Sudden technology shifts have destroyed many security strategies. That reality was clear to security executives who gathered near Zurich in the region once protected by the Helfenberg Castle. Without curtain walls and fortified towers, Helfenberg was stormed by peasants and burned in 1407 during the Appenzell Wars. Today, the ruins of the nearly forgotten fortress provide little more than shade for cows grazing on pastures growing around and among the walls. Many better-designed castles across Europe fell later in the 16th century when innovation made cannons powerful enough to penetrate the thickest walls. Like those stone castle walls of the past, today’s virtual walls provide little lasting security. Technology shifts require innovation.
Helfenberg Castle. Photo by Eric Johnson
The Corporate Information Security Roundtable spent a day discussing the challenges of security leadership in the AI era. The group catalogued the growing difficulties with many widely used security strategies, from multifactor authentication to phishing training. But the rapid adoption of AI dominated the discussion. The vast promise of AI was accompanied by the realization that security teams would need to innovate to help their organizations protect against looming vulnerabilities. From deep fakes to massive intellectual property losses, AI presents a host of new threats and endless dark innovation.
As with any new threat, the first instinct is to build walls. Many organizations have done just that. In the case of Gen AI, walls are used to both keep users inside safe spaces and adversaries out. The approaches fall roughly into three categories.
Of course, security vendors are rolling out products that combine and supplement these approaches. But the roundtable participants widely agreed that these were, at best, stop-gap solutions.
Over the past decade, organizations have tried to wall off users from earlier web-based innovations. From cloud services and storage to social media, walls were little more than speed bumps. Users who hit walls often find ways around the barrier, like moving to personal devices. Besides providing limited security, the walls also slow the adoption of powerful new technologies and meaningful organizational learning. And even the best walls afford limited security from determined users and adversaries.
For now, anyway, walls provide some time for security teams to learn from Gen AI user behavior and develop new innovative approaches. More importantly, the learning will help security teams advise their organizations on ethical policies guiding business AI adoption.
The group agreed that constant innovation is the only lasting security strategy, meaning they would have to run faster than the hackers to protect their organizations.
Eric Johnson è Bruce D. Henderson Professor of Strategy, Ralph Owen Dean, Emeritus, presso Owen Graduate School of Management, Vanderbilt University
Fornire gli strumenti per (ri)disegnare la roadmap di adozione e sviluppo dell’AI in azienda bilanciando strategia, elementi tecnologici, organizzativi e di contesto.
Gain the knowledge and tools needed to assess cyber risks and develop cybersecurity strategies aligned with organizational goals and regulatory requirements.
Fondamenti teorici e pratici per comprendere le potenziali applicazioni della Generative AI all'interno dei perimetri aziendali
