Cybersecurity resilience is critical as businesses embrace AI

In an enterprise IT ecosystem where digital transformation is accelerating, the need for cybersecurity resilience has never been more critical.

As businesses adopt advanced tools, such as generative artificial intelligence and cloud computingThey also face increasing risks. Balancing the pace of innovation with enhanced security is a challenge that requires more than just technology solutions: it requires a strategy that includes continuous testing and development and the ability to secure increasingly complex supply chains. These interconnected systems now require an increased focus on both proactive defense and communication to stay ahead of emerging cyber threats, according to Taylor Lehmann (pictured), Director, Office of the CISO, Google Cloud Health, Google LLC

Google’s Taylor Lehmann talks to theCUBE about cybersecurity resilience.

“Every problem is easy to solve if you can recruit people who care about it and frame it in terms they understand and contribute to,” Lehmann said. “By and large, every cybersecurity strategy succeeds or fails on this. Every great CISO becomes a better CISO or not… based on their ability to do this.”

Lehmann spoke to CUBE Research John Fourier And Savannah Peterson has mWISE 2024during an exclusive broadcast on theCUBE, SiliconANGLE Media’s live streaming studio. They discussed the need for cybersecurity resilience as companies embrace AI and cloud technologies, with a focus on proactive security testing, secure purchasing and better communication to manage risk in complex supply chains. (*Disclosure below.)

The Power of Proactive Security

It’s important to take proactive steps to ensure an appropriate security response. Real-world testing is a big help, including simulation and tabletop exercises, which allow organizations to simulate potential breaches and test their defenses, Lehmann explained.

“We have this new thing called generative AI, which is actually not that new. It’s been around for a long time and yet we’re trying to figure out how to properly secure it,” he said. “It’s almost the same problem you were trying to solve before it came along, it was just called application security and supply chain security. It’s just got a new, fancier, catchier name.”

As companies seek to integrate advanced technologies Companies integrating AI into their operations must ensure that they secure these systems in a practical and scalable manner. According to Lehmann, application and supply chain security are becoming increasingly important as companies become more aware of their increasing reliance on external services and APIs.

“What we need to do is stop doing what we’re doing now, which is to remotely assess how these providers or services are designed,” he said. “Stop necessarily taking someone’s word for it as to whether it’s secure or not. I want every service that I provide and use to be secure by design. I need to enforce it in my procurement cycles, I need to enforce it when I scale something, and I need to make sure that’s true at all times.”

Cybersecurity Resilience in a Changing Landscape

Resilience is not just a buzzword, but a measurement challenge in cybersecurity today. The focus is no longer just on protecting data, but on ensuring business continuity even in the event of a security breach. Organizations must be prepared to handle disruptions by having a deep understanding of their systems: what assets they have, how those assets are interconnected, and the external forces that could affect them, according to Lehmann.

“We need to not only test our weaknesses, but also make sure we have confidence in our defenses and that they are working,” he said. “There are other types of analysis and assessments, we need to do both.”

There’s also a need for a broader, more democratized approach to sourcing and training professionals around the world. With real-time translation and transcription that facilitate collaboration between teams around the world, it’s possible to engage a more diverse range of talent and ensure cybersecurity solutions are accessible across regions, Lehmann said.

“On the one hand, you could say yes, there are not enough people with the skills to address some of these challenges. On the other hand, you could say we have enough people,” he said. “We just don’t have the right means to mobilize them, find them and train them. I think we need to work on both of those things and make cybersecurity accessible to them earlier.”

Here’s the full video interview, part of SiliconANGLE and theCUBE Research’s coverage of mWISE 2024:

(*Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google Cloud Security nor other sponsors have editorial control over the content of theCUBE or SiliconANGLE.)

Photo: SiliconANGLE