VCU Risk Management and Insurance panel explores the intersection of artificial intelligence and cybersecurity
By Sarah Murphy
The VCU Risk Management and Insurance Program hosted industry professionals from across Central Virginia on Thursday, September 21 for a panel discussion about the intersection of artificial intelligence (AI) and cybersecurity.
The event, hosted at the Country Club of Virginia, was moderated by Beth Waller, cybersecurity attorney and chair of the Woods Rogers Cybersecurity & Data Privacy Practice. She was joined by Steve Elovitz, vice president at Mandiant; Sean Stalzer, director of cybersecurity at Dominion Energy; and Peter Munoz, senior director at Capital One.
Right off the bat, Waller called attention to the threats AI poses to cybersecurity today, asking the panelists to expand upon ways in which bad actors might be using AI for nefarious cyber purposes.
“I’m willing to go as far as saying that in almost all military conflicts between nations today, there will be a cyber component,” said Elovitz. “It’s just the nature of the world we live in.”
Panelists shared examples of AI phishing capabilities, such as fraudsters using open source AI tools like ChatGPT and Google Bard to compose ransom emails.
“They don’t intend for you to construct phishing emails on these platforms, yet I could construct a very formal letter to one of you asking for insurance services,” said Stalzer. “I can ask AI to do that in a very convincing way, using all of your public information. I can use this for evil, but the original question was not in any way an evil question.”
“So we woke everyone up with some of the scary stuff concerning AI,” joked Waller before transitioning the conversation to focus on some of AI’s benefits to cybersecurity.
“AI enables some efficiencies for the bad guys to be lazy and get a big reward, but I actually think AI provides a much larger benefit for defenders than the bad actors,” said Elovitz.
Munoz says that one of the best things he’s seen in the industry is people using AI for anomaly detection in things like financial transactions. Stalzer mentioned being able to protect critical infrastructure like the grid, and being sure to “lift and shift the brain within the company,” referring to internal vs. external large language models.
With a room full of risk and insurance professionals before them, the panelists shared their advice for navigating the ongoing evolution of AI within their own workspaces.
“A key piece of this to consider is that ‘risk v. reward’ trade off conversation,” said Munoz. “You all will be part of helping your organization make those decisions. What are the risks? What are the rewards? What kinds of policies do we want to put in place?”
Elovitz recommends multi-factor authentication, attack surface reduction, vulnerability management and privilege management as the basic mechanisms companies need to defend against AI cybersecurity threats. “If you’re doing those basics well, you’re off to a good start.”
For more information about VCU Business or the Risk Management and Insurance Program, visit the School of Business website. For a complete list of upcoming events at VCU Business, visit the events page.