Olaf Pursche, Leader of the Security Competence Group at eco—Association of the Internet Industry:

“AI has long been an integral part of business processes. However, as it becomes more widespread, threats such as deepfakes and AI-supported phishing are also on the rise. It is therefore crucial to integrate AI securely and responsibly as a central building block of cyber resilience.”

• eco publishes white paper for decision-makers on the secure use of AI in companies
• It contains a five-step process model for the successful implementation of AI applications, best practices and relevant standards for companies.

AI is becoming a key factor in the cyber resilience of companies. It offers considerable potential for optimising processes and strengthening IT security, but at the same time opens up new areas of attack for cybercriminals. In its white paper ‘Artificial Intelligence as the Key to Cyber Resilience: Secure Integration, Protection Against Attacks and Intelligent Defence’, eco—Association of the Internet Industry presents practical recommendations for the secure and responsible use of AI.

“Many companies want to use AI, but they don’t know how to do so successfully. That’s why one focus of the white paper is on the secure implementation of AI tools,” explains Pursche. The document shows that companies are confronted with a multitude of technical and organisational issues when using AI—from different learning approaches and fields of application to fundamental topics such as data protection, liability and governance. ‘This is precisely why a structured approach is needed,’ Pursche continues. ‘The white paper presents a five-step process model that supports companies in introducing AI applications while also providing guidance on best practices and relevant standards such as ISO/IEC 42001:2023.’

At the same time, it makes it clear that AI is increasingly being used by attackers. AI-supported phishing attacks, deepfakes and disinformation pose new challenges for companies. Recommendations include improved telemetry, context-based analysis methods, encryption and clear access controls.

In addition, the white paper also shows how AI itself contributes to strengthening the security architecture. In productive scenarios, it is already being used for DDoS detection and in EDR and XDR architectures.

The paper was written with the collaboration of experts from companies and associations, including Jamorie Consulting, G DATA CyberDefense, Link11, Myra Security, F5, NVISO Security and eco—Association of the Internet Industry.

The white paper can be downloaded here.