The 5 Steps to Integrate AI into Your Cyber Processes

This article arises from the webinar AI Agent, Cyber, Suppliers between Benjamin Leroux from Advens and Etienne Retout, AI manager at Galink (Access the webinar)

The rise of generative artificial intelligence (AI) marks a new era in managing cyber risk from suppliers. This technology, although recent, offers significant opportunities to improve the efficiency and accuracy of security processes.

Current Context

Companies, especially large ones, are becoming more secure, but attacks via suppliers are becoming a predominant attack vector. By 2025, 45% of global organizations could fall victim to such attacks. Managing the cyber maturity of suppliers is time-consuming, often requiring security questionnaires that remain the norm despite their burden.

Advantages of Generative AI

1. Time Savings: Generative AI allows for automating the analysis of evidence provided by suppliers, verifying the validity of certifications and reporting non-compliances. This frees up time for security managers to focus on higher value-added tasks.

2. Improvement in Quality of Analyses: AI, free from human fatigue, can enhance the quality of analyses by focusing on critical supplier elements.

3. Delegation of Processes: Business teams can be empowered to perform pre-filters on suppliers, thus reducing the burden on security teams.

Associated Risks

1. Critical Thinking: It is crucial not to place blind trust in AI recommendations. Results must be verified to avoid potential errors.

2. Human Connection: Maintaining human contact is essential, especially in times of crisis. Collaboration with suppliers is necessary to effectively resolve incidents.

3. Mastery of Information: The confidentiality of data shared with AI must be ensured. Companies should choose solutions that respect data sovereignty and confidentiality.

Best Practices for Integrating AI

1. Identify the Right Use Cases: Clearly define the cases where AI can add value.

2. Define a Clear Framework: Establish clear rules, both regulatory and technical, for the use of AI.

3. Choose the Right Level of Autonomy: Start with recommendations before allowing AI to act autonomously.

4. Transparency and Training: Inform users about how AI works and train them in its use.

5. Test and Iterate: Implement a continuous improvement loop to refine results obtained with AI.

Conclusion

Generative AI represents a significant advance in managing cyber risks from suppliers. It offers efficiency gains while posing new challenges in security and privacy. A thoughtful and structured integration of this technology is essential to maximize its benefits while minimizing risks.