ‘post trust’ era in which AI was a double-edged sword and the best possible human-AI combinations had yet to be achieved.
Share