There is uncomfortable GenAI usage secret happening internally at many companies involving your employees of all levels, management and board members.
This secret challenges the beliefs of management regarding how employees' conduct themselves while working on company documents and with company information. This blind spot reveals an opportunity for today’s senior leadership to prevent cybersecurity issues, particularly those related to GenAI, that lurk inside of their organizations.
3 Leading GenAI Threats
Leadership is in the dark when it comes to employee use of GenAI risk within their company. There are three main areas for which GenAI threats are going undetected in plain site, despite best efforts of enterprise-wide security vigilance.
Shadow Use of GenAI: In order to stay “relevant”, employees are testing the benefits of efficiencies that is lauded by GenAI tools, by creating work documentation like financial summaries, HR updates, sales materials, marketing messaging, press releases, conference presentations, etc. or no rules at all plus they are unaware of the business risks involved, staffers are using the data networks of their personal cell phones, opening Chrome Incognito mode, or simply using remote wifi networks to sign into their ChatGPT and similar services. They may be unknowingly exposing your brand image, and in some cases sensitive information, into the public GPT universe. This example represents rogue AI initiatives flying under the rate without adequate employee and brand safeguards or oversight.
Unauthorized Use of GenAI: In some other cases, a company may be heavy-handed and have stringent rules around AI use. GenAI is so prevalent that use of the off-enterprise networks are being used, as mentioned above, but this exposes lack of internal security vetting, governance and could expose sensitive data.
Knowledge Gap of GenAI: For leadership, there is a lack of visibility and knowledge about GenAI which leads to inadequate processes for educating, governance, tracking and monitoring internal GenAI usage and activities. For leadership to only believe that only taking a “network/system lock down approach” is the way to mange this situation is insufficient. According to the Wall Street Journal, "Since boards may receive cybersecurity status updates only periodically, it can take a while for directors to identify and fully understand emerging threats such as AI-driven cyberattacks and how they might be used to target them individually. The people responsible for making sure a company is well-protected, could well become the weak link in an organization's cyber defenses." (WSJ, March 14, 2024)
If left unchecked, the exposure of financial and brand value is immeasurable - hello stock price tank. Confidential data can be exposed as chatbots are trained on sensitive company information which can lead to unauthorized leaks. Biases in the AI outcomes, if left unchecked, leads to unsanctioned communication and business decisions. Look what happen to Air Canada who had to refund a customer because the chatbot so.
There is a silver-lining. This is where I encourage you to put on your John Dutton cowboy hat (I love the Yellowstone series) and get ready to guard against threats from within their own ranch. My SAFE framework ensures education to leadership and employees, offers a governance framework, quick implement code of conduct almost as fast as the answer from a prompt in a GenAI GPT tool but without the dreadful “uncover”, “unleash” and other common making learned words.
This is a time to learn from the luddite days of the industrial revolution except today’s Intelligence Era requires leadership to move faster. Contact me as a guest speaker for your board or management meeting, where I show you how to introduce the SAFE methods for GenAI internal risks that you can implement right away.