Safeguarding Data in the Age of GenAI: Innovations in Security and Privacy

Generative AI (GenAI) has prompted fears about data security and privacy, but it may also be the tool that organizations have been looking for to improve security and privacy through better data handling. AI’s data-management capabilities include synthesizing and analyzing data volumes that are too large to manage manually, leveraging internal data for security optimization, and developing synthetic data to train GenAI systems without the risk of leaking private information.

These and other data applications mean that GenAI has the potential to deliver major benefits to businesses, hospitals, schools, and government agencies as they try to protect sensitive data from a constant stream of digital threats. That threat stream is accelerating as attackers start using GenAI to improve their attack strategies, so making the most of GenAI for data protection and security should be a top priority for these organizations.

Cybersecurity posture improvement

Internal data is a valuable security resource for organizations, because they can use it to train GenAI models to understand their data networks, devices, operational technology and IoT systems, and more. Then they can use those analytics to identify existing vulnerabilities and recommend ways to remediate them. Security leaders can use GenAI to outline likely attack scenarios and suggest the best ways to prevent them. This information can help security teams allocate their personnel, budget, and other resources more effectively.

Internal data analysis can also enable GenAI models to spot anomalies as soon as they appear and flag them for investigation or launch an automated response. Rapid anomaly detection can prevent lateral movement by attackers who manage to breach an organization’s systems, which reduces the risk of data exposure and other malicious activity. Each threat, attack, and response also provides new data to train the model, so it continuously improves its capabilities.

Threat detection and response optimization

In addition to better visibility into an organization’s total cybersecurity posture, GenAI can help security operations center (SOC) analysts respond to threats more efficiently. Worldwide, there’s a shortage of some 4 million cybersecurity analysts, so many SOC teams have more work than they can reasonably handle. Most of that work is something that GenAI can do easily–the 32% of cases each day that “don’t actually pose a real threat to the business” but must be investigated nonetheless. Those false-alarm cases slow down analysts’ ability to respond quickly to legitimate threats. They also lead to “alert burnout” that causes analysts to quit, which leaves more work for remaining team members.

SOC analysts can address real threats faster if GenAI analyzes incoming threats to prioritize response needs and automatically closes out threats that pose no true danger. That keeps the organization safer in the immediate term. Using GenAI in this way also frees up SOC team time to train on more advanced skills, develop their careers, and build institutional knowledge. All these activities help to make the organization more secure over the long term.

Synthetic data development for secure AI training

One of the biggest challenges for organizations that handle sensitive or protected data is training GenAI models without risking a data exposure. Hospitals, schools, government agencies, and financial institutions in particular face legal and civil penalties if their internal data is exposed. One emerging solution is synthetic data that’s “generated algorithmically to mimic the statistical distribution of real data, without revealing information that could be used to reconstruct the original sample.”

With synthetic data, hospitals can analyze patient data for predictions about care needs and outcomes to optimize staffing, supplies, budgets, and training. Schools can use synthetic data to better predict which students will need more academic or social support to keep them from dropping out. Government agencies and banks can use insights derived from synthetic data analysis to optimize their internal operations, improve customer service, detect cybersecurity threats, and identify fraud attempts.

Public safety and national security data analysis

In the same way that GenAI can analyze system data and winnow false threats from real ones for businesses, it can also help protect public safety and national security. GenAI offers a more efficient way to process and analyze “unending flood of data now swamping defense, intelligence and other agencies.” This has implications for government agencies and for businesses that provide critical infrastructure that might be targeted by threat actors, such as power plants, railroads, pipelines and refineries.

By ingesting and analyzing the data far faster than human analysts can, GenAI can help reduce the risk of missing an opportunity to prevent an attack. By using its analytics to predict which threats are likely to be real, GenAI can also save investigators time and help them react quickly to high-priority threats.

Cybersecurity data convergence

GenAI may also accelerate the convergence in cybersecurity that’s already underway. Organizations will increasingly expect “integrated risk and threat intelligence in their security operations solutions,” according to Google Cloud’s most recent cybersecurity forecast. These solutions can generate next best steps to help analysts address threats more efficiently, even if they’re not trained on a specific threat or response framework. GenAI is the foundation for this kind of intelligence.

Feeding data into GenAI models can also help eliminate platform-based silos. That creates a more comprehensive security dataset that can be used to identify areas that need improvement, recommend next best steps, and show SOC analysts and security planners how incidents in one area can impact the rest of the system. The result is better visibility into organization-wide security and better support for best practices at each step in the SOC.

Not every organization needs to adopt every GenAI security use case, but every organization should be thinking about how GenAI-driven data analytics can best help them meet at least one security need. Starting to work with this technology now on a small scale, with appropriate safeguards and oversight, can allow organizations to get comfortable with GenAI, start seeing security benefits, and build on that success to improve their overall security and data protection practices.

Original article at: https://www.cpomagazine.com/cyber-security/safeguarding-data-in-the-age-of-genai-innovations-in-security-and-privacy/