By Daniel Eycken, partner-COO CIONET & Jaana Nyfjord, Field CTO & Strategic Advisor at Splunk.

On the evening of 16th May 2024, the prestigious venue of BRUGMANN in Brussels played host to a highly anticipated roundtable organised by CIONET and its partner Splunk. Titled "AI & Security: Double-edged Sword? Catalyst for Security or Gateway to New Risks?", the event confronted the urgent and complex realities of integrating AI technologies into organisational resilience strategies. The roundtable delivered a colourful discussion on the role of AI in building future-proof strategies for the evolving cyber landscape, combining a vision of possibility while staying grounded in reality. 

Exploring AI's Transformative Potential

The theme of the event revolved around the transformative potential of AI against the backdrop of increasing cyber threats, ethical quandaries, and the ever-present risk of overreliance. The session aimed to challenge the status quo, asking tough questions about the readiness of current infrastructures to adapt, the sufficiency of existing cybersecurity measures in the AI era, and the ethical implications of AI-driven decisions. Underlying all of these was the question of quality and control of the data, modelling, training and output.

Debbie Janeczek: The Dual Nature of AI in Security

Debbie Janeczek, CISO at Swift, explained that Swift’s company strategy includes embracing AI and preparing for Quantum Computing. “The eagerness to deploy AI for the sake of the customer must be balanced with the establishment of proper policies, controls and training,” Debbie commented. This effort includes an AI Governance Council led by an executive member, whose mission is to increase the visibility of AI.  

Moreover,  from a security perspective, there is the dual nature of AI, introducing both opportunities and potential threats. Not only will AI be used by threat actors for intrusion purposes, presenting new risks, such as sophisticated attacks like deep fake calls and mass phishing. AI will also offer significant benefits for cybersecurity by enhancing threat detection, and response times.  

The cybersecurity innovation team at Swift is now investigating possible routes to create efficiencies by using AI in cybersecurity, such as automating patching, incident monitoring, detection, and basic response activities within the SOC or incident response framework.

However, it also stressed the importance of developing clear policies on the use of AI and having solid governance frameworks in place before widespread deployment.

Rik Bobbaers: Investigating AI's Role in Security

Rik Bobbaers, Tech CISO at ING Global, shared insights on how AI can enhance risk management and security processes. He discussed ongoing projects, including the use of AI and Machine Learning to reduce false positives in their SIEM system, analyse role overloads in their Role-Based Access Control (RBAC) system, and detect anomalies in coding. Careful model training is crucial to avoid over-fitting and false positives. The creation of smaller dedicated models over 1 big model has been proven very effective in ING's fraud detection initiatives.

ING is also looking at Microsoft’s Copilot to help the security team detect potential data governance weaknesses and set up awareness campaigns. Rik plans to launch a Red Team programme using this co-pilot to assess cloud security and other data protection measures. He expressed a strong belief in AI's potential to autonomously detect and respond to security issues in the future, thereby enhancing the productivity and capabilities of security teams.

Insights from Various Industries

Alain De Maght, CISO at the Ministry of Internal Affairs, mentioned that their AI initiatives are still in the discovery phase, focusing on diagnostics. Benito De Pelsmaeker from Atlas Copco highlighted their interest in using AI for governance, risk and compliance management, aiming to align governance and risk management activities to achieve organisational goals and adhere to regulatory requirements.

AI in the public sector:

Taco Mulder, CISO at BOSA, the federal agency that supports all other federal agencies on IT, discussed their current exercise in defining AI objectives within the federal authorities. This initiative, called “AI4Belgium,” aims to synchronise AI efforts across public authorities, research centres, and universities to ensure AI can be used safely and ethically. AI’s role is seen as crucial in addressing challenges in the economy, energy, healthcare, mobility, climate change, and security, though frameworks are still being developed. (You can find the publications of AI4Belgium blow this blog article).

Ensuring AI Security

Stephanie Cox, Managing Director of Proximus-ada, provided insights into Proximus' approach to AI, where approximately 100 employees work on AI projects, with 50 focusing on cybersecurity. She emphasised the importance of ensuring AI itself is secure, alongside using AI to optimise processes and detect threats. Proximus prioritises policy development and model testing to ensure security and avoid biases in AI systems. They train their own models and validate data rigorously, ensuring everything is well-documented to avoid delivering black boxes to customers.

Convincing the Board of Directors

A lively debate ensued on how CISOs can convince boards to invest in AI for security. Demonstrating the business impact of security breaches and presenting a clear business case were identified as crucial strategies. Regular threat intelligence and reporting were also highlighted as effective approaches. A standout remark was the cynical yet realistic observation that "having had a good crisis" can help make the case for investment in AI for security.

Conclusion

Dirk De Meirsman from Splunk wrapped up the evening by stressing the importance of not falling for "AI washing" and the ever-increasing relevance of collaboration to leverage skill sets and also fight the adversaries that are out there. He reiterated that AI has a vital role to play at all levels of a solid cybersecurity strategy. His colleague Jaana Nyfjord added that focusing on the basics of good security practice, such as comprehensive monitoring and visibility, remains key. “You can’t secure what you can’t see”. 

The roundtable provided a valuable platform for exchanging ideas and experiences among security experts, highlighting the dual nature of AI in security. As AI continues to evolve, its role in cybersecurity will undoubtedly become even more critical, making such discussions essential for staying ahead in the digital age.

In summary, the roundtable underscored the importance of balancing innovation with caution, ensuring that AI is leveraged to enhance security without introducing new vulnerabilities. Collaboration between industry leaders, research and experts at events like this is crucial for developing robust and effective cybersecurity strategies and practices in the AI era.

Note: the theme and the questions of this roundtable were highly inspired by a recent report published by SPLUNK titled "State of Security 2024", you can find it through the following link: https://www.splunk.com/en_us/blog/security/explore-the-ai-frontier-in-splunk-state-of-security-2024.html.