Data Privacy Concerns about AI and Some Solutions

As AI continues to expand, especially in the MSME segments, where users don’t have the resources to counter threats effectively, concerns about privacy and data protection are being raised with louder voices.

Some important aspects of concern are –

Sensitive Data Breach

AI needs large amount of data to train itself and make decisions. This large amount of data may contain sensitive information, such as financial records and biometrics. A breach into this big database can lead to serious consequences. A well-known case is of some employees of a large Korean company feeding sensitive company data in ChatGPT, which may have become part of ChatGPT database by now.

Bias in Data

Biases in data or in its interpretation may also lead to encroachment on civil liberties by making decisions which lead to discrimination.

Surveillance

AI can track and impose surveillance on individuals by tools such as face recognition and location tracking. This information can be misused by cybercriminals to attack individuals.

Misuse by Criminals of AI Modelling

Voices heard over phone or faces read by AI can be modelled by criminals to impersonate an individual and use their face or voice to attack people known or related to them.

Tech Leaders Speak

In the above context, some IT industry lraders shared their views to us and suggested some possible solutions.

Rajarshi Bhattacharyya, Co-Founder, CMD, ProcessIT Global commented on the use and misuse of AI by saying, “The use of AI cybersecurity comes with both benefits and risks. While this technology is extensively utilised to effectively detect and prevent cyber-attacks, threat actors also use it for malicious purposes, not only to evade threats but also to launch more sophisticated attacks and even automate them. AI, unfortunately, has given rise to a new generation of cyber threats where machine learning algorithms are trained to identify and exploit software vulnerabilities thereby enabling more efficient attacks. It can also be trained with malicious intent by utilising biased data for wrong decision-making. Fake content such as voice impersonations and fake videos can be generated with AI to blackmail individuals adding another layer of complexity to threats. AI-driven autonomous weapons can operate without human intervention, raising ethical concerns as well as posing a threat to human lives.”

AI presents a double-edged sword in cybersecurity. While it offers powerful defense mechanisms against cyberattacks, it also introduces new vulnerabilities that attackers can exploit. Experts highlighted the growing use of AI for launching sophisticated attacks, bypassing traditional security measures, and manipulating AI systems. To combat these threats, a multi-layered approach is crucial. This includes robust security protocols, continuous monitoring for anomalies, adversarial testing, regular updates and patching, and human oversight. Collaboration and information sharing among organizations and security experts are essential for developing proactive defense strategies.

Sharing his views Karan Patel, Founder, Redfox Security said, “While AI is a valuable tool for defense, it can also be weaponised for advanced attacks. Hackers can leverage AI to create adaptable malware and craft personalized phishing attempts. Recent incidents involving AI-powered video spoofing to bypass security systems highlight this growing threat. To combat this, organisations need a comprehensive approach that includes robust control frameworks, secure architectures and continuous threat intelligence. By proactively adapting defenses, organisations can navigate the evolving cybersecurity landscape with resilience.”

Adding to this, Pinkesh Kotecha, CMD, Ishan Technologies stated, “India has emerged as one of the top three most attacked countries by nation-state actors in the Asia-Pacific region, accounting for a staggering 13% of all cyberattacks. The landscape of cybersecurity is rapidly evolving and the threat has taken a worrying turn. Cybercriminals are now leveraging AI tools to launch more sophisticated and targeted attacks.”

Addressing the Concerns

Patel says, “AI offers defensive advantages, its security is paramount and protecting AI systems requires a multi-layered approach. First, strong security protocols are crucial, employing encryption, multi-factor authentication, and access controls.  Continuous monitoring for anomalies in data inputs, system behaviour and performance deviations helps detect potential manipulation. Adversarial testing, simulating attacks and attempting to exploit vulnerabilities, further strengthens AI security. Additionally, regular updates, patching, and human oversight are essential. Collaboration and information sharing among organizations and security experts foster proactive defense strategies. Finally, regulatory compliance ensures a secure foundation. By implementing these measures, organizations can build resilience against AI-driven cybercrime and ensure their AI security systems remain robust.”

Further adding to his previous comments, Kotecha said, “To address the increasing attacks, regular security audits are crucial, allowing companies to proactively identify and address vulnerabilities in AI models and algorithms. Leveraging AI for threat detection and prevention, while also monitoring for phishing and business email compromise, enables us to stay ahead of emerging threats and safeguard our operations and data. Additionally, organisations that collaborate with ICT service providers can further enhance cybersecurity with new technologies, especially for organizations with limited expertise or resources. These providers offer advanced resources and tools including SASE, EDR, SIEM and IAM, to bolster cybersecurity defences against sophisticated threats, allowing organizations to focus on critical business decisions without compromising on IT security.”

“One of the first steps to prepare for AI-driven cyberattacks is to understand the unique risks and vulnerabilities associated with AI technologies. Implementing AI security best practices is crucial for protecting against AI-driven cyberattacks. This includes regular security assessments to identify and address vulnerabilities in AI systems and regularly training security teams with simulated attack scenarios and tabletop exercises to ensure readiness in the event of a real attack. Monitoring AI systems for unusual or suspicious behavior is critical for detecting and mitigating AI-driven cyber-attacks. Implementing monitoring tools and processes can help organisations identify potential threats early on, allowing for a timely response. At the same time, developing and testing incident response plans specifically tailored to address AI-driven cyberattacks is super important. The plan should outline procedures for containing and mitigating the impact of such attacks, as well as for communicating with stakeholders and coordinating with external security experts if necessary”, commented Amit Singh, MD, Asia-Pacific and Japan, Terraeagle.

“Organisations, first and foremost, should establish a comprehensive set of policies, guidelines and best practices that assist in governing the development as well as deployment of AI systems.  AI Security Compliance Programmes should be created to significantly reduce the risk of attacks on AI systems in addition to mitigating the impact of all security incidents. Highly diverse and representative datasets can be leveraged to establish the integrity of training data and mitigate bias. Human oversight in decision-making processes can effectively stop the exploitation of AI systems. It is extremely important to build a multi-layered security approach, from intrusion-detection systems to user training to protect the organisation’s infrastructure, operations and services.  Collective defence where industry cooperation and information sharing play key roles, helps establish a collaborative defense ecosystem. This also includes sharing threat intelligence with peers as well as partners from the industry. AI models should be trained by utilising adversarial techniques to defend against potential attacks,” emphasised Bhattacharyya.

Conclusion

By understanding the unique risks of AI and implementing best practices, organisations can build resilience against AI-driven cybercrime. This includes regular security assessments, training security teams, monitoring AI systems for suspicious behaviour and developing incident response plans.  Ultimately, a comprehensive approach encompassing policies, diverse training data, human oversight and collective defense strategies is necessary to harness the power of AI for a secure digital future.

--Swaminathan B is a guest columnist with DQ Channels

Read more from Dr Archana Verma here 

Read products news here