Episode 383 – Generative AI – cybersecurity opportunities & challenges

Jane Lo speaks with Ben Verschaeren, Director, Global Solutions, Sophos about cybersecurity opportunities and challenges with Generative AI.

With over 19 years in the IT industry, Ben Verschaeren is a seasoned professional based in Melbourne. He leads global strategic initiatives, educates on threat landscapes, and develops training tools focusing on real-world exploits.

Ben also directs a global sales engineering team responding to RFPs, and a software engineering team creating high-quality products for various uses. His prior roles include serving as a Solution Architect at JB HiFi, Australia’s largest retailer, and at Thiess, the leading mining and construction company in Australia.

Ben’s unique blend of sales and engineering experience across diverse sectors enables him to drive tech-forward initiatives with an innovative approach, affirming his position as a key asset in the industry.

In this interview, Ben kicked off the interview by sharing his insights on drivers into the wide-spread popularity of the latest AI technology – “generative AI”.

On discussing how generative AI could transform the cybersecurity landscape, Ben acknowledged that it could help increase the productivity of cyber defenders, as an “AI” personal assistant – such as “help you write code” or “help you write query”.

However, he also cautioned that the technology also introduces new threats.

Elaborating on some of the emerging threats, he said that contrary to expectations, malware generated by LLM can be more easily detected than phishing emails and synthetic voice.

To mitigate against such threats, he suggested enhancing business processes and controls (for example, robust fund transfer authorisation, to mitigate phishing risk). He also recommended conducting user awareness training regularly to align with the fast-evolving landscape of phishing tactics, emphasising the importance of understanding the “why.”

Another threat is the potential of generative AI to “hallucinate” when making recommendations for software libraries. He pointed out this issue underscores the need to maintain a SBOM (software bill of materials), and implementing quality controls throughout the software development process.

Ben also recommended that organisations looking to embrace AI, develop an “AI policy”, providing guidance in areas such as the types of data or models that to be used during training and deployment. He also shared that middleware solutions are available to anonymise the data entered in the prompt, and check that no personally identifiable information (PII) is included.

Wrapping up, Ben notes that rapid pace of generative AI development and “the landscape is changing everyday”, and advises cyber defenders to “stay on top”, “don’t be complacent”, and it is “another area where and different threats are emerging every day”.

Recorded at Cloud Expo Asia, Singapore Marina Bay Sands, 12th October 2023.

#mysecuritytv #sophos #generativeai #cybersecurity