Managing the Complex Landscape of AI and ML Threats in Business Security

In the rapidly evolving landscape of technology, Artificial Intelligence (AI) and Machine Learning (ML) have emerged as powerful tools that hold immense potential for businesses.
However, as the adoption of these technologies accelerates, so does the need to address the associated threats and risks to business security.

We reached out to some of South Africa’s InfoSec heavyweights to gather their insights on the challenges presented by AI and ML in the realm of cybersecurity. Here’s what they had to say:

Aveena Mothilal, Chief Information Officer, Engen Petroleum
AI has brought forth a new set of ethical risks. Mothilal emphasises the absence of a clear framework to determine what’s right and wrong in AI’s decision-making. Furthermore, the growing ability of AI to generate fake content blurs the line between reality and deception.

Aashika Bava, Head of Security Awareness Training, Investec
Bava highlights the alarming rise of AI-powered cyber attacks driven by deliberate communication. The increasing sophistication of AI empowers cybercriminals, enabling them to devise smarter strategies. Additionally, fishing campaigns have become significantly easier with the integration of AI.

Sandika Daya, Senior Manager: IT Governance, Risk and Compliance, Multichoice
Daya points out that AI could inadvertently become a gateway for individuals to unknowingly share valuable intellectual property secrets. Conducting comprehensive security assessments before integrating new tools or technologies is crucial to mitigate such risks.

As we plunge deeper into the digital age, the importance of safeguarding sensitive information and protecting critical systems has skyrocketed. To gain a better understanding of the challenges facing the realm of cyber and information security in 2023, we engaged with some of South Africa’s foremost leaders in the field. Their collective insights paint a vivid picture of the complex landscape and shed light on the overarching themes that dominate their concerns.

The Overarching Themes: Buy-in, Skills Shortage, and AI Concerns

Across the board, a few recurring themes emerge as the bedrock challenges faced by these cybersecurity experts.

The first among these is the struggle to secure buy-in across organisations. Muyowa Mutemwa, a seasoned expert holding an impressive array of certifications, highlights the challenge of effective communication between cybersecurity experts and business leaders.
He aptly notes, “There’s a lot more to it than just what’s the ROI?” This underscores the necessity of bridging the gap between cybersecurity minds and business minds, emphasising the need for a comprehensive understanding of cybersecurity’s far-reaching implications.

The skills shortage is another thread that binds these leaders’ concerns. Anthea Kruger, General Manager at MTN, points out the ongoing battle to retain skilled professionals in the ever-evolving cybersecurity space. Anthea particularly underscores the challenge of keeping pace with emerging technologies and their swift adoption.

Amukelani Emily Manganyi, Head: Cyber Security Enablement & Business Engagement, ABSA Group
Manganyi identifies a persistent knowledge gap in AI and its limited detection capabilities. This lack of understanding further exacerbates security vulnerabilities.

Alisha Sarabjeeth, Head of Information Security, Mr Price
Sarabjeeth emphasises the ethical dimension of AI deployment. Establishing accountability policies and addressing biases in decision-making processes are paramount. The concept of data ownership requires clear guiding principles. Moreover, she underscores the need to consider the potential impact of AI on workforce dynamics in various industries.

Ishaaq Jacobs, CISO, Sasol
Jacobs underlines the lowered barriers for cybercriminals due to AI’s capacity to generate code and campaigns. Targeted phishing campaigns have become more streamlined and efficient, and the speed of hacking has increased due to readily available exploits.

Sithembile Songo, Group Head: Information Security, Eskom
Songo highlights the creative potential of AI in the hands of malicious actors, allowing them to devise innovative harmful solutions with ease.

Ayanda Peta, Cybersecurity Strategist, African Rainbow Minerals
Peta discusses how hackers exploit AI’s capabilities to their advantage. This leads to the creation of more effective and inventive malware, alongside an increase in fishing campaigns.

Bernard Munyaradzi Chadenga, vCISO, Founder & CEO, The Cimplicity Institute
Chadenga cautions that, despite AI’s advancement, it remains reliant on human inputs, making errors possible. The intervention of humans in AI processes can also introduce biases, complicating security efforts and making hacking more accessible for cybercriminals.

Anthea Kruger, General Manager: Information Security Cyber Defence, MTN
Kruger underscores the potential exposure of sensitive data due to AI algorithms collecting information. To enhance security, she recommends aligning appropriate security controls with different data sets and ensuring practical security applications are employed.

Yurika Pistorius, Chief Compliance Officer, Clientele Limited
Pistorius emphasises the human element within AI and ML, highlighting that the quality of the data fed into these systems directly influences the outcomes. She notes that AI centralises data, making it easier for cybercriminals to operate covertly. Additionally, compliance and governance frameworks for AI remain underdeveloped.

Muyowa Mutemwa, MSc in Computer Science | CEH | CompTIA CASP+ | CISSP | Mentor, CSIR
Mutemwa echoes the sentiment that AI’s efficacy is closely tied to the accuracy of the data it is trained on. Human oversight and continuous verification of AI-produced outcomes are essential to ensure accuracy and reliability.

Galeboe Mogotsi, General Manager: ICT, WITS
Mogotsi reminds us that AI’s performance is intertwined with the quality of the data it processes. Lack of proper data analysis can lead to security risks. He emphasises the importance of robust governance to prevent misuse of AI for malicious purposes.

IN SUMMARY: Managing AI and ML Threats in Business Security

The insights of South African InfoSec leaders shed light on the multifaceted challenges posed by AI and ML in the realm of business security. Ethical concerns, biases, and the potential for cybercriminals to exploit AI’s capabilities are recurring themes.

These experts emphasise the critical need for clear frameworks, accountability policies, and comprehensive security assessments to harness the power of AI and ML while safeguarding business interests. As technology continues to evolve, collaboration and constant vigilance will remain crucial in mitigating emerging threats and risks in the dynamic landscape of cybersecurity.


*The above-mentioned InfoSec leaders will share their expert opinion on managing the complex landscape of AI and ML threats in business security at CISO Kanect, a festival experience curated for InfoSec professionals taking place from 12-13 October 2023 at The Marriott Hotel in Melrose Arch, Johannesburg.
To join this fun initiative and learn from TED-style talks, reserve your spot before 31 August 2023 and Save R 2,500!

Artificial Intelligence (AI), while a powerful tool in cybersecurity, also brings forth its own set of concerns. The rise of AI has prompted unease about its risks and implications. Ayanda Peta, an expert well-versed in Cybersecurity, Cloud Computing, and AI, raises a pertinent challenge: “The increasing rate of phishing campaigns.” This aligns with the collective sentiment among our leaders that AI regulations and the potential threats it introduces are essential considerations in the ever-evolving cybersecurity landscape.

Insights from the Frontlines: Voices of SA’s Cybersecurity Leaders

Let’s delve into the insights provided by these seasoned cybersecurity professionals:
Muyowa Mutemwa emphasises the need for funding for proper cybersecurity systems and the imperative of data privacy. He asserts, “Businesses don’t always know where to start; they just know they need to be compliant.”

Galeboe Mogotsi, General Manager at WITS, highlights the uphill battle of garnering board-level buy-in and aligning cyber strategy with overarching business goals. He underlines, “Cybersecurity is not taken as seriously as it should be at board level.”

Amukelani Emily Manganyi, leading Cyber Security Enablement & Business Engagement at Absa Group, confronts the challenge of balancing the business of security and the security of the business. She points out, “Tailoring messaging to all levels can be difficult.”

Ishaaq Jacobs, CISO at Sasol, tackles the intricate balance between maximising value and minimising costs, stressing the importance of measuring ROI on cybersecurity implementations and technology.

Ayanda Peta’s expertise in Cybersecurity, Cloud Computing, and AI unveils the pressing issue of phishing campaigns and the significance of change management in obtaining buy-in.

Anthea Kruger, spearheading Information Security Cyber Defence at MTN, echoes the prevalent skills shortage in the industry and the escalating risks linked to AI.

Aashika Bava, Head of Security Awareness Training at Investec, adds a crucial dimension by highlighting the importance of female empowerment and support in the tech space, alongside the enduring skills shortage.

In Conclusion: Safeguarding the Digital Frontier Together

As the digital realm continues to expand, the challenges facing cybersecurity professionals are manifold and complex. Yet, their unwavering commitment to securing our digital landscape remains resolute. The insights gleaned from these cybersecurity leaders underscore the need for collaboration, education, and strategic alignment across all levels of an organisation. Whether grappling with buy-in struggles, addressing the skills shortage, or navigating the uncharted waters of AI, one thing is clear: Cybersecurity is a collective endeavour that demands the engagement of every stakeholder. In the words of Muyowa Mutemwa, “There’s a lot more to it than just what’s the ROI?” This sentiment serves as a poignant reminder that in the digital age, the protection of our digital future is a responsibility we all share.

*The above-mentioned InfoSec leaders will discuss these challenges and more at CISO Kanect, a festival experience curated for InfoSec professionals taking place from 12-13 October 2023 at The Marriott Hotel in Melrose Arch, Johannesburg.
To join this fun initiative and learn from TED-style talks, reserve your spot before 31 August 2023 and Save R 2,500!