The Winds of Change: How Generative AI is Revolutionizing Cybersecurity

Generative AI (GenAI) is transforming businesses in nearly every industry, and cybersecurity is no exception. As a $30 billion global IT services firm, NTT DATA is on the leading edge of harnessing generative AI while managing the risks.

I recently spoke with Nitin Bajaj, VP of Digital Offerings at NTT DATA, to learn how they are navigating this new technology. He provided keen insights on both the promise and perils of GenAI for cybersecurity professionals.

Securing GenAI Itself

Bajaj explained that NTT DATA has established a dedicated global GenAI office to develop strategies across the massive organization. Their first priority was instituting security governance for GenAI use. "We've established a GenAI security policy across all our operating companies that's been rapidly implemented," said Bajaj. This was crucial for getting ahead of ad hoc GenAI use that could quickly spiral out of control.

With governance in place, NTT Data is judiciously opening access to public GenAI like ChatGPT. However, the long-term plan is to cultivate proprietary models tuned to their specific data and use cases. "Moving towards private implementations of what I call SLMs and MLMs — small and medium language models — that are trained on more specific data sets can be more reliable and provide a higher level of confidence," noted Bajaj.

Augmenting Human-Led Security

ChatGPT may be adept at churning out marketing copy, but mission-critical cybersecurity requires more robust solutions. "Yes, you'll be able to reduce false positives because you're leveraging an AI model. But the number of threats and possible attacks will increase," warned Bajaj.

This is because cybercriminals have easy access to the same public GenAI systems. "Any of those actors has access to these tools. They're broadly available, so the plausibility of attacks becomes significantly higher," said Bajaj. GenAI could enable more sophisticated, highly targeted social engineering campaigns.

So, in the short term, GenAI may create more work for human analysts. "It will lead to more human intervention required to support the increasing number of attacks generated by GenAI," predicted Bajaj. Longer-term, customized AI models could help organizations get ahead of emerging threats.

Partnerships and Capabilities

Bajaj emphasized that partnerships will be crucial to build effective AI cybersecurity solutions. NTT DATA is collaborating with leading security vendors who are developing their own GenAI capabilities. "There's definitely going to be a partner angle to how we build out the security framework," said Bajaj.

NTT DATA has been working with MIT for five years on digital human avatars and conversational AI. These capabilities will eventually be powered by GenAI, but it will take rigorous testing first. "For an organization that's larger, we have to go through the process before we release it to market," explained Bajaj.

Securing Across Industries

Since NTT DATA serves Fortune 1000 companies worldwide, their cybersecurity solutions must be adaptable across sectors. "Cybersecurity threats generally tend to be more horizontal and less domain-specific," said Bajaj. "The security tenets remain fairly similar, whether you're improving the customer experience for transportation or deploying an application for hospital nursing services."

This allows for extensive reuse of strategies across engagements. Bajaj stated that collaboration "across regions, across clients" is crucial to rapidly build on successes.

The Way Forward

For all the risks, Bajaj affirmed that clients are hungry to harness GenAI, which was "the hottest topic" at a recent NTT DATA advisory board meeting. However, large organizations must lay the proper foundation. "It behooves us to build that governance framework, that security framework, and then test it out on ourselves before we test it out for clients," he said.

By taking a measured approach, NTT DATA aims to create GenAI solutions that are secure by design. This will allow them to fully transform business processes and client engagements. Bajaj summed it up: "Our focus on both digital transformation and managed services guides us towards value creation models that span that entire portfolio."

In the world of cybersecurity, generative AI is clearly a genie that cannot be put back in the bottle. As GenAI becomes further democratized, organizations must be proactive about security. 

With the right governance, testing, and trusted partnerships, GenAI can take cybersecurity to the next level. But it requires companies to evolve their strategies and skill sets — just as NTT DATA is doing today.