The Cost of Overlooking Gen AI Security Risks: What Every Business Needs to Know

The Cost of Overlooking Gen AI Security Risks: What Every Business Needs to Know

As generative AI (Gen AI) shifts from a behind-the-scenes tool to a core element of customer engagement and productivity, it brings with it a new range of cybersecurity challenges. While businesses use it to drive innovation, threat actors are harnessing the same technology to create sophisticated cyber threats, turning network security into a critical business priority.

To break down what this means for security teams, we consulted Roshin Unnikrishnan, Senior Director of Growth and Revenue Operations at Cisco. With deep expertise in both data security and GTM strategy, Unnikrishnan explains why securing networks in the Gen AI era is a business priority for organizations and budgets of all sizes. According to him, network security has evolved from an IT concern to an essential part of business strategy.

Networking as a First Line of Defense

“Network security should be as integral to business growth as customer acquisition,” says Unnikrishnan. As Gen AI tools become commonplace, businesses need to recognize that security threats are evolving in tandem. With 55% of employees using unapproved Gen AI tools at work, the organization’s attack surface can expand quickly, often without leadership awareness. “Neglecting security comes with the usual data breach risks, but today, it’s more likely to mean damaging brand trust and business continuity,” he notes.

Risks like AI-driven phishing and malware are becoming more sophisticated. Attackers can now craft highly targeted phishing emails that evade conventional filters, making them harder to detect. Unnikrishnan highlights disciplined execution around two primary strategies:

Zero Trust Network Access (ZTNA): Implement ZTNA to enforce continuous verification of user access, a step beyond traditional security models. ZTNA constantly checks that all users and devices accessing company resources are who they claim to be, minimizing the risk of unauthorized access and internal threats.

Regular intranet application audits: “AI-driven tools in enterprise systems often have overly broad permissions that need routine review,” Unnikrishnan advises. By validating permissions and restricting unnecessary access, companies reduce potential points of attack.

Balancing Data as an Asset and Liability

Data is the foundation of revenue operations, enabling businesses to identify prospects, personalize outreach, and make accurate forecasts. However, Unnikrishnan emphasizes that data has become both an asset and a liability. However, Unnikrishnan emphasizes that data has become both an asset and a liability. “Some of the most valuable data organizations leverage for GTM activities is customer data,” he notes, “and that’s precisely the dataset malicious actors target most frequently.” According to IBM’s Global AI Adoption Index 2023, half of organizations only increase security spending post-breach, a short-sighted approach that Unnikrishnan argues companies can avoid. When customer data is poorly managed, companies increase exposure to regulatory penalties, data breaches, and reputational damage. In the event of a severe breach, the loss of customer trust and informational advantage can set back an organization by multiple quarters.

“We need to frame it as more than compliance, or else the urgency isn’t effectively communicated. We’re mitigating new operational risks and costs,” Unnikrishnan explains. With strict regulations like GDPR and HIPAA mandating rigorous data storage and protection, companies must view data governance as a strategic responsibility. He recommends:

Data minimization: Only collect data that is absolutely necessary. “We’ve matured beyond a ‘keep everything’ approach. Excess data just increases exposure and storage costs,” he explains.

Retention policies: Establishing clear retention policies, regularly auditing stored data, and deleting non-essential information helps businesses stay compliant. Proper data hygiene practices minimize the risk of breaches and reduce regulatory liabilities.

Strengthening Internal Defenses

Beyond the data itself, attackers increasingly target the individuals and tools that rely on it. Proactively identifying vulnerabilities in AI systems and training employees to recognize phishing and social engineering threats creates a robust, multi-layered defense. “Trust in our AI systems directly translates to trust in our customer relationships,” says Unnikrishnan, emphasizing that compromised AI insights or tampering can lead to significant reputational damage.

He advises that companies regularly test and audit AI tools to ensure data integrity and minimize tampering risks. Just as essential, however, is ongoing staff training. “GTM folks traditionally haven’t needed to worry about cybersecurity, making them prime targets for social engineering attacks,” Unnikrishnan explains. With nearly 60% of individuals still susceptible to GPT-generated phishing attempts, Unnikrishnan recommends:

Increasing AI system resilience: Use frameworks like the NIST AI Risk Management Framework to rigorously audit and stress-test internal AI tools. This enhances reliability and ensures the insights you produce remain accurate and trustworthy.

Human awareness and training: Equip sales, marketing, and customer success teams with regular phishing simulations and social engineering exercises, referred to as ‘redteaming’. Cultivating a security-focused mindset across departments helps reduce the risk of human error—a leading factor in security breaches.

Security as a Business Practice

Unnikrishnan stresses that Gen AI’s vulnerabilities aren’t going away, and many of them cannot yet be addressed by Gen AI itself. Securing networks in the age of Gen AI is as much about fending off threats as it is about creating a resilient, trusted foundation for sustainable growth. With technology evolving at an unprecedented pace, Unnikrishnan advises companies to stay vigilant, prioritize regular security testing, and foster a culture of security awareness across their operations.

Leave a Comment

Scroll to Top