It’s only recently that the world started seeing the tangible outcomes of Artificial Intelligence (AI) applications, with the rise of mainstream web-based applications like ChatGPT, Midjourney, and many other apps that automate tasks and improve efficiency.
Businesses that are keeping pace with the latest technologies are also looking at these use cases to accelerate their innovation and stay ahead of the curve.
These web-based applications and AI-powered software have become a staple of this new era, and will likely continue to proliferate across both the consumer and business world. With this in mind, businesses looking to augment their operations and business functions using them have to consider the implications when it comes to using such 3rd party apps. These apps present challenges and potential risks, such as security breaches and compromised user data.
Playing with fire or master of magic
Most of us have probably seen a magician doing some form of magic using fire, like swallowing a fire-lit sword or lighting a book on fire. For the untrained eyes, it looks like playing with fire, but the magician understands the risks and trained hard to perform the fire magic. That’s why not everyone can become a high-level magician.
Similarly, businesses have different risk appetite when it comes to using AI-powered apps on the public internet. The use of these apps can offer numerous benefits to businesses and even provide knowledge or generate new ideas for even the most technical worker. However, they will need to consider cybersecurity factors like user behaviour, external risks, and how to mitigate these risks with their existing tech stack.
One way to get burnt is not understanding that user behaviour is a significant factor in the risk of using these applications on the company network or devices. It is not outrageous to say that employees tend
to engage in risky behaviours, such as using weak passwords or accessing sensitive information on unsecured networks. In this case with AI-powered apps, there are likelihoods of employees entering confidential company information in the prompts to retrieve a response.
KnowBe4, a security training provider, commissioned a research on security culture and found that 53% of employees in Singapore have never come across the term “security culture”. The number is rather appalling for a country that’s ahead of the curve in digital transformation and innovation. To be fair, when it comes to people, there will always be risks involved on the public internet regardless of where a business operates.
Progressive approach towards public AI-powered apps
There hasn’t been any common consensus amongst tech leaders when it comes to the use of these web-based, AI-powered apps. The obvious approach would be to completely prevent employees from using them on the company network or devices. While for those companies looking to capitalise on the value that these apps could bring, they can choose to take a progressive approach towards using them.
One of the ways is to utilise current security framework like Secure Access Service Edge (SASE) to enforce security policies and deploy security services wherever the user or company resources are located. We have a blog to help you understand SASE in 4 minutes – if you haven’t seen it.
Secure Web Gateway (SWG), a component of SASE, is a security service that allows businesses to monitor and control access to such web-based apps and content. It provides a secure gateway for users to access the public internet, blocking malicious content and preventing unauthorised access to sensitive data.
When it comes to managing risks with SWG, businesses have potentially two options: a heavy-handed approach or a progressive approach.
Heavy-handed approach: Involves strict policies and rules designed to limit user behaviour and minimise the risk of external threats. This means completely block the access to the application or content across the company network and devices. Businesses taking this approach can sleep in peace at night, but it can also be restrictive and they can get left behind in this AI-powered revolution.
Progressive approach: Businesses who have a well-established risk management and strong security culture may consider taking this approach. They can review and limit access to certain functions of the
web-based app where sensitive information are involved, while carefully implementing security policies and rules over time as the business evolves and grows. This approach is more flexible, but it can also be less effective in mitigating external risks.
In any case, it is also critical for businesses to instill a strong security culture across their organisation and teams. It can be as straightforward as having a series of security training by in-house cybersecurity experts or even leveraging 3rd parties training providers to educate employees on security hygiene.
There are no hard and fuss rules since it’s still early days for businesses to realise the true potential of these apps. But even with these tools, businesses must strike a balance between risk management and innovation. Businesses must be ready to adapt to the change as they come and find ways to harness the power of technology while mitigating potential threats.
What’s next?
Keen to learn how you can instil a stronger security culture and utilise SASE to enable innovation while protecting your business? Get in touch with us today
Sign up for a Cybersecurity Awareness Training with us today! Learn valuable approaches your organisation can take to build a “human firewall”.