Navigating AI Cybersecurity Risk Challenges

Cybersecurity risk is driven in part by the rapid development of AI without adequate regulations

Jenna Wells, Chief product and customer officer at Supply Wisdom

July 17, 2024

5 Min Read
A woman working at a laptop
Getty iImages

The landscape of risk continues to evolve, posing challenges that demand the attention of companies across industries. This year has already shown several critical issues, demanding proactive strategies and robust risk management practices.  

Ongoing geopolitical uncertainties and tensions globally continue to impact businesses. Specific instances, such as the Israel-Hamas war, highlight the potential for service disruptions outside of the traditional sense affecting technology sectors. In addition, regulatory scrutiny, particularly in EMEA and APAC, remains a significant factor in shaping risk strategies. Adapting to evolving regulatory landscapes is paramount for companies operating in these regions. 

Cybersecurity risk will again be at the fore for companies this year, driven in part by the rapid development of AI without adequate regulations. The lightning-speed pace of AI, coupled with a lack of understanding and regulation, poses a substantive threat to companies. As AI capabilities expand, so does the potential for misuse. 

These are the top cyber risks, including AI and exposure to geopolitical risk, that companies should be assessing.

AI-Driven Cyber Risk 

The accelerated growth of artificial intelligence (AI), particularly generative AI, presents a significant cyber risk. The lack of comprehensive regulations and guardrails around AI development can expose companies to unforeseen vulnerabilities. As AI becomes more integral to business operations, understanding its capabilities and implementing protective measures becomes crucial.

Related:Google Says AI Will Help Defenders More Than Hackers. Here’s How.

There are access risks associated with exploited privileges and unauthorized actions, such as insecure plugins that can expose AI systems to malicious requests, leading to unwanted behaviors or execution of unauthorized remote code. Similarly, permissions issues can arise when authorizations aren’t tracked between plugins, opening the way for indirect prompt injections or malicious plugin usage.

Data risks involve data manipulation or loss of services, which could be caused by encrypting data or overloading networks to prevent legitimate access. In addition, there are risks of AI model theft through network attacks, social engineering techniques and vulnerability exploitation by threat actors. AI also poses new trust, risk and security management requirements that conventional controls do not address.

To mitigate these risks, companies must adopt best practices for AI security risk management. This includes having a robust inventory of third parties, Nth parties and partners that are touching your data and understanding how those parties are using AI. The first step is gaining a holistic awareness of all these relationships and the second is keeping that insight continually up to date. 

Related:Microsoft Launches AI Chatbot for Cybersecurity

Third Parties and Software Dependencies 

The longstanding trend of globalization and outsourcing has exposed companies to an unprecedented number of risks from Nth parties. Organizations increasingly need insight into their entire supply chains and to track third, fourth, or fifth parties and beyond. Ensuring contracts with third parties account for this risk can be a complex task. In addition, regulatory requirements can also vary by location and organizations must also be aware of the geopolitical risks and supply chain disruptions that could emerge. 

The expansion of the Internet of Things (IoT) devices to N’th Parties and beyond introduces new layers of complexity and potential security breaches. Companies must be vigilant about securing their networks against information security threats that may extend beyond their immediate control. Strengthening cybersecurity measures to account for the broader IoT ecosystem is essential. 

In addition to these risk concerns, the U.S. government is increasingly focused on risk exposure from software. The 2021 Executive Order on Improving the Nation’s Cybersecurity specifically mentions SBOMs – Software Bills of Materials – which means maintaining a complete inventory of all the components that go into an enterprise’s software is no longer a “nice to have.” SBOMs often get overlooked, exposing companies to significant risks. Without a holistic view of their software exposure, companies will never truly know where their risk lies, whether it is location-based or materials-based. Given the large number of different tools and applications that are used across enterprises, the attack surface can dramatically increase. 

Maintaining visibility into the components and dependencies of software systems is crucial for identifying and mitigating vulnerabilities. Companies should prioritize the implementation of SBOMs as part of their cybersecurity hygiene practices. 

Unique Risks for Financial Services 

Financial services and other regulated industries face unique challenges in cybersecurity. Beyond the aforementioned concerns, these sectors must navigate stringent regulatory pressures in EMEA and APAC. The consolidation of internal tools and risk management practices, especially for companies with a global presence, reflects a growing trend towards a more centralized approach to enterprise risk and third-party risk programs. 

In addition, the introduction of DORA – the Digital Operational Resilience Act – with its two-year implementation period, is putting greater stress on risk programs. This further emphasizes the importance of having a comprehensive, up-to-date view of third parties and downstream relationships.  Despite having relatively sophisticated compliance functions, many financial services firms are not adequately assessing and managing Nth party risk. 

AI as Part of the Solution 

While AI poses considerable cybersecurity threats, it also promises to be part of the solution. In response to escalating cyber threats, companies are expected to increase their spending on risk management this year, according to Gartner. A significant portion of these dollars is likely to be allocated to AI-driven risk management solutions and predictive analytics.  

Companies are increasingly consolidating their internal tools and risk management practices. This shift, especially prevalent in large global organizations, reflects a commitment to a unified approach to managing risks and ensuring compliance. Staying ahead of the competition requires leveraging advanced technologies to identify and address potential risks proactively. 

In conclusion, as companies navigate the current complex cybersecurity landscape, addressing these key risks and embracing proactive risk management strategies is imperative. As AI capabilities expand, so does the potential for misuse. Establishing clear regulations, fostering understanding and implementing ethical AI practices are essential steps in mitigating this risk. 

By staying ahead of emerging threats and leveraging advanced technologies, organizations can safeguard their digital assets and maintain resilience in an ever-changing, complex environment. 

About the Author

Jenna Wells

Chief product and customer officer at Supply Wisdom, Supply Wisdom

Jenna is the chief product and customer officer at Supply Wisdom. A Boston native, Jenna graduated from Purdue University as a Distinguished Military Graduate. Upon graduation, she was commissioned as an Officer in the United States Marine Corps and went on to serve on active duty as a Signals and Ground Electronic Intelligence Officer. Jenna trained at the Navy and Marine Corps Intelligence Training Center at Dam Neck, Virginia and at the National Security Agency in Baltimore, Maryland before deploying to Afghanistan in support of Operation Enduring Freedom.

After transitioning from active duty, Jenna joined Wellington Management, where she was an AVP, Manager, Third Party Risk Management. While at Wellington, Jenna oversaw a 24/7 Global Command Center and managed their global risk command and third-party assessment process. Jenna then joined Iron Mountain as their Director of Third-Party Risk Management, where she was responsible for overseeing the implementation, regulation and global management of their third-party ecosystem.

Keep up with the ever-evolving AI landscape
Unlock exclusive AI content by subscribing to our newsletter!!

You May Also Like