Black Hat 2024: Being More Intelligent About Security In AI Transformation

Adding artificial intelligence to an organization's tech stack is no small event, and neither is fortifying the security for AI systems, data, and processes, notes Shannon Murphy, global security and risk strategist for Trend Micro, in a conversation at the Dark Reading News Desk during Black Hat USA.

So where to get started? Murphy recommends that security leaders make (or update) a thorough inventory of all the applications in use across the organization. "What is the sales team using ... what is the dev team using? That's the first step," she says. From there, CISO and SOC analysts can start to make decisions about who gets access to what, including the AI data models or AI-enabled applications like ChatGPT, Murphy adds.

"It's a matter of securing risky apps from good users, and good apps from risky users," she laughs.

But data security in AI environments comes up again and again, Murphy continues. "Looking at things like data detection and response, data security, posture management — these are the types of tools" that will keep users safe with AI apps and services,  she says. And it will give SOC professionals greater visibility into the rest of their environment, not to mention what's going on with cloud services or their identities. "This is what's really going to put organizations in a great position [with AI] moving forward," Murphy says.

The Trend Micro organization is also a user of AI and takes that experience back to customers to reduce their learning curve and simplify how customers manage AI security. "For us, it's really important to be meeting the customer where they're at, and delivering the types of tools that they would need for their unique environments," Murphy adds.

Shannon Murphy is a global security and risk strategist for Trend Micro, and focuses on helping businesses and leaders solve tech/digital innovation and risk management challenges. Shannon has spent time spent in agency, nonprofit, enterprise SaaS, and startup environments. Her go-to-market leadership experience spans high-growth industries (consumer technology; ecommerce and retail; biotechnology; cybersecurity; financial technology; and infrastructure). Her tactical expertise includes field and user education and enablement, external media relations, messaging/positioning, sales play strategy, investor relations, alliances and partnerships, brand rep, and vendor management in Canada, the US, and international markets.