Kyocera CISO Andrew Smith discusses how companies wanting to harness Gen AI need to be aware of the added data security that comes with its implementation
As organisations worldwide continue to embrace AI technologies, the need for robust data security measures has never been more critical.
While the explosive growth of Gen AI may have slowed since 2023, its adoption remains steady, leaving many businesses vulnerable to outdated security protocols. But how is data security more at risk with its introduction?
To find out more, Cyber Magazine spoke with Andrew Smith, CISO at Kyocera, about implementing AI without compromising data security.
Andrew Smith, Chief Information Security Officer (CISO)at Kyocera Document Solutions UK
ANDREW SMITH BIO
- A cross-functional leader, Andrew’s work at Kyocera Document Solutions sees him set out a strategic direction to define the path to future and current success. while developing a recognised blueprint and best practice across group entities, spanning Europe and globally.
Understanding the risks of Gen AI
The integration of AI into business operations presents both opportunities and challenges. Whilst AI can significantly enhance productivity and innovation, it also introduces new risks to data security.
“It is not common knowledge how and where data is used when utilising Gen AI models,” Andrew explains. “Often end users do not know the sensitivity of the data they are uploading and are more focused on the potential outcome AI technology can generate.”
This lack of awareness among users highlights the need for comprehensive education and clear guidelines within organisations. By fostering a culture of AI literacy, companies can empower their employees to harness the benefits of AI whilst maintaining data integrity.
One of the key strategies Andrew recommends is the creation of a company policy on AI and privacy.
“From my experience the challenge colleagues are facing here is the lack of reference material and best practice in which to build from,” says Andrew. “Instead, the source of reference is best practice in data use, safety and privacy and adopting this approach in the utilisation of AI.”
By leveraging existing best practices in data management and privacy, organisations can develop robust AI policies that protect sensitive information. This approach ensures that AI implementation aligns with established data protection frameworks, providing a solid foundation for secure AI adoption.
Managing data privacy settings presents another significant challenge, particularly given the rapid proliferation of AI tools.
“Our approach in this space is utilising broader data privacy controls and data boundaries and sources to ensure extraction of data is understood and controlled prior to it being uploaded to insecure sources,” Andrew explains.
This strategy allows organisations to maintain control over their data, even as it interacts with various AI systems.
As private AI tools and models become more prevalent, IT departments will have greater ability to tailor use cases and expand the capabilities of these technologies securely.
Strong IT principles as part of AI
The importance of strong IT policies and regular security practices cannot be overstated.
“It is important that companies have strong IT policies that guide and control how users use systems and in particular the rules in which they must comply with,” Andrew states.
Modern IT platforms and data loss prevention policies provide powerful tools for managing user behaviour. However, Andrew stresses that end-user education remains crucial for maintaining robust corporate IT security.
Auditing AI interactions and monitoring for data breaches form the final pillar of Andrew’s recommendations.
“The important element with trying to audit AI use and subsequent data breaches is first to ensure there is strong guidance around permitted use cases and to utilise work groups that understand how users want to develop business operations utilising AI.”
This approach allows organisations to maintain visibility over AI usage and quickly identify potential security breaches. By combining IT controls with cutting-edge cybersecurity tools, businesses can create a comprehensive defence against data leaks and breaches.
As AI continues to transform the business landscape, organisations must strike a balance between innovation and security. By implementing data security strategies, companies can position themselves at the forefront of the AI revolution whilst maintaining the trust of their stakeholders and customers.
