Generative artificial intelligence (GenAI) tools are quickly becoming mainstream in the modern work environment fulfilling a range of professional tasks from drafting a report to analysing spreadsheets.
A global Kaspersky survey found that 95% of C-suite respondents are aware that GenAI tools are used within their organisations – with more than half (59%) being concerned about the risks of employees inadvertently leaking sensitive information when using AI.
In light of this, Kaspersky experts have given some advice on how organisations can use GenAI tools in a risk-adverse way.
“GenAI tools are enabling employees to become more productive as the technology assists with data analysis and routine tasks,” says Vladislav Tushkanov, Machine Learning Technology group manager at Kaspersky. “Yet many people are using AI without proper authorisation from their employer.
“This could hold significant risks for the organisation,” Tushkanov adds. “For instance, data leakage remains a significant concern. Furthermore, employees can get and act upon wrong information as a result of ‘hallucinations.’ This is when large language models present false information in a confident way. These hallucinations can be especially dangerous when GenAI is used to provide advice on how to complete certain work functions.”
Addressing this challenge is now a business imperative. Another Kaspersky survey has revealed that 42% of respondents from South Africa now see AI as a team member at work.
Adding complexity to this is how effectively malicious users have adopted GenAI tools to create more convincing social engineering attacks to target individuals. For instance, drafting personalised phishing emails; generating deepfakes that contain realistic audio, video, or text content that impersonates people; and even propagating disinformation campaigns that can influence public opinion or obscure the truth.
“This does not mean that organisations should block GenAI completely,” says Tushkanov. “Instead, decision-makers must conduct a comprehensive risk assessment to understand which parts of the daily business routine can be automated with GenAI tools without adding to the threat level facing the business.”
Through this, organisations can adopt a centralised approach when it comes to GenAI adoption. Such a service can then be provided via an enterprise account with a cloud provider while ensuring all the necessary safeguards are in place.
These can include monitoring for potential personally identifiable information in messages, as well as oversight. Organisations should also educate employees on the acceptable use of GenAI and the proper, company-managed, ways of accessing them.
By understanding the benefits and risks of using GenAI and ensuring the necessary security measures are in place to mitigate any potential dangers, organisations can significantly improve employee productivity while also increasing job satisfaction.
General rules for employees should include not disclosing confidential data to AI tools; not relying on their advice for any critical use case; verifying information; and remembering that data provided to a chatbot can leak. And ensuring that all computers and servers running large language model (LLM) based systems are protected with up-to-date security tools.
“Simply banning tools like ChatGPT and other solutions might be not the best option,” says Tushkanov. “GenAI can be used positively by finding the balance between too much and too little caution. More broadly, partnerships between the public and private sector can see GenAI becoming a critical enabler to help drive business growth, enable more resources spent on innovation, and adequately manage risk.”