Close
    Share
    Facebook Facebook icon Twitter Twitter icon LinkedIn LinkedIn icon Email

    Artificial Intelligence

    AI and cybersecurity: Think like a thief to catch a thief

    by Öykü Işık Published December 5, 2024 in Artificial Intelligence • 3 min read

    As digital tools become more sophisticated, it’s crucial to keep three key things in mind to protect your organization from cyber-attack.

    1. Know AI’s capabilities and strengths so they can’t be used against you

    Audio and video deepfakes can be used for fraud, phishing, and reputational damage. Executives should do two things to avoid being victimized:

    • Learn about what’s possible with the latest digital technologies and AI.
    • Have a secret codeword in place as an analog check in case of any doubts.

    The basic lesson here is that, before launching their attacks, bad actors can gather a lot of information on your company and employees to find and exploit vulnerabilities. Prepare for this by putting some kind of multimodal authentication in place. The aim is twofold: to verify information that could be used to do harm, and keep that verification secret.

    2. Know AI’s shortcomings and weaknesses so they can’t be used against you

    Knowledge is power again here. There are all sorts of biases in AI (such as facial recognition technologies that recognize white faces with a higher degree of accuracy than black faces, and GenAI systems that read CVs differently depending on whether they are associated with male or female names.) Fix such biases by:

    • Paying close attention to the training-data curation process.
    • Putting carefully crafted governance mechanisms in place to mitigate the risks.

    The lesson here is that even the most sophisticated GenAI tool is not foolproof. Companies must keep human beings in the loop to detect AI biases and blind spots, and have human oversight in their responsible AI governance processes.

    3. Know that AI itself can be attacked

    We are now seeing data-poisoning attacks where AI models are tricked into behaving badly. (This is a type of cyberattack in which an adversary intentionally compromises a training dataset used by an AI or machine-learning model to influence or manipulate it.) Hackers are also using “jailbreaking mechanisms” to evade the guardrails put in place to limit GenAI’s potential for harm. Two measures are useful to understand how AI systems can be attacked:

    • Attend hackathons to equip yourself with the latest cyber-security measures.
    • Invite digital experts to try to break your systems to find their vulnerabilities before actual cyber criminals do.

    Key takeaway

    By remaining vigilant and knowledgeable about AI’s strengths and weaknesses, organizations can mitigate risks. Think like your potential enemies to stay one step ahead in this new technological realm.

     

    Further reading

    Think like your enemies to stay safe with AI

    How to win at digital ‘cops and robbers’

    Full transparency: 10 lessons from the cyber-attack on the British Library 

    The critical cybersecurity lesson from the Microsoft outage

    Authors

    Öykü Işık

    Professor of Digital Strategy and Cybersecurity at IMD

    Öykü Işık is Professor of Digital Strategy and Cybersecurity at IMD, where she leads the Cybersecurity Risk and Strategy program and co-directs the Generative AI for Business Sprint. She is an expert on digital resilience and the ways in which disruptive technologies challenge our society and organizations. Named on the Thinkers50 Radar 2022 list of up-and-coming global thought leaders, she helps businesses to tackle cybersecurity, data privacy, and digital ethics challenges, and enables CEOs and other executives to understand these issues.

    Related

    Log in or register to enjoy the full experience

    Explore first person business intelligence from top minds curated for a global executive audience

    Get trial accessRegister NowSign in