How public sector organisations can enhance the resilience and security of Generative AI applications

Speaking to GovInsider, June Tay, Regional Director of ASEAN with cybersecurity solutions provider Radware, says that depending on who takes the lead on governing generative AI, the future of digital transformation and generative AI’s impact on economies, industries and defence is bound to look different.

Since regulation often lags behind technology, it is up to organizations and their security teams to make sure they employ security best practices and advanced cyber protections.

Tay shares top challenges that organisations face when using generative AI and how they can address some of these challenges.

AI – both a friend and a foe

“While offering a powerful tool for legitimate education and productivity, AI also opened

a door for threat actors with malicious intent and created increased corporate risk,” says Tay.

Advanced threat actors can deploy current generative AI tools to discover vulnerabilities in open-source software and increase productivity in their cyber attacks.

Generative AI has also made it easier for inexperienced threat actors to become more proficient in creating sophisticated attacks much faster.

Previously, ill-intended actors needed a certain level of expertise and understanding to attack, such as knowing what scripts to search for and vetting the results. Now, all they need is a simple AI prompt, Tay explains.

Another challenge is the risks around data privacy, data security, and intellectual property laws that employees incur when inputting organisational information into generative AI tools.

“Organizations must understand the risks associated with the information being entrusted to these tools. Where personal identifiable information is concerned, you must know where data is going to be processed and stored and how long it will be retained,” highlights Tay.

The consequences of violating these risks, such as unauthorised cross-border transfers or data processing, can result in huge fines and other regulatory actions. Intellectual property may be unintentionally made public, leading to a loss of trade secrets and competitive advantage, Tay cautions.

Adopting a preventative approach in tackling Generative AI threats

Security managers need to deploy advanced protections that can detect and block attacks real time before they materialise, says Tay.

“Companies can control their threat surface by continuously identifying, assessing, and mitigating vulnerabilities across their digital and physical assets, networks, and human elements,” she explains.

For example, Radware’s Cloud DDoS Protection Service uses advanced behavioural algorithms, automatic signature creation, and sophisticated SSL attack mitigation to protect organizations against today’s most damaging DDoS threats.

This includes network-layer (L3/4) volumetric floods such as SYN floods, ICMP floods, UDP floods, and encrypted Web DDoS attacks (L7).

Aside from advanced protections, training employees on security best practices and how to comply with new SEC rules is also key. Successfully integrating cybersecurity into a culture starts with the buy-in at the C-suite level.

Tay recommends appointing a security evangelist who can educate employees on good cyber hygiene and ensure that the appropriate security measures are implemented across all organizational levels.

“Security awareness training should stress how to identify and report on security issues, as well as include an anonymous reporting channel so employees are comfortable reporting potential security issues without fear of consequences,” she adds.

Close public-private collaboration

Radware’s global customer base spans private and public sector organisations, ranging from mid-sized to global enterprises across a variety of sectors, including government, finance, healthcare, e-commerce and telecommunications.

One of its government customers is Ukraine’s State Service of Special Communications and Information Protection,  which is currently using Radware’s Cloud DDoS Protection and Cloud Web Application Firewall Services to increase its cyber defences in the face of aggressive and persistent cyber-attacks.

Tay says that traditional mitigation tools and solutions that rely on human intervention may not be effective enough to tackle emerging threats today, such as advanced Web DDoS Tsunami attacks.

According to Radware, Web DDoS tsunami attacks are an aggressive new form of HTTP Flood attacks that are sophisticated and very difficult to detect and mitigate without blocking legitimate traffic.

“The end result is that organisations with traditional protections are being caught off guard. Successfully defending against these randomised, sophisticated Web DDoS Tsunami attacks requires adaptive, behavioural-based protection that traditional solutions are unable to provide,” she says.

Radware’s cloud application and network security solutions are built to fill this growing security gap by automatically identifying and adapting to changes in the threat landscape, applications, and infrastructure. 

Radware’s other government customers include a Latin American judiciary using its cloud applications and network security solutions, and an Asia-Pacific government technology office extending its partnership with Radware to increase its cybersecurity defences.

Please complete your details to learn more about Radware's DDoS and Application Protection Solutions in our 2024 Global Threat Analysis Report.

John Bateman, Vice-President, Pre-sales, Asia-Pacific & Japan, Radware is speaking at GovInsider's Festival of Innovation (FOI) 2024 alongside government speakers from Jakarta Smart City, Singapore Armed Forces and AI Singapore in a panel titled "Keeping Government Apps Safe: Navigating Tech and Data Security of AI," happening on 26 March, 2.00pm - 2.45pm (SGT). Register now >>>