COMMENTARY Just a few years after the release of ChatGPT, AI tools are already driving innovation all around the globe. However, the excitement surrounding the technology has also led to the proliferation of jargon that often feels unclear, or even meaningless. While it isn’t the biggest buzzword of the AI era, “cyber resilience” has emerged as a term that’s coming up more recently, as a greater number of organizations look to guard against new security threats (including AI-driven attacks) and improve the performance of AI tools.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Let’s take a look at how the industry defines cyber resilience and isolate the aspects of cyber resilience that organizations need to focus on.
Cyber resilience defined The National Institute of Standards and Technology (NIST) defines cyber resilience as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.While the definition may appear broad, it’s important to understand that it’s a response to the complex and multifaceted nature of the threats that organizations face today. About 10-20 years ago, the vulnerabilities faced by most companies, government agencies, and other entities, were simply fewer in number and far less complex.But today, with the rise of AI and the growth of the global IT ecosystem, the complexity and number of possible threats has expanded rapidly. NIST notes that threats (both malicious and not) from non-traditional vectors like extreme weather, economic conditions, and attacks to physical IT infrastructure have increased tremendously. In other words, cyber resilience isn’t a broad concept because it’s a frivolous buzzword: it’s broad because of the unprecedented nature of the threats we face today. The dangers posed by these vulnerabilities are serious and vast, and we all have an interest in ensuring that we’re ready to face them. The relationship between cyber resilience and AI When it comes to AI, cyber resilience is relevant in two crucial ways. First, there’s an increasingly urgent need for organizations to build resilience to guard against AI-driven threats, since these attacks have advanced and proliferated rapidly in the last few years. According to cybersecurity firm Darktrace, 78% of CISOs say AI-powered cyber-threats are already having a significant impact on their organization, a 5% increase from 2024. These threats include prompt injection attacks where malicious inputs manipulate AI responses; training data poisoning that can compromise AI integrity from the beginning; model theft through sophisticated extraction techniques; AI-generated disinformation that can damage brand reputation; and confidential data exposure through unintended model memorization, among many others. In addition to building out new measures to guard against malicious AI-driven cybersecurity threats, organizations also need to make sure that they’re implementing strong data governance and information management measures. They will help improve the performance, safety, and the efficacy of AI tools like M365 Copilot and Google Gemini, since weak data governance and information management can hurt AI performance and lead to accidental data exposures.The 2024 AI and Information Management Report found that 45% of companies experienced unwanted data exposure during AI implementation. By classifying and labeling content according to sensitivity, training employees on information management best practices, establishing clear guidelines around use and misuse of AI, organizations can limit the risk of accidental oversharing or data exposure, while also making the most out of their AI investments. These two pieces go hand in hand. By improving cyber resilience to guard against emerging threats, we improve the efficacy of AI, and vice versa. Organizations confront a rapidly evolving and complex threat landscape today, so the concept of cyber resilience will remain relevant for many years. By embracing robust security measures and comprehensive data governance, companies can safeguard against these emerging dangers, and also enhance the performance and reliability of their AI tools.It’s only when we intertwine these efforts that businesses can ensure they’re well-equipped to navigate the complexities of the AI age and fortify their defenses against a multitude of vulnerabilities, paving the way for a more secure and innovative future. Dana Simberkoff, chief risk, privacy, and information security officer, AvePointSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Cyber resilience defined The National Institute of Standards and Technology (NIST) defines cyber resilience as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.While the definition may appear broad, it’s important to understand that it’s a response to the complex and multifaceted nature of the threats that organizations face today. About 10-20 years ago, the vulnerabilities faced by most companies, government agencies, and other entities, were simply fewer in number and far less complex.But today, with the rise of AI and the growth of the global IT ecosystem, the complexity and number of possible threats has expanded rapidly. NIST notes that threats (both malicious and not) from non-traditional vectors like extreme weather, economic conditions, and attacks to physical IT infrastructure have increased tremendously. In other words, cyber resilience isn’t a broad concept because it’s a frivolous buzzword: it’s broad because of the unprecedented nature of the threats we face today. The dangers posed by these vulnerabilities are serious and vast, and we all have an interest in ensuring that we’re ready to face them. The relationship between cyber resilience and AI When it comes to AI, cyber resilience is relevant in two crucial ways. First, there’s an increasingly urgent need for organizations to build resilience to guard against AI-driven threats, since these attacks have advanced and proliferated rapidly in the last few years. According to cybersecurity firm Darktrace, 78% of CISOs say AI-powered cyber-threats are already having a significant impact on their organization, a 5% increase from 2024. These threats include prompt injection attacks where malicious inputs manipulate AI responses; training data poisoning that can compromise AI integrity from the beginning; model theft through sophisticated extraction techniques; AI-generated disinformation that can damage brand reputation; and confidential data exposure through unintended model memorization, among many others. In addition to building out new measures to guard against malicious AI-driven cybersecurity threats, organizations also need to make sure that they’re implementing strong data governance and information management measures. They will help improve the performance, safety, and the efficacy of AI tools like M365 Copilot and Google Gemini, since weak data governance and information management can hurt AI performance and lead to accidental data exposures.The 2024 AI and Information Management Report found that 45% of companies experienced unwanted data exposure during AI implementation. By classifying and labeling content according to sensitivity, training employees on information management best practices, establishing clear guidelines around use and misuse of AI, organizations can limit the risk of accidental oversharing or data exposure, while also making the most out of their AI investments. These two pieces go hand in hand. By improving cyber resilience to guard against emerging threats, we improve the efficacy of AI, and vice versa. Organizations confront a rapidly evolving and complex threat landscape today, so the concept of cyber resilience will remain relevant for many years. By embracing robust security measures and comprehensive data governance, companies can safeguard against these emerging dangers, and also enhance the performance and reliability of their AI tools.It’s only when we intertwine these efforts that businesses can ensure they’re well-equipped to navigate the complexities of the AI age and fortify their defenses against a multitude of vulnerabilities, paving the way for a more secure and innovative future. Dana Simberkoff, chief risk, privacy, and information security officer, AvePointSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.