Dr. Yask Sharma, Chief Information Security Officer at Indian Oil Corporation Ltd., discusses the integration of artificial intelligence (AI) in cybersecurity and the challenges it poses, emphasizing the need for regulation to balance benefits and risks and the future of LLMs in cybersecurity.
The integration of artificial intelligence (AI) in cybersecurity is seen as both a boon and a challenge. AI helps in managing security alerts and operations, yet its use requires careful regulation to balance its advantages against potential risks.
The ongoing discussions around AI regulation highlight the need for clear guidelines to help security practitioners navigate this evolving terrain. The disparity in security controls between devices within an organization’s premises and those used remotely by employees complicates the ability to maintain consistent data protection as well.
In an interview with Praneeta, Correspondent at CIO&Leader, Dr. Yask Sharma, Chief Information Security Officer at Indian Oil Corporation Ltd., offers valuable insights on AI adoption and cybersecurity challenges faced by industries.
Data protection and compliance
“I think it stems from the compliance’s point of view,” Dr. Yask explains how security practitioners have been involved in data security for some time now. “[At the] end of the day, security is all about trying to protect the data, managing the networks, ensuring that the business works.”
He notes the increase in compliance over the last five to seven years. Data security and managing the networks, making sure the business works smoothly, are all key focuses in security. Governing bodies across the globe are also shifting their focus to restricting data access, also known as data sovereignty.
“I think what is now becoming important is that how one protects the data and also ensures compliance with the statutes that are there.” He emphasizes the balance between security services offered and meeting security and compliance requirements.
Security challenges in hybrid work
The trend of remote work, which has gained momentum post-COVID, Dr. Yask comments, has led to a widespread distribution of data as companies offer their employees the flexibility to work from various locations using different devices. “Trying to have the same set of controls which are there in a controlled environment, in a typical organizational level, versus the same kind of control on a privately owned machine,” he mentions, raises issues of data sovereignty due to differing legal requirements across borders.
There’s a growing need for solutions that comply with legal standards, not just security measures. Security professionals, traditionally focused on protecting data, now find themselves navigating these legal complexities as well.
AI integration in cyber threats
AI has been integral to technological advances for a long time, but the prominence of Large Language Models (LLMs) has recently increased, benefiting security practices significantly. “It’s actually a boon for the security practice, especially the L1, L2, L3 people. They get a lot of help in triaging the alerts and all these things,” Dr. Yask explains.
However, the dual nature of technology, having both positive and negative impacts, calls for stringent regulation. There is already significant discussion on the need to regulate AI more tightly. As compliance and regulations evolve, they will play a crucial role in guiding security practitioners about permissible actions and limitations.
“There is no way that you can control the use of these AIs and LLMs; [they] are just going to increase,” he emphasized.
Upcoming cybersecurity trends
“LLM is something that we are very closely watching. This is something that I think is going to add a lot of value,” he pointed out while talking about how managing what LLM can do presents a challenge to security practitioners. “This is, I think, the biggest transformational technological solution or technology that has come up in recent years.”
Dr. Yask also mentions how security is increasingly being intertwined with geopolitics. In the next few years, this connection will significantly influence the types of solutions and partnerships countries pursue. “Geopolitics is going to be amongst the key factors which would decide what kind of solutions, what kind of partnerships countries would have…the collaborations they would have or would not have.”
