Kyndryl Inc., a global IT services firm, is providing essential guidance to organizations in managing cybersecurity threats, which are becoming increasingly sophisticated due to the emergence of artificial intelligence (AI) based malware and bio-mimicking drones. Kris Lovejoy, the global security and resilience practice leader at Kyndryl highlighted the need for businesses to meet new resiliency requirements, such as the Digital Operational Resilience Act (DORA) in the EU, which mandates cybersecurity compliance for financial services firms. Lovejoy shed light on the rising trend of companies still paying ransoms, and suggested infrastructure simplification as a solution.
- One major challenge for Kyndryl’s clients is adhering to government regulations, specifically the EU’s DORA.
- Gen AI plays a pivotal role in cybersecurity, but Lovejoy suggests using it with caution and strict supervision.
- The misuse of AI is a cause for concern as it can potentially create sophisticated cyber attacks.
One major issue plaguing businesses and making them susceptible to cyber attacks is an overly complex infrastructural setup with multiple vendors. Lovejoy suggested that reducing this complexity and implementing capabilities to strengthen resiliency could help in creating a more robust defense against security threats.
Generative AI, while showing promise in enhancing cybersecurity, needs to be managed carefully. According to Lovejoy, while AI can help in predicting and responding to security threats, it should only be used with strict guardrails in place. If left unsupervised, gen AI has the potential to carry out highly effective cyber attacks, enabled by its ability to mimic natural language. Lovejoy stated that attackers can use generative AI for sophisticated multi-vector attacks, which are difficult to guard against due to their legitimacy. She also mentioned potential misuses of AI in creating malware and drones that use biomimicry to avoid detection.
Despite the potential challenges and threats associated with gen AI, Lovejoy emphasized that it’s a tool that can be leveraged to achieve desired outcomes, if used responsibly and within a defined framework of a problem. However, organizations are advised to fully understand the risks and challenges before integrating Gen AI into their cybersecurity strategy.