Research company Sapio ResearchA survey commissioned by Hewlett Packard Enterprise found that AI increases security risks across nearly all organizations.
SurveyParticipated in IT Leaders' 94%: AI Increases Security RisksHe responded.
“The respondents Security is the most critical factor for AI success., which is why it was ranked as the second-highest AI investment priority after data management. Recognizing this, companies are adopting various security measures to protect themselves,” the report explains.
AI and Security Risks
Businesses are concerned about the risks posed by malicious use of AI, particularly generative AI.
In particular, AI is increasingly playing a role in cyberattacks, including:
- Password Cracking: Hackers can use AI to create sophisticated algorithms that can accurately guess passwords and sift through massive data sets of potential passwords much more quickly.
- AI-assisted phishing: Malicious attackers can use AI to make requests for sensitive information more difficult to detect. For example, they can use the GenAI tool to improve the grammar of emails and texts.
- Deepfake: Malicious attackers can use GenAI tools to generate fake images and/or audio, which can then be used to impersonate or defame others. AI-generated artifacts can be difficult to identify.
- Ransomware: Ransomware eBookIn widespread and complex attacks like this one, criminals (often members of organized crime groups) use a variety of methods to install malware that encrypts critical data on corporate systems. AI tools can accelerate the ransomware attack chain.
“Architect an AI Advantage”The report also found concerns about the threats associated with enterprises' adoption of AI. When asked about their top security concerns, survey respondents cited several key AI cyber risks.
Naturally, we also have concerns about securing access to AI datasets and the privacy implications of lapses in access security.
Keeping data securely segregated is a requirement for many compliance obligations based on the NIST framework, such as the EU's NIS2 and GDPR, and the US's HIPAA. Failure to comply with these requirements can result in significant fines. However, the AI Advantage Design Report found that one in four organizations (22%) does not involve their legal department in AI strategy discussions.
The persistent tension between risk and innovation
Balancing risk, compliance, and innovation isn't just a problem for AI. In fact, as our 2023 report notes, ‘The Innovation vs. Risk Dilemma’, which emphasized that organizations must maintain a delicate balance between innovation, growth, and risk.
According to the report, organizations with high innovation maturity were nearly twice as likely to see revenue growth of 201 TP3T or more. Nearly two-thirds of IT leaders (64%) say concerns about potential security breaches negatively impact their organization's willingness to invest in innovative technologies.He replied, "Yes.".
AI adoption involves a complex mix of security, privacy, governance, and compliance measures, all of which must be coordinated and implemented at scale. How do network and security teams balance these responsibilities?
The Way Forward: “Zero Trust Security”
When it comes to protecting users, devices, applications, and data at every point of connection, Zero Trust can answer many security and compliance questions.
Zero-trust security, in particular, can strengthen protection in the AI era, where critical AI assets are distributed and evolving threats can bypass traditional perimeter defenses. Unlike traditional approaches that rely solely on perimeter security between internal and external networks, The zero trust model does not trust users or devices, regardless of how or where they connect, grants access only to necessary resources, and performs continuous inspection.Let's do it.
Zero trust security can help protect your enterprise from various AI risks.
For example, malicious attackers could target the vast amounts of data companies use to train and implement AI models and applications. If unmanaged, IoT devices generating data for AI training could become potential entry points for such attacks.
Comprehensive zero-trust security controls that accurately profile and identify each endpoint and continuously monitor its behavior can help prevent and detect infrastructure attacks.
Zero trust security can also protect organizations from AI-powered attacks, such as ransomware.
For example, if an attack is initiated via an internal endpoint, EDR and XDR systems can analyze and detect abnormal behavior and issue alerts. Based on threat analysis data, IT teams can define policies to automate network access control and response.
If a connected device is involved in an attack, network access control can automatically restrict or revoke network access until further investigation is conducted, preventing the spread of the attack.
Zero Trust best practices such as Dynamic Segmentation, role-based access control, and continuous policy enforcement across the network infrastructure ensure that users and devices only communicate with entities and applications appropriate to their role, context, and security posture.
For example, even if a user falls victim to an AI-powered phishing attack, zero-trust security can prevent the compromised device from accessing external malware sites or the company's internal resources.
The New Role of Networks in the AI Era
In the AI era, networks are a key component of the entire zero-trust security ecosystem. Plays an essential role as a zero trust solutiondo.
No single vendor or solution can provide all the AI cybersecurity you need. However, starting with the network that provides the foundation for zero-trust security can help you strengthen the protection of critical digital assets while more easily implementing AI security and compliance requirements.
HPE Aruba Networking's AI-driven networking, built on Zero Trust principles with security as a top priority, provides the foundation for differentiated experiences and innovative business outcomes without compromising cybersecurity protection.
Now, with HPE Aruba Networking, networks can deliver advanced visibility, insights, centralized policy management, data protection, threat defense, and access control—all from a single platform. IT and security teams can also gain an AI edge in responding to AI-driven threats with AI-powered capabilities that mitigate risk and strengthen protection at scale.
Reference
- HPE Blog: Zero Trust Security in the AI era by Eve-Maria Lanza
- HPE Aruba Networking Blog: Combatting ransomware with layered Zero Trust Security by Eve-Maria Lanza
