Last April 12, 2023, Inprosec attended the 4th edition of the Galicia ISMS Regional Forum, held at the Abanca Auditorium in A Coruña, after being the city chosen as the headquarters of the AESIA (State Agency for the Supervision of Artificial Intelligence).
The event took place during a morning day, from 9:30 to 14:00, enjoying a varied program of up to 8 presentations. During them, topics related to artificial intelligence and its implication in automation and cybersecurity tasks were discussed. The collaborative project ‘Cybersecurity in a box’ was highlighted as a tool aimed at SMEs that will help to improve their cybersecurity situation.
The event began with Roberto Barata (ABANCA), who highlighted the value of the day and the participation of the speakers and attendees. He was followed by Julián Cerviño (AMTEGA), who made a presentation on the existing difficulties in terms of privacy, cybersecurity and management currently being carried out by the Xunta, Galicia being a forerunner in AI management strategies.
Cybersecurity and Artificial Intelligence
Secondly, Roberto Baratta (ABANCA) and Noemí Gil (Congalsa) participated with “Artificial intelligence in your cybersecurity strategy” talking about the implementation of AI in Congalsa, who have been working with it for several years with the aim of reducing costs and increasing efficiency. They talked about prejudices and some fears generated by the use of AIs, such as the replacement of jobs and how this is false, since the indicators report that it is more a complementary tool than a substitute in use. Also of the problems when industrializing their activities due to the lack of auxiliary tools to speed up these processes.
Next came Efrain Gamboa (Crowstrike) with “Mapping the key players and threats in AI” to talk about how users relate to the implementation of AI, providing solutions, and Jesús Díaz (Seur, Palo Alto Networks) with the presentation “Why is the future of cybersecurity?” introducing new concepts such as Artificial Narrow Intelligence (ANI), Artificial General Intelligence (AGI) and Artificial Superintelligence (ASI).
In the middle of the day a round table was held: “Artificial Intelligence as a threat” with Javier Larrea (ISM Forum Galicia) moderating and Fede Vadillo (Akamai), Roberto Heker (Nextvision) and Fernando Suárez (CPEIG) as participants. The debate focused on the response to the application of AI: how humans relate to it in cases where there are no risks in its application, the problems in areas such as customer service, or the lack of knowledge of where our data goes when we interact with AI based on chat and voice.
One of the talks that most caught our attention was Samuel Bonete’s (NextScope) “Next Level: Security and Artificial Intelligence”, which presented Service Edge: What used to be reduced to local networks, is now presented as a service independent of the place and form of the connection. For this, Samuel developed in his presentation how they use AI to provide cybersecurity options of greater value and efficiency. It was interesting how he exemplified these uses through science fiction movies, making references to Star Wars, the Mr. Robot series or even the Bourne movie saga.
AI and automation
Later on, the round table “Intelligence and Automation, how far?” was introduced with Rafael San Miguel (Cipher), Samuel Sancho (Devo), David Gonzalez (ISMS Forum de Galicia) and Carlos Perez (ISMS Forum de Galicia) as moderator. One of the most interesting conclusions reached was the fact that AI had more marketing functionalities than as a tool to streamline all kinds of processes, something that is now beginning to change. The possibility of talking about ChatGPT was not left aside, although it was concluded that it still needs to improve, and that under a critical eye it can be seen that it makes many mistakes. Its usefulness when drafting security policy or procedure documents was also emphasized.
IA Compliance
This panel was followed by Susana Rey (ISMS Forum Galicia) interviewing Gary Robertson (Ecix Regtech) and Alexandra Juanas (MásMovil) with “AI Compliance” as a backdrop. Susana introduced that AI has been with us for a long time and that now is a key moment both for the speed of expansion of this tool and for its already significant benefits, highlighting that it is now when we must regulate and establish rules before there are cases of seriousness and high impact.
Both sides of the interview agreed, highlighting that regulation is already underway in terms of privacy and intellectual property protection. Regarding the latter, it was emphasized that both the United States and the European Union are creating legislation that protects intellectual property against the misuse of trained AI. However, they agreed that content created by a chatbot is considered “original” and that it is difficult to legislate.
Regarding the scope of GDPR it was concluded that AI is used as a means and not an end, so regulation will depend on what that end is, being clearer the use of regulation regarding issues of transparency or use of sensitive data. It was also discussed that the Spanish Agency is reviewing ChatGPT for non-compliance with transparency or misuse of personal data, stressing the seriousness of cases involving minors.
Cybersecurity in a Box
Finally, we highlight the presentation of “Cybersecurity in a Box”, presented by Carlos López (ISMS) and Ignacio Hornes (Imotion Analytics), a project, already known by us, useful for small companies that allows to provide them with knowledge and free tools to implement cybersecurity strategies to cover the needs that arise.