That was IT-SA 2023: AI and Cyber Security

Three days of IT-SA went by quickly. What stood out from my perspective at Europe´s largest trade fair for IT security? What were the main topics that move companies?

AI remains a dominant topic that moves everyone and that almost everyone is talking about. There are two questions at stake:  

• How can I prepare for the use of upcoming AI solutions such as Microsoft 365 Copilot and manage possible risks?  
• What impact will AI have on my security solutions?
   

In addition - as shown by numerous conversations we had with IT-SA participants - there are also many questions about how cyber security defenses in companies and public authorities can be brought up to state-of-the-art. There´s still a great need to catch up here. Talks with representatives from government and public organizations in particular show that they would like to switch to modern security solutions based on cloud and AI technologies, but that the requirements of the data protection authorities are seen as a hurdle. I can only hope that there will be a change in this issue in the short to medium term. What good is the best data protection if the public administration cannot then use state-of-the-art tools to defend against cyber attacks?

What I also noticed - perhaps due to my passion for the topic - was that there were more and more exhibitors and presentations that addressed the topic of security awareness from a wide variety of perspectives. From my point of view, there is no one tool or training program that leads to success. What is needed is a strategy tailored to the company, combined with continuous small-scale security awareness measures. This is the only way to gradually increase the cyber resilience of employees and establish a security culture in the company.

But back to the topic of AI. How can I prepare for upcoming AI solutions, for example in the collaboration environment? It is important to pay attention to the "readiness" for an AI solution and to check and eliminate possible risks in advance from a cyber security perspective. What are the possible risks? A simple example: Many employees in companies often collect a lot of access rights to large amounts of data over the years - when a department changes, new accesses are often added, but old ones are not always revoked. Or accesses to project data are not checked at the end of a project. If an AI with ChatGPT-like functionality is now applied to the company data, then this could suddenly reveal information to which an employee should perhaps not have access (anymore). To avoid such problems from the outset, access should be consistently checked and the (automated!) classification of data should be addressed. With such approaches, the risks can be significantly reduced, and the use of AI tools will provide the company with real added value in the future.

Finally, the question remains: How will AI concretely influence work in the cyber security environment in the future? First, I would like to note: AI - e.g., through machine learning mechanisms - has been successfully used in the cyber security environment for years. The innovation is how AI based on large-language models will change and evolve cyber security.

At the RSA conference in early summer in San Francisco, the opinion of several major vendors was that this will be a "game changer" which will give the cyber security community a sustainable advantage over attackers. At IT-SA, however, communication is much more reserved - perhaps due to cultural differences between Germany and the USA. Initially, AI will certainly simplify the analysis of attacks in the cyber security environment, for example, by making it possible in the future to initiate evaluations via normal questions that previously required a high level of technical expertise. This will certainly simplify entry into cyber security.

I am also curious to see what influence AI will have on data security issues. I assume that AI will significantly improve the quality and flexibility of automated classification of data. This is a topic that is still neglected by many companies. After all, only if I know my data can I protect it accordingly.

So let's be surprised how the topic will develop and which additional topics will be in focus at the at the next IT-SA October 2024.

Click here for an overview of our Cyber Security Workshops.

Learn more