AI is increasing security risks for nearly all organizations, according to research conducted by research firm Sapio Research and commissioned by Hewlett Packard Enterprise.
In the report, Architect an AI Advantage, 94% of IT leaders surveyed indicated that AI had increased their security risks.
“Respondents consider security the most critical element to AI success, which is why it also ranked as the second highest AI-investment priority after data management. In recognition of this, organizations are turning to a wide variety of security methods to protect themselves,” the report stated.
AI and security risks
Organizations are justifiably concerned about the risks posed by malicious use of AI, especially generative AI. AI has a growing presence in cyberattacks, including:
- Password cracking: Hackers can use AI to create sophisticated algorithms to accurately guess passwords as well as sift through huge datasets of potential passwords much faster.
- AI-assisted phishing: Malicious actors can use AI to make it harder to detect fraudulent requests for sensitive information; for example, GenAI tools can be used to improve grammar in emails and texts.
- Deep fakes: Malicious actors can use GenAI tools to create fake images and/or audio, which they then use to impersonate or defame others. AI-generated artifacts can be difficult to identify.
- Ransomware: In these prevalent and complex attacks, criminals (often part of organized crime groups) can use a variety of methods to install malware that encrypts critical data on enterprise systems. AI tools can accelerate the ransomware attack chain.
Architect an AI Advantage reports that organizations are also concerned about threats associated with their adoption of AI. When asked which security considerations most concern them, respondents in the survey identified several top AI cyber risks.
Not surprisingly, they also worry about securing access to their AI datasets and the privacy implications of a failure to do so.
Keeping data secure and separate is a requirement of many compliance mandates, such as NIS2 and GDPR in the EU and those based on NIST frameworks in the U.S., such as HIPAA. Failure to comply with these requirements can result in significant penalties. Yet the Architect an AI Advantage report noted that almost 1 in 4 organizations (22%) don’t have legal teams involved in their AI strategy conversations.
Ongoing tensions between risk and innovation
Tensions between risk, compliance, and innovation are not specific to AI. In fact, a 2023 report, The innovation vs. risk conundrum, highlighted the delicate balance organizations must strike between innovation, growth, and risk.
The report revealed that organizations with a leading innovation maturity were almost twice as likely to have revenue increase by more than 20%. At the same time, nearly two-thirds (64%) of IT leaders confirmed that their organizations’ willingness to invest in innovative technologies was negatively impacted due to concerns about potential security breaches.
AI adoption involves a complex mix of security, privacy, governance, and compliance measures that must be coordinated and implemented at scale. How do network and security teams balance these obligations?
The path forward: Zero Trust Security
Zero Trust can address many security and compliance needs when users, devices, applications, and data must be protected at every point of connection.
Zero Trust Security can especially enhance protection in the AI era, when valuable AI assets are distributed and evolving threats can bypass traditional perimeter defenses. Unlike approaches that rely primarily on securing the perimeter, the Zero Trust model doesn’t assume trust of any user or device (regardless of how or where it’s connecting), grants access only to needed resources, and performs checks on a continuous basis.
Zero Trust Security can help protect organizations from a variety of AI risks. For example, malicious actors may target the troves of data organizations use to train and implement AI models and applications. Unmanaged IoT devices that generate AI training data represent a potential entry point for such attacks. Comprehensive Zero Trust Security controls that accurately profile and identify devices and continuously monitor behavior can aid in preventing and detecting infrastructure attacks.
Zero Trust Security can also protect organizations from AI-aided attacks such as ransomware. For example, should an attack originate via a corporate device, endpoint and extended detection and response (EDR and XDR) systems can analyze and detect anomalous behavior to raise an alert. Using network access controls, IT teams can define policies that automate network enforcement and response based on threat telemetry data. For example, when a device is participating in an attack, network access control can automatically limit or revoke network access pending further investigation, stopping lateral spread.
Zero Trust best practices, such as dynamic segmentation, role-based access control, and continuous policy enforcement across network infrastructure, ensure that users and devices only communicate with destinations and applications consistent with their role, context, and security posture. If a user falls victim to an AI-aided phishing attack, for example, these practices can prevent compromised devices from reaching external malware sites or accessing corporate resources.
The new role of the network in the AI era
In the AI era, the network has an essential role as a Zero Trust solution within an overall Zero Trust Security ecosystem.
While no single vendor or solution can deliver all the AI cyber risk protection an organization needs, starting with a network that provides a built-in foundation for Zero Trust Security can make it easier to implement AI security and compliance requirements while adding protection at critical digital entry points.
Security-first, AI-powered networking from HPE Aruba Networking is built on Zero Trust principles, providing a foundation for driving distinctive experiences and innovative business results—without sacrificing cybersecurity protection. With HPE Aruba Networking solutions, the network can now provide advanced visibility, insights, centralized policy management, data protection, threat defense, and access control in a single platform. In addition, teams gain an AI edge in combating AI threats, with AI-powered capabilities that mitigate risk and enhance protection at scale.
Resources for building a Zero Trust network in the AI era
Eve-Marie_Lanza
Eve-Marie Lanza is a Senior Security Solutions Marketing Manager at HPE Aruba Networking, where she leads marketing for Edge-to-Cloud Security solutions. She brings to the role more than 15 years of experience in portfolio and solutions marketing with a focus on enterprise networking and data center technologies. Eve-Marie holds an MBA from the University of California at Davis.
