Striking a Balance: Seizing AI Opportunities While Mitigating Risks in the Indian IT Landscape
By Rohan Vaidya,
The era of generative artificial intelligence (AI) has officially dawned upon the Indian enterprise landscape, poised to revolutionise various facets, ranging from customer-facing applications to backend data and infrastructure, as well as workforce engagement and empowerment. However, this transformative wave also presents a dual-edged sword, as 93% of security decision-makers anticipating the advent of AI-driven threats impacting their organisations in 2023, with AI-fuelled malware topping their list of concerns.
In the context of AI-based risks within a country like India, it has become increasingly evident that the transformative power of AI can yield both substantial benefits and potential hazards. India, currently presiding over the G20 presidency, has expressed valid concerns regarding the potential threats posed by AI. These threats encompass AI-generated cyber-attacks, the proliferation of malware, the dissemination of highly convincing disinformation, and scams. What’s particularly disconcerting is the ease and cost-effectiveness with which these tools can be deployed at a formidable scale.
Understanding these risks, The Telecom Regulatory Authority of India (TRAI), in its comprehensive 10-page recommendations issued recently, has emphasised the necessity of instituting an autonomous statutory body, whose role would encompass regulatory oversight and making informed recommendations. TRAI says that there is an urgent need to establish a robust regulatory framework to ensure the responsible development of AI. Such a framework must be versatile enough to be applicable across various sectors, while also meticulously addressing specific AI applications based on their associated risks.
In light of this reality, IT and security leaders operating in India must be astute in strategically harnessing the newfound business potential that AI offers while concurrently mitigating its inherent risks. In this journey, a security-first mindset and a capacity for adaptability are essential, drawing parallels with what one can learn from years of service in the military: the only way forward is to navigate through the challenges.
Imperatives for Safely Embracing the Enterprise AI Landscape in India
India is at an interesting crossroad today. The country is progressing at a fast pace digitally and has set several digital milestones that has captured the attention of global leaders. This juncture in the Indian technology landscape presents a plethora of opportunities to leverage AI technology in the service of our mission. While the potential is undeniable, charting a course through AI’s uncharted terrain is a formidable endeavour.
To ensure that India explores the full potential of AI, while balancing the key risks effectively, here are some recommended steps:
Establish Your Organisation’s AI Position: Begin by articulating your organisation’s stance on AI. Does your company already have a significant deployment of generative AI at an enterprise scale? Is it in the nascent stages of a proof of concept to explore AI’s capabilities? Or, perhaps, it has adopted a cautious approach, suspending the use of AI tools like ChatGPT until regulatory guidelines and guardrails are firmly in place. Whichever path your organisation takes, it is crucial to define and communicate this position clearly from management to ensure uniformity across the organisation.
Foster Transparent Communication: Crafting AI-specific organisational guidelines, disseminating usage policies, and enhancing employee cybersecurity training are foundational steps. However, the essence of effective communication lies in its reciprocity. In the Indian context, at CyberArk, we actively encourage employees to submit their queries, ideas, and requests related to AI to a dedicated email address. A specialised “AI tiger team,” comprising cross-functional experts, convenes regularly to review these submissions, identify high-impact use cases, and collaboratively devise secure models that adhere to organisational policies. As we progress, this team will play a pivotal role in addressing emerging challenges and formulating innovative strategies to maximise the benefits of AI.
Reassess the Internal Software Procurement Process: In India, similar to many IT departments across the world, IT teams receive a huge number of requests for AI-enabled tools from the workforce. The top management or the CIO must carefully look at the process for using third-party software to efficiently meet employee needs while ensuring due diligence. This process goes beyond addressing employee requests; it must encompass the need to anticipate “shadow IT” (i.e., software downloaded and used without IT approval) and the inevitability of human errors, thus mandating proactive endpoint security controls augmented with malware-agnostic defences to enforce a Zero Trust model and the principle of least privilege.
Speak the CFO’s Language: In the Indian technology landscape, there is huge focus on demonstrating the ROI. The onus is on technology leaders to demonstrate the tangible business value that AI brings to the table to CFOs. A persuasive approach underpinned by robust data is paramount. For example, consider Slack’s State of Work report, which states that there has been a remarkable 75 percent adoption rate of AI tools aimed at boosting productivity in India. The report further reveals that Indian users of these AI tools have realised time savings of approximately 4.9 hours per week on average. Additionally, individuals in India who have integrated AI into their work processes are experiencing a significant productivity boost, with a 53% higher likelihood of achieving notably elevated productivity levels compared to their counterparts who have not yet embraced AI technologies. These type of productivity related statistics will help in proving the business case to the CFO.
Continuous Vigilance against AI Threats: The rigorous evaluation of all AI-enabled tools before and during their deployment is paramount. The capability to promptly block and roll back any AI tool when circumstances necessitate is indispensable. In the Indian landscape, security researchers have already unearthed several avenues through which threat actors could leverage AI to augment identity-based attacks. These methods encompass crafting deceptive phishing emails, evading detection mechanisms, and circumventing facial recognition authentication. Today, it is common to see AI-generated deep fakes using brief snippets of voices sourced from the Internet. This capability underscores the evolving tactics of attackers in circumventing conventional security controls. If such feats can be achieved within minutes, one can easily fathom the potential for attackers to impersonate high-profile executives or prominent government figures frequently appearing on television.
While AI-generated risks are real, AI also serves as a complementary tool to bridge the gaps stemming from the acute shortage of cybersecurity professionals. A report released by staffing firm TeamLease Digital highlights that during the first five months of 2023, the cybersecurity sector recorded over 40,000 job postings, indicating a substantial demand for skilled professionals. However, the report also pointed out a concerning trend: nearly 30% of these cybersecurity positions remained unfilled, despite the robust demand and a simultaneous increase in salary for such roles. This underscores the pressing need for addressing the talent gap in the cybersecurity workforce to bolster digital security in the country.
Generative AI possesses the potential to revolutionise numerous facets of security functions in India as it continues to evolve. Consider the scenario of a security operations centre (SOC), where automation streamlines time-consuming tasks such as triaging level-one threats and updating security policies, allowing dedicated professionals to focus on more strategic endeavours. This, in turn, holds the potential to alleviate staffing constraints, reduce employee turnover, and mitigate attrition, which is one of the largest contributors to the cybersecurity skills shortage in India.
In the ever-evolving AI landscape, the symbiotic relationship between seizing AI opportunities and mitigating inherent risks has emerged as a pivotal theme. While AI promises to revolutionise every facet of our digital lives, AI’s impact is not without its challenges and complexities. Striking a balance between harnessing the immense potential of AI and safeguarding against its unintended consequences is not just a matter of choice; it is an imperative.
(The author is Rohan Vaidya, Regional Director – India & SAARC at CyberArk, and the views expressed in this article are his own)
