Let’s face it: we all have things pending, “low priority issues,” or the ones we are simply ignoring until they become a problem. With everything changing so fast, we must catch up on a good number of things before the data hits the fan (or the deep web, or the wrong hands or eyes).
I’ll try to explain myself.
I am sure that Copilot will become one of the most useful tools for every organization that uses Microsoft’s tools. But just think for a minute about what could happen if the user’s permissions are not perfectly assigned: a simple prompt from a user, without any bad intention, can cause a data breach.
It may be internal in this case, but nobody wants payroll information to be in everybody’s reach, right?
So, it is time to double-check user access, permissions, groups, and everything that can allow tools such as Copilot to show information to the wrong people, not because of the tool itself or an intentional attack, but because of an incorrect basic configuration.
Identity.
This also makes me think of another thing that is becoming extremely relevant: identity.
A few years ago, users were accessing systems, and we “had control” by assigning usernames and passwords. But nowadays, we have users, other systems, devices, RPAs, agents, and whatever comes next, all accessing our systems.
Solutions such as LDAP are not enough, passwords are not enough.
We need to make sure we have control of who, when, why, and how our systems and information are accessed and used. And we need to be sure that those who claim to be an entity with a certain level of permissions are effectively who they claim to be.
It is time to start using tokens, Multi-Factor Authentication tools, Just-in-Time access, Privileged Access Management, or anything else that will ensure the right access to the right place at the right moment.
Deep Fakes.
We are entering the era of deep fakes as well, so everything we know about identity needs to be revisited and reinforced. Now, any human voice can be copied by AI, and video images can be created and used to impersonate anyone on video calls, actually interacting with participants without anyone noticing it.
How are we supposed to deal with this?
Should we ask everyone, every time, to show us their ID when connecting to a video conference? What will happen with all the investments some banks recently made in voice authentication systems? We need to be prepared to deal with this right away, too.
People.
And last but not least (at least for the sake of this article): how ready are the people in your organization to deal with all this?
As I always say, each one of us is the first line of defense against incidents.
We need to give everyone who uses a computer in the organization the basic knowledge of how to manage access, data, and systems, how to share information, what not to share, how to identify and communicate cybersecurity incidents, data breaches, compromised access, and many other things.
And by “basic knowledge,” I don’t mean dedicating one hour during orientation to this.
I mean permanent programs of awareness, training, even incident response drills, and of course, measuring and evaluating the results of the training.
The Wrap
As in every past article of mine, I end up emphasizing what I consider the most important element of technology: the people who use it.
The more you get everyone ready to understand, address, and communicate the risks that AI is bringing to the table, and the more ready they are to adapt to new things, the closer the answer to the question “Are you ready?” will be to a big YES.
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
