2023-12-20 01:56:57
CESIN workshops dedicated to the integration of artificial intelligence in the field of cybersecurity reveal opportunities and challenges faced by players in the sector. The 11th edition of the congress under the theme of “cyber defense at the speed of AI”, brought together more than 170 cybersecurity managers, who debated around 8 themes* linked to the implications of AI.
While an agreement has just been validated around proposals intended to constitute the basis of the future European AI Act regulation, the CESIN workshops offered a non-exhaustive overview of the opportunities and challenges inherent to the arrival of AI in the field of cybersecurity. This essential collaborative approach allows club members to anticipate future developments in cybersecurity, in order to guide organizations towards more secure practices in the face of evolving threats.
At the heart of the discussions, process automation emerged as a central theme. While the topic of AI for attackers was covered during the conference conferences, workshop participants highlighted the ability of AI to transform incident detection, cyber threat response, and assessment. risks. This automation promises a significant improvement in the operational efficiency of IT teams. The opportunities identified in this area include the prioritization of remediation actions, the reduction of false positives, the detection of anomalies, such as the identification of suspicious behavior, fraud or vulnerabilities. However, concerns remain regarding the consolidation of alerts and the costs associated with certain approaches.
Despite the promising prospects, several challenges have been identified. AI, still at an embryonic stage, raises many questions regarding its evolution and its unregulated use, with Shadow AI for example, or regarding the opacity of scenario modeling. Furthermore, the question of truly usable data is singled out; with the idea put forward of developing a data lake dedicated to cybersecurity and the involvement of champions associated with various experts to promote the effective exploitation of data in this type of context.
Other questions arise regarding securing the projects deployed within companies, requiring exploratory work on the part of Cyber managers. Mylène Jarossay, President of CESIN, explains “We are observing a surge of business projects relying on AI and new practices around generative AI. Cyber teams also intend to take advantage of AI to sharpen their defense capabilities. These are great opportunities that are emerging in companies and cyber teams must very quickly build the governance and technical framework necessary to support and secure these projects while taking advantage of this technological development for their own performance. »
The workshops also highlighted the crucial role of human resources in managing the impact of AI within organizations. With opportunities for HR staffing, such as mapping use cases, defining responsibility frameworks, acquiring specific skills and expertise. These key actions will maximize the benefits of this advent, while minimizing the risks.
If we note an improvement and a significant time saving in risk analysis with the contribution of AI, the majority of participants see a danger in using AI to construct their risk analyses. Among the obstacles they mention the leakage and exposure of data, the reliability of results, the loss of expertise or the loss of mastery of reasoning, or even the ability of humans to understand the results.
Trust in AI, especially in the context of generative AI, is a big concern. Actions such as education, auditing, and implementation of emerging frameworks and standards are once more recommended to build trust and ensure compliance.
Ultimately, although AI offers considerable opportunities to strengthen cybersecurity, its adoption requires a strategic approach. The workshops highlighted the need for continued vigilance to maximize the benefits of AI, while minimizing potential risks such as loss of control. In addition to the new skills needs and the strengthening of expertise, among the recommendations, the participants call for the creation of a deliverable on good practices, the establishment of structured charters and the support of solid governance.
*The 8 themes of the CESIN Congress workshops
• IA & RH
What new approach to risk analysis with the advent of AI?
AI for incident detection and response
What data is really usable today?
What confidence in AI?
Compliance in an AI world
Risks versus benefits of AI
What organization and supervision of the uses of AI in the company?
1703050089
#CESIN #Artificial #intelligence #heart #cybersecurity #challenges
