Event Recording

Re-inventing risk management for artificial intellect

Name: Re-inventing risk management for artificial intellect
Uploaded: 2023-11-15T12:00:00+01:00
Duration: 13 min 9 s

Posted on Nov 15, 2023

This presentation delves into the imperative task of redefining risk management in the era of Artificial Intelligence (AI). As AI reshapes industries, it also introduces unique risks and challenges. This abstract offers a glimpse into how traditional risk management approaches must evolve to effectively address the intricacies of AI-related uncertainties. Through real-world examples, it explores emerging concerns like algorithmic bias, privacy infringements, and unforeseen consequences. Attendees will gain insights into proactive strategies, including leveraging AI itself for risk assessment and mitigation. By the presentation's conclusion, participants will grasp the essential steps needed to navigate the uncharted territory of AI-driven risks, ensuring responsible and secure integration of this transformative technology.

Show description

Speaker

Head of Information Security
Osome NL B.V

Konstantin Shvetsov

I am an adept information security professional with over 15 years of experience spanning diverse sectors such as financial institutions and international government-level endeavors. My unwavering enthusiasm for this field fuels my desire to establish meaningful connections with fellow IT and IS...

View profile

Show Transcript

Yeah. Today I will talk about risk management in the modern era of artificial artificial intelligence. And I'll start with a little bit. So explanation who I am, I'm sorry, certified specialist with the different certificates, more than 15 years in cybersecurity, more than 10 years in risk management. So it's agenda for our today presentation. We'll start with introduction and then we'll talk about impact of AI on industries. After that, we'll, we'll speak about evolution of risk management, unc, uncertain things that are related to artificial artificial intelligence and how we can redefine the risk management to meet the new risks, new threats of modern world. Okay, so first introduction. I think everyone can agree that artificial intelligence changed the whole world, let's say that, but the risk management is still stable. We can add some risks, some threats like threat of impersonation with deep fakes threats like, I don't know, with the artificially made malwares attacks and so on. But we the still, the frameworks still the approaches to the risk management are the old ones. And I think it's problem because the risks, risks and approaches should change along with the risk and the threat management should change along with the risk change themselves.
Okay, second, the impact of artificial intelligence on industries. For some years we can see that there are a lot of different attacks are made or were only made, but made better with artificial intelligence. And as defenders, I think we're all there defenders, not attackers. We use, yeah, sometimes we use some, sometimes some artificial intelligence things. Services like for investigation, for incident response, for securing our systems. But attackers also use the same approaches because first of all, they should attack more, more easily with the better effort and they also should to defend themselves. So the most, let's say popular risk and challenges with the artificial intelligence first it's Arial machine learning. It's like the bullet and the armor we make in our system stronger with the AI and the attackers make the attacks stronger, more sophisticated with ai. Second, that is increased attack surface. I will speak about that bit later with the next challenges.
First of all, it's a data poisoning and manipulation because our AI mechanisms are learning on the data that we send to them. If attacker can send something wrong, some mal malfunction data, it can bring the risk, not right now, but in the future when the system will learn on the wrongly produced data. Second is overlay on automation. Yes, automation is really good and I will talk about that on the rest of my presentation, but sometimes it's, we do many two with the two related to automation. I say that and it's that that can be problem. And two, last but not least, things. It's fully say human factor. It's a lack of explainability and it is because there are not so many, many people, not so many skilled professionals that can help to manage AI driving systems. AI driven security systems and people don't understand how to use them properly.
Second, sorry, third part, it's evolution of risk management. What's the limitations of the traditional risk management traditional approach? Traditional frameworks that we all use for the long time. First, it's a relative reactive nature. Traditional approaches are well made, but they well made for the pre pre AI era. And they are not so fast, not so agile. Second, they are not really scalable. Yes, they can scale, but only with the, in a tradition, traditional limits of risk management. The third limitation there, inadequate for AI related uncertainties because the traditional frameworks and approaches, they don't know about ai.
The traditional risk management is human-centric. It is thing that we, I mean we like security professionals talked a lot before that we should put on the first place, the humans, our employees, our clients. But now we also should think about the data, as I said before, about the data driven. Data driven attacks. And last, it's a slow response time because risk response is really slow. It's we deal good with the incident response, with the threat response, but not with the risk response, which is on higher level. And they are. So how we can adopt our risk management approaches. First, it's to make more agile and more adaptive frameworks to address the risks that appears constantly. Second, introduce predictive analysis for the risks. We have a lot of different services that make predictive analysis for the threats, but not for the risks. And I think my opinion, it's a real problem.
Second, it's integration of automation, but don't over rely on it. Automation is good, but when it's controlled by the human and last, it's interdisciplinary approach because the risk management in AI driving world, it's not just a security, security task, it's also a task for the different other people like data scientists like AI and a male specialist. And we should work together with them. And what's uncertainties? First, it's a cyber attack optimization. As I said in start of my presentation, a lot of malicious sectors use AI mechanisms to make the attacks more sophisticated and less detectable for us. Second, it's automated malware. A lot of malwares now are created by AI and it reduces the costs to create and to spread them.
The third one is physical safety. It's about autonomous systems mechanisms and for example, the cars with the implemented ai, with the self-driving AI and so on, they are not so good protected right now. Uncertain is that I talked before about data manipulation poisoning. It's a real really big problem right now because it's very rare. I can see in different risk approaches, risk managements and so on. And last, but it's more hyped. Let's say that it's impersonation with the generated ai. When someone creates your or your colleague's voice face and can make attacks without physical physical presentation. I say that only AI driving.
And the last part, what we need to do to redefine our risk management strategies, how we can make our risk management and risk assessment more better in our world. First, as I said, it's data driven, driven risk monitoring to use more data. But we need to check that data because data poisoning is one of the vectors. Second, it's dynamic response protocols, not only for the low level like incident response and threat response, but also for the high level R like risk response. We should continuously update AI models that we use or we want to use for the risk management because they are not stable. I mean they shouldn't be stable. They should wolf with, with the whole walls of malicious actors, malicious acting, so on. And one more, very, very, let's say stable structure is security governance. IT governance for now is more jail than security governance. Not just the management, but the high level governance. And we need to change it because it, from the governance, there are many problems goes downstairs, like the defined risk management approaches and so on. So that's all. 'cause I think there is a reference that I used to prepare that presentation with the different approaches about threat modeling and risk modeling. I want to present that quote from Steven Hawkins. A development of full artificial intelligence could spell the end of the human race. I hope it will not happen, but it's a quote from the one person. Okay.

Playlist

cyberevolution

Event Recording

IAM: The Guardian Angel of Zero Trust

Nov 15, 2023

In today's digital age, traditional security models are no longer sufficient to protect against sophisticated cyber threats. That's where Zero Trust comes in – a security model that assumes that every user, device, and application is a potential threat until proven otherwise.

In this session, we will go through the criticality of the IAM in a zero trust security model. How by leveraging and implementing core IAM Technologies (IGA, Identity Federation and PAM) organisations can effectively manage identities, devices, enforcing access control principals like least privilege, continuous authentication, user behaviour analytics and can ensure that only authorised users have access to sensitive data and mission critical resources.

Watch

Event Recording

Anchors of Trust - Lessons learned from a Ransomware attack

Nov 16, 2023

The word no company wants to hear became an unfortunate reality for one of the world’s largest independent development partners to the automotive and aviation industries — ransomware. The EDAG Group fell victim to an encryption Trojan that shut down their business-critical systems and IT systems. During this session Maria will be sharing her lessons learned and will be explaining her strategy that helped EDAG successfully restore their systems by leaning on Vectra AI as one of her anchors of trust.

Watch

Event Recording

Cyber Risk Quantification – Challenges from a Risk Perspective

Nov 15, 2023

Modelling Cyber Risk is hard. Only a few historical data in known quality exist. Cyber Risks occur with a low frequency but their impact and severity might be high in case they come to pass. In my session I will give an inside how we got started to quantify Cyber Risks and what the challenges are to derive conclusions for risk steering and capital allocation.

Watch

Event Recording

Navigating Cybersecurity: Market Size and Predictive Insights

Nov 15, 2023

In an increasingly technologically interconnected world, cybersecurity teams are the defenders of digital frontlines. Looking ahead to the future, this session dives into the dynamic landscape of cybersecurity, and investigates the market segments’ evolution within it. Many things impact your cybersecurity preparedness and plans, such as new attack patterns, evolution of cybercrime techniques, and emerging technologies. We will discuss industry forecasts until 2025 and how businesses step towards optimal cybersecurity.

From AI driven decision-making to a massive amount of cybersecurity threats around the world, many events make fluctuations in the market, and whether you are a cybersecurity professional, an investor or passionate about IT security, this session will provide you valuable information about the current market sizes and the predictions until 2025.

You will find this session not only informative, but full of valuable insights that will enlighten your journey to secure your organization.

Watch

Event Recording

The Art of Choice: A Guide to Informed Decision-Making

Nov 14, 2023

Choosing the right software to meet your business needs today and in the future is both essential and challenging. Our workshop, "The Art of Choice," will guide you through five key areas of software selection:

Avoiding Hasty Decisions: Understand the risks of rushing and the value of thorough evaluation.
Balancing Immediate Needs: Learn to weigh specific requirements against the broader organizational goals.
Moving Beyond Current Practices: Emphasize the importance of innovation and not just sticking to what's familiar.
Recognizing Universal Challenges: Discover that many challenges are common across sectors and the benefits of industry benchmarking.
Setting Realistic Software Expectations: Grasp the true potential of software within a strategic framework.

Attendees will gain insight into software selection and decision making. Join us to deepen your understanding of "The Art of Choice" in software selection.

Watch

Event Recording

Building Your Cybersecurity Strategy with Emerging Security and Privacy Technologies

Nov 15, 2023

In this session, I will give an overview of a number of emerging security and privacy technologies, such as advanced cryptography (e.g., lightweight cryptography, post-quantum cryptography, etc.), privacy-enhancing technologies (e.g., confidential computing, zero-knowledge proof, etc.), and blockchain, and discuss why and how organizations should consider building their cybersecurity strategies with these emerging technologies.

Watch

Event Recording

Advancing at the speed of AI

Nov 16, 2023

How do key human behaviours influence on how we look at AI and turn technology use in long term strategic advantage. Reflecting on learnings gained when operationalizing AI in a large multi-national starting more than 5 years ago, Christian is going to share how we can boost cyber resilience with a focus on security operations. We are going to investigate navigating common challenges when leveraging AI in a corporate environment and how to become a front runner within your organisation.

Watch

Event Recording

Adopting Insider Threat Management Best Practices for NIS2 Compliance

Nov 16, 2023

In today's dynamic cybersecurity landscape, safeguarding sensitive data and infrastructure from insider threats, while effectively monitoring supply chain and third-party users, is paramount. This presentation delves into the critical intersection of Insider Threat Management and NIS2 compliance, anchored in a detailed case study of a company subject to NIS2 regulations. We will explore a diverse toolkit and industry best practices tailored not only for achieving compliance, but also for streamlining cybersecurity processes through robust technical controls. Attendees will gain invaluable insights into seamlessly integrating cutting-edge tools and proven methodologies, ensuring unwavering compliance with NIS2 regulations while fortifying your security posture.

Watch

Event Recording

Revealing Hidden Dimensions of Security Beyond Data Secrecy

Nov 14, 2023

The presentation will provide a framing to help attendees navigate the rapid transition from yesterday’s industrial age security paradigms to future approaches for sustaining reliable information systems.

The talk will identify 13 emerging non-technical information risk trends, ranging from human hallucination and cognitive narcissism to institutional paradigm collapse and perimeter fetishism to Capitalist power overreach (and several others) that are having current, real-world security impacts, but which remain unaddressed in cybersecurity strategies and deployments.

Solutions will be suggested and explored across business, operating, legal, technical, social, political, economic, biological and even evolutionary pathways, offering a toolkit of options that attendees can immediately apply in their organizations’ security program. Specific strategies for managing, de-risking and leveraging near and long-term personal and professional interactions in this steep part of the curve of exponential change will be suggested.

Watch

Event Recording

Secure Data Sharing in a Zero-Trust World

Nov 16, 2023

Zero trust is being embedded into law across the world enforcing privacy, data residency and consent. How do companies and governments share patient data global during a pandemic to measure the efficacy of a vaccine? How do financial services organisations share intelligence on suspected terrorist funding, money laundry or sanctions evasion? How is this achieved in the emerging world of data nationalism?

Developing a secure data sharing service is a complex proposition that need to embed change into operations.

Join this session to discuss:

Establishing a global secure data sharing service
Real world customer use case of the applications of Secure Data Sharing
How to supply AI models with the data required while respecting zero trust

Watch

Event Recording

Panel | Forging Stronger Shields - Collaborative Strategies to Defend Against Cyber Criminals

Nov 15, 2023

In the fast-paced and intricate world of cyber defense, the challenges are numerous and ever-evolving. Our "Forging Stronger Shields" panel convenes a group of esteemed Chief Information Security Officers who dive deep into the complexities of this digital age, drawing from their hands-on experiences and daily challenges. These seasoned professionals will delve into the nuances of the present-day cyber threat landscape, from advanced persistent threats to state-sponsored cyberattacks. They'll emphasize collaboration's crucial role in establishing effective defense strategies.

As they share tales from the trenches, the CISOs will explore the blend of human expertise and cutting-edge technology required to construct formidable barriers against cyber threats. Furthermore, they will shed light on fostering a pervasive culture of cybersecurity, emphasizing that this responsibility doesn't just lie with the IT department but spans from the boardroom to the break room.

This session will be an engaging dialogue as these experts navigate the intricate cybersecurity maze, reiterating that our collective strength and unity are vital in defending against sophisticated cyber adversaries. Be part of this conversation that aims to inform and catalyze a united front against cyber threats.

Watch

Event Recording

Preparing for the Current and Future Cybersecurity Threat Landscape: ENISA Efforts

Nov 15, 2023

Cybersecurity is increasingly taking the front seat, from being considered as an afterthought to becoming a priority in policy, technical, economic, societal and even legal and environmental discussions. Given the increasing hyper-connectivity of everything and our growing online presence, the significance of cybersecurity cannot be overstated. We are constantly coming across new cyber threats and attacks, novel avenues are opening for adversaries, emerging technologies are changing the paradigm and cyber affairs are more and more linked to physical ones, leading to the notion of hybrid threats. ENISA, the EU Agency for Cybersecurity, has been monitoring the cybersecurity threat landscape for more than 10 years. In this talk, ENISA will discuss the current state of the EU cybersecurity threat landscape and discuss its evolution based on the foresight activities that the Agency utilizes to map the landscape, to identify future and emerging cybersecurity challenges

Watch