Artificial intelligence (AI) is the buzzword of the moment. It’s hard to browse any tech-related news site without seeing the latest development, product or service related to AI. But how is AI really impacting the tech industry?
The Rise of AI-Powered Products and Services
One of the biggest impacts of AI on the tech industry is the rise of AI-powered products and services. From digital assistants like Siri and Alexa to machine learning algorithms that can predict your shopping habits, AI is everywhere. Microsoft 365 Copilot is a great example that showcases the immense potential of AI to enhance user experience and increase efficiency. By using the power of large language models (LLMs) and integrating it with source data across all Microsoft 365 apps and services, Copilot promises to transform the way individuals engage with their tasks by turning user input into a powerful productivity tool.
Other tech giants like Google, Amazon, and Facebook are also investing heavily in AI-powered products and services. Google has made significant advancements in natural language processing, while Amazon is using AI to improve its supply chain management. Facebook, as another example, is using AI to improve its content moderation capabilities.
The Future of Work and the Role of AI
AI is going to have a significant impact on the future of the workplace, not just how we work and interact but how we leverage technology to coordinate, plan and accomplish our goals. Whilst AI isn’t going to take your job, perhaps the user that harnesses it more effectively will.
The World Economic Forum has estimated that by 2025, AI and automation could replace 85 million jobs, whilst also creating 97 million new ones. It feels inevitable jobs will be replaced by AI-powered services over time and the nature of remaining jobs will change, and in turn new jobs will be created.
We expect there will be shifts similar to the changes seen with other major technological advances such as the invention of the printing press, telephone or the internet. Shifts which will require new ways of thinking about skills and training to ensure users are prepared for the future and that there is enough talent available for critical jobs. As AI becomes more prevalent, companies need to adapt by investing and deploying new technologies effectively, retraining their employees, and creating new roles to work alongside AI.
Responsible AI
While AI has many potential benefits, there are also ethical considerations to consider.
Implementing a responsible AI strategy is a challenge many organisations struggle with – ensuring that AI models do not perpetuate biases or discrimination based on race, gender, age, or any other protected characteristic is a key consideration.
AI relies on vast amounts of data and it’s essential that this data is kept secure and private. It’s particularly important that businesses prioritise data privacy and security, ensuring that user data is protected and used responsibly in compliance with relevant regulations and laws.
Businesses should also consider the potential implication of replacing human workers with machines. While some jobs may be lost to AI, new jobs will also be created. However, it’s important to consider the social and economic impacts of this transition.
Statistics
It’s clear that AI is already making a profound impact on the tech industry. As an example, ChatGPT gained a million users in just five days after its launch in November 2022, as reported by OpenAI. This app has now become the fastest-growing app in history, with over 100 million users estimated to be using it. The recent data from Similarweb also reveals that chat.openai.com has received approximately one billion visits in the last 30 days, highlighting a significant interest in AI-powered communication. It is worth noting that the effectiveness of AI-powered tools largely depends on the quality of the data inputted; accurate and timely business data is crucial for achieving the best results.
Conclusion
AI is rapidly changing the way we work and interact with technology, and its impact is being felt in every aspect of our lives. The proliferation of AI-powered products and services is just one example of this transformation, and as users, we are embracing these new technologies at an unprecedented pace. While AI cannot do everything for us, it can undoubtedly improve task efficiency and effectiveness. As an example, ChatGPT was responsible for proofreading and copywriting most of this article.
As AI continues to evolve, it’s important for companies to stay ahead of the curve, invest, and adapt to the changing landscape. At QuoStar, we understand the importance of keeping up with the latest technological advancements, and we are committed to sharing insights and helping our clients leverage these technologies to achieve their business goals.
Source: Download a copy of the infographic.
Our Head of Security, and CISO Service lead, David is recognised as one of the Top 10 influencers by Thompson Reuters, and a Top 50 global expert by Kingston Technology. He is also one of the Top 30 most influential thought-leaders and thinkers on social media in risk management, compliance, and regtech in the UK.
In his role as Head of Security at QuoStar, David leads the CISO Service. The CISO service provides businesses with the cyber-security skills and experience necessary to manage the multitude of threats and rapidly changing risk landscape of today, on a flexible and cost-efficient basis. David take’s a moment to share his views on it all.
1.How did you get started in the security field and ultimately become a CISO?
David: I was around when some of the first Viruses went mainstream. Back then I worked for one of the only companies that made Multi Factor Authentication systems in the 90’s. It was “leading edge” at the time.
I built and ran one of the largest commercial remote access platforms using Multi Factor Authentication. Then I ran Infosec for some FTSE 100 companies, one of which was the largest private trading network in the world – trading 3.5 trillion dollars a day. Another was managing Global Security Services Operations Centres (24/7) across 4 continents, where most of the customers were FTSE 250.
2. What do you enjoy most about working as a CISO Service resource/consultant?
David: Meeting challenges of audit, due diligence, and breach management.
Audit is getting more involved and complex and due diligence is often 300-400 questions and an “interview” with the compliance department of potential customers.
Breaches is about managing with around 10% knowledge of the situation and making decisions in a very short time for the best outcomes – while ensuring buy in from the board. They always seem to happen on Friday evening!
3. As Head of Security, what challenges or issues do you regularly see in small and mid-market businesses? Why do you think the same issues keep occurring?
David: 1. Robust management of access and privilege management. 2. Managing risk consistently. 3. Not aligning Cyber Security with Data protection requirements – as they overlap at a core level.
If you have control of the information assets servers and cloud, information security is much easier to manage. It enables savings in resource and effort if this happens and can demonstrate to the business control and improvement.
4. How do you think the security landscape has changed in the last five to ten years?
David: As a CISO Service lead, I believe it is manging the hybrid of internal servers and cloud – and managing the challenge of access control. The company boundary is very fluid, especially where ‘what’s company and what’s personal’ is concerned.
One of the best frameworks is ISO27001. It is good for demonstrating accountability and decision making. It also aligns with SOC2 and parts of HIPAA quite well.
5. What do you think will be the emerging risks businesses need to consider in the next 1-2 years?
David: It used to be technology first, then followed by making technology safe and compliant. Now technology needs to be safe and compliant first, and performance orientated second – along the lines of what has happened in the automotive, aerospace, building and food industries.
The risks potentially surround the technology itself not having enough security management capability, or that if it does it can be resource intensive. There’s also the globalisation of threat actors and the capability of managing multiple global data protection regulations.
More recently the US Biden government issued a memo to US Businesses in summary June 2, Stating the 5 best practices – one being Multi Factor Authentication. Other important aspects are multi-pronged backup Updates, Incident Response, external testing and network segmentation.
6. Has the Covid pandemic exacerbated security concerns or introduced new ones for businesses to deal with?
David: Probably, due to homeworking and fast transformations of moving office servers to the cloud, as well as an increase in Ransomware attacks, an increase in Data Protection legislation globally and the increase in corporate security concerns due diligence.
It has been an increasing challenge for a Head of Security. We have seen an increase in demand from due diligence enquiries, especially for more detailed homeworking policies and guidelines. So, the lines have blurred as to what is home device or a work device. The “physical office” is now the home office, and mandating rules now have to be guidelines that are appropriate – as well as using more layers of defence to protect staff and corporate assets.
7. Do you think businesses focus too much on the technical/technology element of security (e.g. AI solutions)? What other areas do they need to consider?
David: Potentially yes, without an end-to-end strategy, it makes security technology “tactics” unlikely to see a ROI, Return on Investment.
As Head of Security, I see the human element of security is also overlooked quite often. Especially when you consider that almost half of all security breaches are caused by human error. This is even more disconcerting when you consider that only 60% of employees will report a security breach too.
We are actually hosting a free webinar on that subject on 29th July 2021 at 1pm, so if you’d like to know more register for free.
8. How important is cyber-security education? What are the challenges for a Head of Security conveying the risk/educating business? Who in the business needs to receive education/training and how often?
Education is very important, as is having the appropriate training for each role ideally aligned to the companies risks – so that maximum benefits can be realised e.g. developers would require different training from HR staff, as the risk they are managing are different.
Of course, there will always be a need for baseline cyber and data protection training. You can find out more about what Security Awareness Training there is available for employers and employees in our article here.
9. Do you feel there is a security skills/talent shortage? What advice would you give to businesses to combat this?
David: I’m not entirely sure. If there is a shortage, there is definitely a misunderstanding of what skills are required.
Personally, I would align the risks and the strategy, then decide what skills are required to make it happen. It may be that companies would benefit from outside help – to formulate the strategy, and always have access to a range of skill levels onboard to achieve skills resilience.
The other issues that many companies seem to come up against are 24/7 and global, so having just one capable Security resource will not be enough to cover these time periods.
10. As Head of Security, what advice would you give to businesses who want to reduce risk and increase their security posture?
David: Manage Risk regularly with key stakeholders.
Ideally do not remove a risk or lower a risk without evidence, from at least the following e.g. a Policy, Procedure, Penetration test, Internal Audit, External Audit or risk committee approval. This will demonstrate accountability and assist in managing data protection, to enable a defensible position in the security posture.
Ensure a multi-layer approach to security. Utilise things like Access control, least privilege, Approved applications, strong email defences, layered endpoint security, centralised control of endpoints and access, plus multiple point backups.
11. If there was one security investment you could recommend to businesses what would it be and why?
David:
One piece of tech most companies aren’t using
To keep companies ahead, Secure Access Service Edge will help with Cyber security and Data Protection. The ROI is great! It releases staff time, and the payback can be in months.
One Framework
You can manage risk and accountability using ISO27001 framework. If you are not going to be certified, ISO27001 also helps align with NIST, SOC-2 and can help align some components of Data protection. It can clearly demonstrate accountability.
Training that is focused to the role in the business is most appropriate, using the “Incident” metrics to tailor training and technology requirements.
One practice
Have a data/Cyber champion in every business function so you’re able to manage threats, risk and increase incident reporting capability to enable “real-time” issue management.
We hope you found David’s current take on Cyber-Security insightful. During his career David has worked across multiple sectors, including financial services, government, utilities and FinTech, working with a variety of clients – from start-up level and SME up to FTSE 100. He previously held the role of Global Head of IT Security at BT and Radianz (formally Reuters). He’s also been responsible for managing the security infrastructure and delivery of ISO 27001 for multi-billion/trillion-dollar environments. He is also an active CISO consultant on our CISO service offering.