Yeah. Today I will talk about risk management in the modern era of artificial artificial intelligence. And I'll start with a little bit. So explanation who I am, I'm sorry, certified specialist with the different certificates, more than 15 years in cybersecurity, more than 10 years in risk management. So it's agenda for our today presentation. We'll start with introduction and then we'll talk about impact of AI on industries.
After that, we'll, we'll speak about evolution of risk management, unc, uncertain things that are related to artificial artificial intelligence and how we can redefine the risk management to meet the new risks, new threats of modern world. Okay, so first introduction. I think everyone can agree that artificial intelligence changed the whole world, let's say that, but the risk management is still stable. We can add some risks, some threats like threat of impersonation with deep fakes threats like, I don't know, with the artificially made malwares attacks and so on.
But we the still, the frameworks still the approaches to the risk management are the old ones. And I think it's problem because the risks, risks and approaches should change along with the risk and the threat management should change along with the risk change themselves.
Okay, second, the impact of artificial intelligence on industries. For some years we can see that there are a lot of different attacks are made or were only made, but made better with artificial intelligence. And as defenders, I think we're all there defenders, not attackers.
We use, yeah, sometimes we use some, sometimes some artificial intelligence things. Services like for investigation, for incident response, for securing our systems. But attackers also use the same approaches because first of all, they should attack more, more easily with the better effort and they also should to defend themselves. So the most, let's say popular risk and challenges with the artificial intelligence first it's Arial machine learning.
It's like the bullet and the armor we make in our system stronger with the AI and the attackers make the attacks stronger, more sophisticated with ai. Second, that is increased attack surface. I will speak about that bit later with the next challenges.
First of all, it's a data poisoning and manipulation because our AI mechanisms are learning on the data that we send to them. If attacker can send something wrong, some mal malfunction data, it can bring the risk, not right now, but in the future when the system will learn on the wrongly produced data. Second is overlay on automation.
Yes, automation is really good and I will talk about that on the rest of my presentation, but sometimes it's, we do many two with the two related to automation. I say that and it's that that can be problem.
And two, last but not least, things. It's fully say human factor. It's a lack of explainability and it is because there are not so many, many people, not so many skilled professionals that can help to manage AI driving systems. AI driven security systems and people don't understand how to use them properly.
Second, sorry, third part, it's evolution of risk management. What's the limitations of the traditional risk management traditional approach? Traditional frameworks that we all use for the long time.
First, it's a relative reactive nature. Traditional approaches are well made, but they well made for the pre pre AI era. And they are not so fast, not so agile.
Second, they are not really scalable. Yes, they can scale, but only with the, in a tradition, traditional limits of risk management. The third limitation there, inadequate for AI related uncertainties because the traditional frameworks and approaches, they don't know about ai.
The traditional risk management is human-centric. It is thing that we, I mean we like security professionals talked a lot before that we should put on the first place, the humans, our employees, our clients. But now we also should think about the data, as I said before, about the data driven. Data driven attacks.
And last, it's a slow response time because risk response is really slow. It's we deal good with the incident response, with the threat response, but not with the risk response, which is on higher level. And they are. So how we can adopt our risk management approaches.
First, it's to make more agile and more adaptive frameworks to address the risks that appears constantly. Second, introduce predictive analysis for the risks. We have a lot of different services that make predictive analysis for the threats, but not for the risks. And I think my opinion, it's a real problem.
Second, it's integration of automation, but don't over rely on it. Automation is good, but when it's controlled by the human and last, it's interdisciplinary approach because the risk management in AI driving world, it's not just a security, security task, it's also a task for the different other people like data scientists like AI and a male specialist. And we should work together with them. And what's uncertainties?
First, it's a cyber attack optimization. As I said in start of my presentation, a lot of malicious sectors use AI mechanisms to make the attacks more sophisticated and less detectable for us.
Second, it's automated malware. A lot of malwares now are created by AI and it reduces the costs to create and to spread them.
The third one is physical safety. It's about autonomous systems mechanisms and for example, the cars with the implemented ai, with the self-driving AI and so on, they are not so good protected right now. Uncertain is that I talked before about data manipulation poisoning. It's a real really big problem right now because it's very rare. I can see in different risk approaches, risk managements and so on.
And last, but it's more hyped. Let's say that it's impersonation with the generated ai. When someone creates your or your colleague's voice face and can make attacks without physical physical presentation. I say that only AI driving.
And the last part, what we need to do to redefine our risk management strategies, how we can make our risk management and risk assessment more better in our world.
First, as I said, it's data driven, driven risk monitoring to use more data. But we need to check that data because data poisoning is one of the vectors.
Second, it's dynamic response protocols, not only for the low level like incident response and threat response, but also for the high level R like risk response. We should continuously update AI models that we use or we want to use for the risk management because they are not stable. I mean they shouldn't be stable. They should wolf with, with the whole walls of malicious actors, malicious acting, so on. And one more, very, very, let's say stable structure is security governance. IT governance for now is more jail than security governance. Not just the management, but the high level governance.
And we need to change it because it, from the governance, there are many problems goes downstairs, like the defined risk management approaches and so on. So that's all. 'cause I think there is a reference that I used to prepare that presentation with the different approaches about threat modeling and risk modeling. I want to present that quote from Steven Hawkins. A development of full artificial intelligence could spell the end of the human race. I hope it will not happen, but it's a quote from the one person. Okay.
