Friday, October 27, 2023

Fast Track Back To The 1980s: How Did We Survive Without AI Or Google???

 


When it comes to IT Security, there is one tough job that probably nobody wants to have:  Being the tech support person.  I used to do it a long time ago back in my grad school days, and I got a huge feeling of joy when I knew I made a difference in the day of a customer.  But keep in mind that is only 20% of them.  The remaining 80% want everything fixed right now, and when you repair something, they show no appreciation for it, whatsoever. 

As technology has evolved further, and as people are pretty much working remotely now, the support tech is faced yet with another daunting task:  How to keep employees honest and abiding by using only authorized tools for doing their daily job tasks.  This is even harder to enforce when people work from home.  This has been a problem for a long time, and it has become technically known as “Shadow IT”. 

But further exacerbating this problem even more now is the explosion of Generative AI, and how people are using it much more often now in the workplace, in order to meet tight deadlines.  In fact, The Conference just conducted a research project on this, and here is what they found:

*56% of employees now use Generative AI, whether it is allowed or not.

*Only 26% of businesses surveyed have an active AI security policy in place.

*Over 30% of employees use Generative AI to speed up their deliverables even though they were not supposed to.

*91% of the IT support techs polled feel that they feel pressured to compromise security in order to boost the bottom line by using AI tools.

*Astonishingly, 81% of the tech support reps feel that is almost impossible to enforce security policies, especially when it comes to using AI.

More details about this study can be seen at the following link:

https://www.conference-board.org/press/us-workers-and-generative-ai

So now, it’s not so much of the issue of using non approved devices or apps, now it’s becoming the risk of using Generative AI in the workplace when employees are told specifically not to.  So now, this trend has now been appropriately called “Shadow AI”.  So, what can be done about this?  Here are three tips any CISO can adopt and follow:

1)     Let ‘em use AI:

Let’s face it, AI is here to stay, and it is not going anywhere for a long time to come.  So, why not let your employees just use it?  Well, to a certain degree.  You and your IT Security team should find a bunch of AI apps that employees can potentially make use of.  But before deploying them, first vet them and test them out in a sandbox environment.  Then, tell your workers all about it, and encourage them to use it.  By doing this, you will be showing them  that you take their career growth seriously, and by using something at least Generative AI related, this should alleviate the temptation of using non approved AI tools.  But also caution your employees in this regard, and remind them of  the consequences if they don’t follow the rules.  Try to emphasize that as much as you are spending on them, and that they need to reciprocate equally as well.

2)     Educate them:

We all keep hearing every day how important it is to have security awareness training for employees.  The same now also holds true about the use of Generative AI in the workplace.  There are serious risks that can be borne out by not following the security policies that have been set forth.  Remind them that if they do use unauthorized AI apps, this can be a grave consequence not only for the company but even for their jobs as well.

3)     Monitor all activity:

As the CISO, make sure that your IT Security team is monitoring all activity.  There are many tools that can be used to automate this process, and yes, they are AI driven.  LOL. 

My Thoughts On This:

Hopefully by taking the above-mentioned tips into action, your employees should be a happier crowd.  But then of course, there will be those that whine and complain that they have to use Generative AI 100% all together in order for them to get their jobs done.  If this happens, throw this question back to them:  How did you make it in high school and college when there was no AI or Google???

That is of course, if they are of that age.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...