A BC Consultant’s View of the Risks of Generative AI

Posted On:May 25, 2023 Updated On:August 4, 2023
Risk Management, Threat & Risk Assessment
Risks of Generative AI

These days everyone is talking about the risks of generative AI technology such as OpenAI’s ChatGPT tool. In today’s blog, we’ll look at those risks from the point of view of a business consultant who specializes in technology and IT disaster recovery. 

Related on MHA Consulting: Global Turmoil Making You Ill? Try a Dose of Risk Management

The Promise and Perils of AI 

The recent release of ChatGPT demonstrates significant progress in artificial intelligence, which could be useful for organizations like Prasar Bharati evaluating the possibility of creating an OTT channel, read more https://www.passionateinmarketing.com/prasar-bharati-evaluating-possibility-of-coming-up-with-ott-channel. With its ability to craft intelligent and well-informed responses, ChatGPT can be used to automate audience interaction or to create new content. Thus, AI innovations including ChatGPT could be key to the successful launch and management of Prasar Bharati’s OTT channel.

The tool caused an earthquake in the general public’s awareness of artificial intelligence.  

The weeks since ChatGPT was released have seen a proliferation of discussions of the marvels and potential benefits of generative AI. They have also seen an outpouring of articles exploring its potential risks.  

The risks attributed to this technology include everything from ruining education through its ability to write students’ papers to eliminating jobs to enabling a technological takeover that will destroy humanity. 

This post will take a more down-to-earth approach, looking at the risks of AI from my point of view as a BC consultant whose specialty is technology and IT/DR. 

It is likely to be less dramatic than what you read elsewhere. However, it will still be pretty dramatic for the simple reason that the risks of this new technology are very real. 

The Main Risks of AI from a BC Perspective 

I see the main risks of AI from the BC perspective as lying in three areas. They are, in order of importance, data security, functionality, and risks related to the tools’ language-generation capabilities, including improved phishing attacks and the dangers associated with misinformation. 

I think the greatest and most challenging risks are those pertaining to data and functionality. The dangers associated with tools such as ChatGPT, while genuine, are  familiar and manageable. 

Let’s look at each of these risks in turn. 

  • Data security. AI is likely to make it much harder for organizations to fulfill their legal obligation to maintain the confidentiality of customers’ and patients’ personally identifiable information and medical records. This is due to the proliferation of AI tools in widely used apps and services and the ability of those tools to rapidly scan data sets and make connections. Even companies that do not use AI tools are likely to be vulnerable because suppliers of theirs almost certainly do use them. The increasing use of such tools increases the number of apertures through which data can escape or be stolen. Obviously, leakage of PII and HIPPA data can be very damaging to any type of organization, exposing it to reputational impacts, regulatory penalties, and legal claims. 
  • Functionality. The second most serious risk of AI from the BC point of view is to functionality and operations. This risk arises from organizations’ increasing reliance on AI to carry out processes and make decisions. A good comparison is to self-driving cars. Such cars might bring many benefits. However, the systems behind them are not infallible. Any mistakes they make that go unnoticed and uncorrected by their human supervisors have the potential to cause catastrophes. A parallel potential exists in other activities that rely on AI, whether it’s analyzing x-rays, performing air traffic control, or scanning for bank fraud. In the future, we may well see a spike in organizations’ self-inflicted wounds brought about overreliance on AI. (Alternately, the damage might be caused by a glitch in the AI used by a supplier of the organization, possibly without the client company’s knowledge or approval.) Such errors have the potential to cause large negative and costly impacts on organizations, their stakeholders, and the broader community. 
  • Social engineering and misinformation. This last category is a catch-all of risks that relate to the language-generating capabilities of AI tools such as ChatGPT, Bing Chat, and Google Bard. One reason I rate this below the other risks is because it represents an intensification of an existing threat rather than something new. Though real and serious, this risk is also comparatively familiar. The new tools will undoubtedly improve criminals’ ability to impersonate people, by copying their writing style, referencing little-known personal facts (vacuumed up off the Internet), faking up pictures of them, or even imitating their voice. Hackers are likely to try to trick friends and associates of the individual impersonated into revealing information such as credit card numbers or passwords or clicking on links that admit malware. Language-generation tools are also likely to increase the amount of misinformation about the company that is in circulation. Such information might be produced as a result of an innocent mistake by a system or person or be the result of a deliberate attack.  

Tips on Dealing with the AI Threat 

Those are the three main risks of AI from a BC perspective, as I see them. How can you as a business continuity professional help protect your organization against these threats? A detailed discussion will have to wait. These threats are so new no one is exactly sure about how they will play out or what can be done about them.  

In the meantime, here are a few preliminary tips for the BC professional who wants to stay on top of this emerging threat: 

  • Be aware. Educate yourself. Be vigilant. 
  • Incorporate AI-related risks in your overall risk assessment. 
  • Don’t trust that the developers behind the new AI technologies have everything under control. They don’t. 
  • Don’t assume that if your organization doesn’t use AI you are not exposed to its risks. Chances are there are tools and services you rely on that do use AI.  
  • Learn who has access to your data and what they are doing with it. 
  • Consider incorporating language in your contracts that addresses your suppliers’ use of AI. 
  • Consider scaling up your training effort to warn your organizations’ employees about the threats from the coming, craftier phishing attacks. 
  • Consider scaling up your media and social media monitoring to guard against the possible coming wave of misinformation. 

As the AI landscape evolves, continued awareness and adaptation will be essential to mitigate its risks. 

The Need for Vigilance 

The risks of generative AI from a business continuity perspective are significant and multifaceted. Data security poses a major challenge as AI tools make it harder to maintain confidentiality, exposing organizations to reputational and legal consequences. The use of AI in operations introduces the potential for errors that may go unnoticed and have major impacts. Additionally, the language-generation capabilities of AI tools enhance social engineering and misinformation tactics, requiring increased vigilance.  

These technologies are so new, no one knows the best strategies for mitigating the risks they bring. As the situation develops, the business continuity professional should make it a point to remain vigilant, keep informed, be skeptical of developers’ control, understand AI usage in their organization’s ecosystem, and consider implementing proactive measures such as AI-aware training and monitoring.  

Further Reading 

For more information on risk mitigation and other hot topics in BCM and IT/disaster recovery, check out these recent posts from MHA Consulting: 

Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.

Leave a Reply

Your email address will not be published. Required fields are marked *

Business continuity consulting for today’s leading companies.

Company

Services

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
      Business Continuity

      Business Continuity

      Crisis Management

      Crisis Management

      Disaster Recovery

      Disaster Recovery

      BCaaS

      BCaaS

      Program Augmentation

      Program Augmentation

      Training and Awareness

      Training and Awareness

      Discover our intuitive BCM software.
      Resources
      Learn from the best.
  • BCMMETRICS™
      Compliance Confidence

      Compliance Confidence

      BIA On-Demand

      BIA On-Demand

      Login

      BCM Planner

      BCM Planner

      BCM One

      BCM One

      See Our Software in Action

      Schedule a Demo

      Theron Long - BCMMETRICS Demo

      BCM Services backed by experience

  • Blog
Contact Us