Events , Governance & Risk Management , RSA Conference
Top CISO Gen AI Challenges: Employee Use, Red Team Testing
Daniel Kennedy of 451 Research Details Gen AI, MFA and Cyber Insurance ChallengesDealing with generative artificial intelligence is increasingly challenging for CISOs on multiple security fronts, said Daniel Kennedy, principal research analyst for information security for quantitative research at 451 Research, a part of S&P Global Market Intelligence.
See Also: Webinar | Identity Crisis: How to Combat Session Hijacking and Credential Theft with MDR
Specific pain points include employee use of gen AI and having to monitor that. Organizations building their own large language models and products also must test them for security, said Kennedy, who regularly speaks with CISO end users as part of his ongoing "Voice of the Enterprise: Information Security" quantitative research into top pain points.
"Traditional red teams are having to get up to speed because there is a lot of AI knowledge required to test these platforms," Kennedy said. As a former CISO, he said, working collaboratively with developers to understand and collaboratively fix security issues can oftentimes be a challenge. "The developers working on AI systems are like developers on steroids," he said, owing to their extremes of talent and to gen AI being such a new discipline.
In this video interview with Information Security Media Group at RSA Conference 2024, Kennedy also discussed:
- CISOs' top gen AI security concerns and how to manage them;
- Multifactor authentication barriers, including legacy applications;
- Changes in cyber insurance and how they complicate organizations' risk management strategies.
Kennedy is responsible for managing all phases of the user-driven research process for information security and networking at 451 Research. Prior to that, he was a partner in the information security consultancy Praetorian Security LLC. Before that, he was global head of information security for D.B. Zwirn & Co. and vice president of application security and development manager at Pershing LLC, a division of the Bank of New York.