Saugat Sindhu of Wipro discusses the dual role of Gen AI in cybersecurity enhancement and risk management

CXOToday has engaged in an exclusive interview with Saugat Sindhu, Senior Partner and Global Head, Advisory Services, Wipro Limited

1. How do you balance the benefits of Generative AI in enhancing cybersecurity measures with the potential risks it introduces, such as data leakage and AI-specific cyber-attacks?

We got accustomed to the phrase “Shadow IT”, and going forward we will have to get acquainted with the phrase “Shadow AI”. As the attack surface increases with advent of GenAI, bad actors have started to exploit AI model which not only enables them to decrease productivity of the model, but it also allows them to gain access to sensitive information, and in a lot of cases valid credentials for further exploits. We are seeing an increase in Evasion, Data Poisoning, Backdoor Attacks, Extraction and Supply Chain Vulnerability threats as a result.

• Risks are associated with the foundational data and models of generative AI. Effective access control and data security measures are essential to prevent sensitive data from becoming public.
• Misuse and misinformation of data from generative AI models are significant concerns. Adequate governance processes and adaptable frameworks are necessary to manage these risks.

However, AI also has the potential to combat these risks faster than ever before,

• GenAI has emerged as a major disruptor for the industry. A few years ago, cloud technology was talked about this way. Like Cloud, AI strengthens defenses and shortens response times by recognizing patterns and making decisions based on past cyber events.
• AI identifies false positives in logs, solving a persistent problem for cyber professionals. It enhances detection, response, and remediation processes in cybersecurity. AI can improve employee awareness campaigns and detect insider threats by integrating with behavioral science.

2. Can you elaborate on the most significant cyber threats that have emerged with the advent of Generative AI and how organizations can best prepare to mitigate these threats?

The advent of GenAI the attack surface changed and as a result we see the following adversarial threats the most:

• Evasion – where a bad actor manipulates the input to cause incorrect predictions from the model
• Data Poisoning – injection of misleading data into training data set for the model
• Model Inversion – where a bad actor can deconstruct the model to reveal sensitive information about training data
• Backdoor Attacks – where a model is training with a hidden anomaly that behaves maliciously when exposed to a specific input pattern
• Supply Chain – where a model depends on compromised components
• Extraction – where a bad actor can probe a model’s responses to extract information about data set

The most holistic way of mitigating these threats is to look at them from a coverage and enablement perspective. This is divided into three phases:

• Model Vulnerability Assessment – where one identifies attack types, task pair models, algorithms and framework models
• Model Defense Deployment – where one looks at the specific deployment environments and its security, along with SIEM support and any additional integration that may be required
• Governance – where you consider trustworthy AI components such as risk assessment, fairness, bias, and regulatory preparedness.

Across these processes, having the ability to audit models and assets, and being able to secure the tech stack helps prevent bad actors.

3. How do you foresee the relationship between CISOs and emerging roles like Chief Risk Officers evolving in the future, and what benefits does this collaboration bring?

• Businesses should not be afraid of the risks posed by AI, instead they must prepare for it. If you lock down AI completely you will be preventing the growth of business where the competition may be using it to their advantage.
• In many ways the role of the CISO has evolved in recent years, they are now critical leadership team members and should act as business enablers, not just auditors or enforcers.
• It is increasingly important for CISOs to have a permanent seat at the boardroom table. They need to communicate risks effectively and transparently with the board, quantifying cybersecurity, reputational, and financial risks and this is where their collaboration with CROs, CAOs and CFOs matter – because Cybersecurity is not just the burden of a CISO, but the entire organization.

4. Can you provide examples of how organizations can develop and implement effective incident response strategies to quickly recover from security breaches?

Fundamentally the steps involved in a mature incident response program include – preparation, detection, containment, eradication, recovery, and review. Organizations should strengthen each step through robust auditable processes and technologies providing leading capabilities. Specifically, detection and containment require a constant maturity evaluation to stay abreast with class leading capabilities out in the market. Threat detection and continuous threat exposure management (CTEM) are key capabilities that CISOs must invest in. Building resilience into all facets of cybersecurity also helps contain and recover quickly in the event of an incident.

5. What are the unique cybersecurity challenges associated with the intersection of Cloud Computing and AI, and how can organizations effectively address these challenges?

Cloud computing and convergence of AI with it – is the new cybersecurity frontier. We talk about AI in cloud, we talk about AI on the edge, and more recently we now have AI that lives on the local hardware of your desktop or laptop. How does the interaction with cloud architecture work, given all these scenarios, is fascinating. You now have AI that can read everything that you type or see on the screen on your local hardware – aside from model processing that may happen on the cloud or on the edge. From a training dataset and AI model security perspective, having penetration testing and vulnerability assessments done are key foundational steps. We then must go past it and enable privacy and security controls much like we do for cookies/consent. Any backdoors must be eliminated as well to protect from unwanted leakage of sensitive data.

6. What kind of challenges do CISOs face in the current IT landscape, and what strategies can be employed to overcome them?

The current socio-economic environment is very dynamic, this makes the IT landscape volatile. AI is now a disruptor along with cloud, and while some companies were just getting past cloud adoption, they now must address AI and especially Generative AI as well. CISOs have a monumental task of balancing processes and technology that safeguard the enterprise while making sure the business is enabled adequately to meet the demands of the market. The biggest challenges seem to be:

• Managing cost and capability
• Building cyber resilience into the fabric of the enterprise
• Meeting regulatory obligations
• Adoption of new technology securely for the enterprise

For a CISO to get ahead of the challenges, they must fully understand the business and processes that generate revenue, only then can they find a sweet spot for enablement and protection. Gaining visibility into your tech landscape to identify critical assets and providing adequate protection capabilities is also important. Prioritization of projects, and programs that help plug in gaps and therefore allows a CISO to manage cost immediate and long-term cost. Lastly, having a federated operating model that lets you be closer to the business helps in executing these strategies.