A volatile technology environment, highlighted by the rapid ascent of generative AI, creates a heightened urgency for organisations to train and upskill their digital trust professionals, according to several ISACA experts.
ISACA, a global association focused on building digital trust, published a Generative AI Pulse Poll in October, which found that only 10 percent percent of organisations have formal, comprehensive policies in place for generative AI.
The majority (54 percent) say no AI training is provided to staff, even to teams directly impacted by the new technologies.
Given the potency of AI and other emerging technologies — which can present risks including the spread of misinformation, costly privacy violations, a loss of IP, and many more — organisations must invest in the staff and resources required for trustworthy implementations.
We sat down with Chris Dimitriadis, ISACA’s chief global strategy officer, who shared:
“We need to make sure when we implement those technologies and those technology frameworks, that we do it in a safe and secure manner for citizens and end customers.”.
While optimistic overall, the threat of generative AI exploitation by bad actors looms.
The vast majority of respondents to ISACA’s Generative AI Pulse Poll (85%) are optimistic about AI’s ability to extend human productivity, even though 57% are very or extremely worried about generative AI being exploited by bad actors.
“The ISACA survey paints a complex picture,” according to ISACA AI expert and author Raef Meeuwisse:
“While there is optimism about the potential benefits of AI, there is also a glaring lack of preparedness and understanding. The rapid adoption of AI technologies by employees, often without organisational approval or oversight, is a ticking time bomb.”
In addition to prioritising training and creating organisational policies focused on AI and other emerging technologies, Dimitriadis points to the need for a more holistically trained workforce, including increased collaboration among professionals in trust-focused fields such as cybersecurity, privacy, risk management, IT audit and governance.
“When professionals in these fields work together and understand how their collective efforts impact all areas of the business, it is possible to implement emerging technology effectively and responsibly,” Dimitriadis said.
New risks and attack methods will surface as the metaverse matures
Adding to the degree of difficulty for enterprises in the coming years is the prospect of technologies driving innovation in new environments — even beyond the physical world.
The metaverse, a 3D virtual world, has gained attention as a new technological frontier, with potential use cases both for consumers and businesses.
Metaverse expert Julia Hermann, a speaker at ISACA’s Digital Trust World conference, gave the example of construction companies leveraging the metaverse so that architects and engineers located at different places can come together to look at 3D models.
“New risks and attack methods will surface as the metaverse matures, calling for highly skilled, credentialed professionals to secure various use cases.“The attack surface changes so you really need to make sure you have good identity and access management and good security controls on your virtual version of the plan because in many cases you feed directly from the virtual simulation into your real-world production.”
In addition to generative AI and the metaverse, other emerging technologies such as the proliferation of connected devices, expanded use of cloud platforms and blockchain are top-of-mind for many organisations.
Although emerging tech can make the jobs of CISOs, CIOs and their teams more challenging – and more high-stakes – Dimitriadis, citing the metaverse as an example, said resisting technological advancements is futile.
“We must never try to stop evolution because we won’t be able to stop it,” Dimitriadis said.
“What we need to do is embrace change and build the right trust framework around the metaverse in order to address the new risks that are being introduced.”
The importance of a digital trust ecosystem for trusted relationships
Rather than seeing cybersecurity threats, various business risks, regulatory hurdles, and other technology-related challenges in isolation, ISACA experts advocate viewing all of them under the overarching umbrella of building digital trust.
To that end, ISACA is leveraging its global community to create a Digital Trust Ecosystem Framework that will help organisations create and sustain trusted relationships.
ISACA also offers a range of certifications that allow digital trust professionals to demonstrate their expertise and commitment to keeping current with the evolving landscape.
In today’s business climate, earning stakeholder trust is not easy to come by, but the rewards are well worth the organisational investment to build a trustworthy digital ecosystem.
“Trust is going to make or break an organisation,” Dimitriadis said.
Lead image: ISACA. Photo: uncredited.