Get exclusive access to the Autonomous Finance Assessment Tool.
Register Here
Contact us
contact us
The Aptitude Blog

Cybersecurity in the age of AI

August 1, 2024
Posted by Chandra Kulkarni

In 2024, cybersecurity continues to be a strategic priority for C-suite executives and technology leadership teams especially considering the recent Securities and Exchange Commission (SEC) regulation regarding Cybersecurity Disclosure requirements for U.S public companies.

This requirement combined with an unusual combination of evolving technological trends, global polycrisis and locational privacy regulations have the potential to disrupt traditional information security (IS) models and measures.

The CFO balancing act

CFOs today need to strike a delicate but important balance between allocating resources to transformational technology initiatives such as cloud integration/migration, AI strategies and cybersecurity initiatives.

If technology changes outpace the development of cybersecurity controls at an organization, the risk of cyber threats – whether due to remote working, large data set transfers or ransomware attacks – can result in data breaches or security incidents which have the potential to derail or delay technology transformation plans.

Finding opportunities amid challenges

At Aptitude Software, we believe the current environment presents opportunities to CFOs/CTOs/CIOs/CISOs to improve their organizations’ cybersecurity posture and information security program through a focus on the following areas:

• Enhancement of security governance frameworks and alignment of assurance efforts with clients, partners and third-party vendor organizations.

• Secure use of generative artificial intelligence (GenAI) through collaboration with internal and external stakeholders across products, IS tooling and processes.

• Reorienting security behavior and culture programs to strengthen the human element of cybersecurity.

Security governance

Security frameworks and standards have recently been revised to reflect the changing global environment while global privacy, security and sovereignty requirements continue to evolve in a divergent and discontinuous manner.

Aptitude is embracing this change in 2024 by upgrading to new ISO 27001:2022 and PCI-DSS Version 4.0 certification standards. This Spring 2024 26 upgrade will strengthen our cybersecurity reporting to our board and stakeholders and ensure that IS measures and performance metrics are closely aligned to our client and business needs. We expect to deliver benefits to our clients and partners by bringing the same approach to the table when supporting their risk management programs.

Additionally, we expect to further improve our security posture through modularization of product and data architectures across multiple cloud services. We expect our clients to see significant benefits from this localization and alignment including:

• An increase in the depth and breadth of our client security assurance

• Greater flexibility in meeting client needs across multiple geographies

• An increase in the depth of our IS coverage

Examples of such alignment include Aptitude’s recent Cyber Essentials Plus certification to meet the assurance needs of our UK-based government sector clients.

AI initiatives

The increased use of AI is significantly transforming the world of cybersecurity and is revolutionizing the process of real-time monitoring, threat detection and mitigation. ISO/IEC 42001:2023 provides valuable guidance to organizations for establishing, implementing, maintaining and continually improving an internal Artificial Intelligence Management System (AIMS).

Having laid a foundation for secure use of AI through formal but evolving policies and guidelines based on ISO 42001, Aptitude is now using AI across multiple IS processes including AI-oriented vendor tools for Malware Protection and Cloud Native Protection Platforms for our cloud applications. These tools provide features utilizing AI and machine learning to significantly improve the speed and efficacy of our vulnerability management and incident resolution processes.

We are also using AI tools to make nuanced cloud configuration changes to resolve vulnerabilities and misconfigurations. AI is helping us deal with the continuing gap between demand and supply of Information Security resources as well as reducing information security alert fatigue. On the product side, we are working closely with partners such as Microsoft to bring AI tooling to our Autonomous Finance products like Fynapse. We expect this partnership to deliver positive outcomes for our clients including through use of their data within our Autonomous Finance product portfolio.

Security behavior and culture

Aptitude’s information security culture and training program partners, including phishing simulation vendors, are also using AI across their training platforms. Such use includes AI-driven dynamic selection of phishing security test templates as well as recommending AI-driven optional learning based on user engagement. This combination of phishing tests and personalized learning will help us inoculate employees against social engineering and human-agency-driven cybersecurity threats.

Aptitude is also using human-centric design features and nudge techniques to reduce friction within our information security program and drive optimal and effective use of IS controls across internal and external stakeholders. We expect these design principles to be utilized across multiple aspects of our IS program including broad initiatives such as information security training, third-party risk management, vulnerability management as well point applications in use of Multi-Factor Authentication (MFA) for our products.

Conclusion

A three-pronged approach of securely embracing AI-driven technology innovations, closer security alignment across the stakeholder value chain and a focus on the human element of cybersecurity can help C-suite teams drive quantum improvements in the performance and assurance of information security programs. At Aptitude, we expect our focus on these areas over the next 3-4 years to significantly enhance our client IS assurance.

Previously published in CFO Futures: An Autonomous Finance Magazine (Spring 2024)

Back to blog

This blog post was written by:

Chandra Kulkarni
Read More