随着澳门赌场官方下载不断加快数字化进程, those with early-adopter mindsets may be eager to rush into the next big thing due to curiosity or hype. 近年来, 人工智能(AI)等新兴技术, 云服务, blockchain and the Internet of Things (IoT) have proliferated and attracted significant adoption. One of the contributing factors could be due to the increased number of digital natives within the global population who are more comfortable with digital technology and the adoption of new technologies.
从组织的角度来看, 管理与新兴技术相关的安全性和风险可能具有挑战性. 保持领先, organizations may feel pressure to adopt these emerging technologies without conducting detailed and balanced risk and benefit assessments. 但, 为了避免被潜在的威胁吓到, 必须了解和考虑使用这些技术所涉及的风险.
生成式人工智能服务的炒作
最新流行的新兴技术之一是生成式人工智能. Mckinsey describes generative AI as “algorithms (such as ChatGPT) that can be used to create new content, 包括音频, code, 图片, 文本, 模拟, 和视频. Recent breakthroughs in the field have the potential to drastically change the way we approach content creation.”1 生成式人工智能的全球轰动可能要归功于ChatGPT, 在2022年11月投入使用. 上线两个月后,它的月活跃用户达到了1亿. 随着它的推出,ChatGPT创造了平台增长最快的记录.2 这么快的采用率, organizations must assume that ChatGPT or other generative AI services will be used by members of their staffs in one way or another.
这么快的采用率, organizations must assume that ChatGPT or other generative AI services will be used by members of their staffs in one way or another.
新兴技术为其用户提供了独特的好处. 例如, generative AI services enable users to boost their productivity by generating content based on prompts without requiring the involvement of a human expert or specialized expertise.3 Users can utilize various generative AI services for different purposes such as creating artwork, 编写计算机代码, 解释复杂的主题或获得对新领域的理解.
然而,抛开炒作,使用新兴技术并非没有风险. Management should be cautious of the potential negative impact and risk to the organization. 以OpenAI的ChatGPT为例, 它遇到了数据泄漏, and the service was taken down for 10 hours after users noted that they could see titles of other users’ chat histories. 另外,个人资料来自1.2%的ChatGPT Plus用户也可能被泄露.4
从监管和治理的角度来看, 意大利因隐私问题成为第一个禁止ChatGPT的国家,5 和中国6 和美国7 正在研究人工智能的监管吗. 除了, 技术领导者呼吁暂停生成式人工智能的开发和实施, citing the fast pace of AI development and a lack of robust AI governance in place as significant concerns.8
尽管许多组织都信奉“从小处做起”的信条, 认为大, 迅速行动,“重要的是要平衡这一点,仔细考虑所涉及的风险. It is understandable that organizations want to stay competitive and keep pace with the latest trends, 但谨慎对待新兴技术也很重要. 没有适当的控制, organizations may unintentionally exceed their risk appetite when using these technologies.
最小化新兴技术带来的风险
The key is to find a balance between taking advantage of the benefits of technology and managing risk. Achieving this balance involves careful assessment of the risk and benefits of each technology and implementation of appropriate controls to mitigate the risk. Organizations should also perform ongoing monitoring and adjust their risk management approach as emerging technology evolves.
To minimize risk while embracing emerging technologies, organizations can consider 4 key factors:
- 人——指出, most organizations may not be able to prevent their staff from using publicly available emerging technology services. Staff members may find ways to bypass technical controls and access these services using personal devices, 导致潜在的负面后果,例如数据泄漏. 因此, 组织应该教育工作人员了解这些技术,以提高认识, 建立安全文化,沟通期望. Organizations can also provide clear guidance as guardrails to staff members when they use these technologies.
- Data—Organizations should review and understand their data policies to identify any gaps or hazards when it comes to emerging technology services. This will enable them to assess the type of data suitable for uploading to or using with these services. 除了, 组织应该实施技术控制, 例如监控通过互联网浏览器和互联网流量泄露的数据, 及时发现和防止潜在的数据泄露或违规行为.
- 监管-在技术领域, 特别是在新兴技术领域, 监管并不总是积极主动的, 哪些会导致覆盖面不足. However, regulations often catch up when the technology matures and its risk becomes clear. 因此, organizations should frequently review the regulatory landscape to avoid breaching any regulatory requirements as this could lead to serious reputational or monetary damage.
- 对手—Although technologies themselves can be seen as neutral, they can be abused by adversarial actors. 因此, organizations need to be vigilant of the adversarial use of emerging technologies as part of their threat landscape assessment and understand how their security posture can be affected if such actions are taken. 除了, organization should periodically review their current security controls against these potential adversarial activities to ensure that they remain effective. 在生成式人工智能的例子中, these security controls can include antiphishing protection and insider threats mitigation.
结论
下一个新兴技术总是指日可待. Organizations must be comfortable with both embracing these technologies and managing the uncertainties that come with adopting them to avoid falling into the hype trap. This is especially crucial for security and risk professionals such as chief information security officers (CISOs) because they are often tasked with assessing risk that could impact the organization. 通过采取风险知情的方法, security and risk professionals can navigate the path forward in a way that balances the potential benefits of emerging technologies with the risk they may pose.
尾注
1 麦肯锡公司,”什么是生成式AI?2023年1月19日
2 胡,K.; “ChatGPT创下增长最快的用户群记录路透社,2023年2月2日
3 崔,M.; R. Roberts; L. Yee; “生成式人工智能在这里:像ChatGPT这样的工具如何改变你的业务,麦肯锡《澳门赌场官方软件》,2022年12月20日
4 Tarantola,.; “OpenAI称漏洞泄露了敏感的ChatGPT用户数据,《澳门赌场官方软件》,2023年3月24日
5 McCallum,年代.; “ChatGPT在意大利因隐私问题被禁BBC新闻,2023年4月1日
6 你们,我.; “中国提出管理生成式人工智能服务的措施路透社,2023年4月11日
7 Shepardson D.; D. Bartz; “美国开始研究监管像ChatGPT这样的人工智能的可能规则路透社,2023年4月12日
8 凯利,年代. M.; “伊隆·马斯克和其他科技领袖呼吁停止“失控”的人工智能竞赛CNN, 2023年3月29日
陈孟辉,CISA, CDPSE, CISSP, GRID
Is a seasoned technologist with more than 15 years of experience in the technology risk and cybersecurity field. 在他的职业生涯中, 他曾在私营和公共部门组织广泛工作, 为他承担的每个角色带来丰富的知识和专业知识. His passion for staying up to date on emerging trends and best practices in the field enables him to deliver exceptional results for his stakeholders. 作为一个值得信赖的顾问, he is committed to improving security posture and minimizing risk in today's rapidly evolving technology landscape.