Déjà Vu: What Cloud Adoption Can Teach Us About AI in Cybersecurity – Source: www.cyberdefensemagazine.com

The launch of ChatGPT undeniably marked a turning point in the technological landscape, ushering in the era of readily accessible and powerful Large Language Models (LLMs). This new age has ignited widespread enthusiasm among individuals and organizations alike, who are eager to harness generative AI to revolutionize their daily routines and operations. This is particularly evident in the cybersecurity domain, where the adoption of AI is seen as crucial for gaining an advantage in the ongoing battle against cyber adversaries. However, this technological advancement has also spurred a parallel evolution in cyber threats, with malicious actors becoming increasingly sophisticated in their use of AI to automate attacks, craft highly convincing phishing schemes (including the use of deepfakes), and develop new strains of malware.

Many cybersecurity teams are wrestling with the implications of this new AI-powered landscape, striving to find the optimal path forward for their organizations. Caught between the imperative to innovate and the crucial responsibility of maintaining robust security, these teams often find themselves navigating a delicate balance. On one side, they face pressure from business stakeholders eager to embrace and experiment with cutting-edge AI technologies. On the other, they bear the weighty responsibility of ensuring these powerful tools are adopted in a manner that prioritizes security, mitigates risks, and safeguards the organization’s valuable assets.

Navigating the AI revolution may seem daunting, but we’ve been here before. The shift to cloud computing presented cybersecurity teams with a similar challenge: embracing a transformative technology while managing its inherent risks. Looking back, we can glean valuable lessons from that experience to guide our approach to AI adoption. This article focuses on the often-overlooked “people” aspect of this challenge, drawing on proven strategies that empowered cybersecurity teams to successfully navigate the cloud transition. (We’ll leave the deep dive into specific AI technologies for now, as there are already abundant resources available on that front.)

Executive Support

Having witnessed multiple cloud migrations one thing is clear: Team members, consciously or not, mirror their leaders. When executives champion technology – not just with words, but with a clear vision and tangible resources (budget for training, tools, infrastructure modernization, etc ) – success rates skyrocket. This was true for cloud adoption, and it will be equally important for secure AI adoption.

Cybersecurity Leaders must actively drive secure AI adoption, just as they did with cloud technologies by fostering collaboration and breaking down silos, particularly between cybersecurity teams and other business units. In my experience, strong leadership is the single greatest predictor of successful technology adoption, whether it’s migrating to the cloud or integrating AI securely.

Upskill Upskill Upskill

Yes, I know I wrote that three times because that’s how important this is. In the rapidly evolving landscape of artificial intelligence, the axiom “you cannot defend what you do not understand” has never been more pertinent. Just as cybersecurity teams who successfully navigated cloud adoption ensured their personnel were thoroughly trained in cloud technologies, AI demands an even more rigorous approach to upskilling. The stakes are exponentially higher with AI, given its potential to revolutionize—or compromise—entire systems and decision-making processes.

Cybersecurity professionals must not only comprehend AI’s underlying mechanisms but also stay ahead of its potential vulnerabilities and ethical implications. This upskilling initiative should not be viewed as a one-time effort; rather, it must be an ongoing, dynamic process. The AI field is advancing at an unprecedented pace, with new developments emerging almost daily. Continuous learning and adaptation are not just beneficial—they are absolutely essential for cybersecurity teams to effectively protect against AI-related threats, mitigate risks, and harness AI’s potential for enhanced security measures. Organizations that prioritize this continuous AI education for their cybersecurity teams will be far better positioned to safeguard their assets, maintain trust, and leverage AI securely in this new era of digital transformation.

Fostering a culture of experimentation

Many cybersecurity teams have designed their security architecture as a castle with multiple levels of security. While this is an effective strategy it does not lend well to experimentation. The common way any new technology is adopted is by stopping it at the castle gate.This has many unfortunate side effects:

• Business stakeholders go outside the castle (often with corporate crown jewels) to experiment with any new technology unbeknownst to the security team.
• Security teams garner a bad reputation because they are always saying no to new technology adoption
• In the age of rapidly changing technology this approach can hamper business agility ● Team members can avoid learning about new technologies because they know they can get away with it.

Instead of acting like gatekeepers, cybersecurity teams should encourage business stakeholders to experiment with small scale pilot projects and get involved early in the process. Cybersecurity teams which operated this way saw better results with technology adoption when adopting cloud technologies.

This approach will increase business agility and allow security team members to gain critical experience with AI tools and processes.

Participating in the AI Center of Excellence

Cybersecurity teams shouldn’t just be involved in an AI Center of Excellence (CoE), they should be at the heart of it. Especially when it comes to AI adoption, their early and continuous involvement is critical for several reasons:

• Baking in security from the start: Cybersecurity professionals bring a crucial security-first mindset to AI development. By embedding them in the CoE, security becomes an integral part of the AI strategy, not an afterthought. This proactive approach is far more effective (and cost-efficient) than trying to bolt on security measures later.
• Scaling limited resources: Cybersecurity teams are often stretched thin. Participating in a CoE allows them to efficiently influence AI standards and best practices across the organization, maximizing their impact.
• Fostering crucial collaboration: CoEs are hubs for cross-functional collaboration. This allows cybersecurity teams to understand the diverse needs and perspectives of

different business units, leading to more informed and effective security decisions around AI.

Ultimately, including cybersecurity in the CoE ensures that AI adoption is not just rapid, but secure and sustainable. This protects the organization from potential risks and fosters trust in AI solutions.

Conclusion

Having navigated numerous organizations through the complexities of cloud adoption, I can confidently say that AI adoption shares a striking resemblance. Just as we learned valuable lessons transitioning to the cloud, those same principles can guide us through the successful adoption of AI in cybersecurity. By embracing the above principles, security teams can use the transformative power of AI to strengthen their defenses, optimize operations, and proactively address the ever-evolving threat landscape.

About the Author

Ashish is a Technical Partner Manager at Google. He has 10+ years of professional work experience in Information security with expertise in cloud security, security architecture reviews and managing security operations in corporate and client facing environments. Ashish can be reached on LinkedIn https://www.linkedin.com/in/ashishpujari/