The launch of AI chatbot DeepSeek-R1, created by Chinese AI start-up DeepSeek, sparked a frenzy of discussion in the global technology space and was a wake-up call for the US. The ‘new kid on the block’ is direct competition to OpenAI’s ChatGPT and has escalated interest in how AI and humans will be governed going forward.
This was put before delegates who attended the ITWeb GRC Conference, in Bryanston, on 20 February.
Presenter Brian Pinnock, VP of sales engineering, EMEA at Mimecast, referenced the ‘US vs China AI battle' as an introduction to his theme: advancing organisations' security strategy with a unified human risk management strategy.
The Mimecast executive said organisations are focusing on both technology and human-centred strategies to safeguard sensitive data, ensure compliance and protect against insider threats.
Technology goals include preventing e-mail collaboration data leaks and adhering to compliance with data loss prevention and records retention policies. On the human side, the priority is workplace safety, data movement tracking and mitigating the human factor in data breaches.
“We know attackers don’t hack in, they log in, and while the perimeter has evolved, humans remain the primary attack vector,” said Pinnock. This underscores the need to enforce compliance and data retention across platforms like Microsoft Teams, Slack and Zoom.
Mimecast advocates for a unified human risk management strategy, combining e-mail security and insider risk mitigation.
This strategy simplifies operations, reduces response times and alleviates alert fatigue through AI and automation, protecting against threats like IP theft, shadow IT and data loss due to employee departures. “One key indicator of potential insider risk is data transfer to platforms like Dropbox,” Pinnock noted.
He also highlighted the importance of AI and NLP models in detecting sensitive data across e-mails, files and screenshots. Customisable micro-lessons can be used to reduce alerts and automate remediation, making employees more aware of risky behaviours.
Challenges
However, implementing a unified strategy comes with challenges, including human behaviour, limited security team resources and increasingly sophisticated attacks. Mimecast’s research reveals 12% of cyber attacks now involve AI, while IBM reports that 95% of breaches stem from human error.
Pinnock stressed that the risk is not evenly distributed, with a small percentage of users often responsible for most of the risk.
Mimecast's data shows 96% of phishing attacks and 94% of malware originate from e-mail, with 68% of individuals clicking on phishing links.
As organisations face the growing challenge of managing human risk and ensuring compliance, Mimecast believes traditional approaches are inadequate. "Building a human risk strategy is a necessity, not an option," Pinnock concluded.
Share