ITWeb TV speaks to Gareth Redelinghuys, country MD at TrendAI, about the impact that AI continues to have on cyber security, in terms of both defence and attack. Business leaders need to understand this dynamic and how best to protect their ‘crown jewels’.
AI remains a double-edged sword. While defenders are tapping into its speed, scale and automation, criminals are equally prepared to use the same technology to drive attacks.
This is according to Gareth Redelinghuys, country MD at TrendAI, who explains that attackers use the technology to their advantage. “They are able to go back and look for vulnerabilities from the past to see how they can exfiltrate systems, find big holes in the back of systems that haven’t been patched or have these vulnerabilities. Security companies can use these tools for good – we can look at protection and detection, we can look for patterns.”
Redelinghuys adds that while AI is neither all good nor all bad, those using the technology for detection are quicker at finding threats than attackers are at abusing them.
Redelinghuys elaborates on how the nefarious use of AI has evolved from basic prompting of large language models to deliberate deployment of agentic AI.
“This takes it one step further,” he says. “You ask it to do a function. Once it’s done that, it can then actually fulfil specific tasks. You can now have it go into your systems looking for specific things, and when it finds them, it can action them.”
This happens automatically and at a speed no human can match, says Redelinghuys.
Given the availability of the technology and the extent to which it can be used by cyber criminals, the TrendAI boss emphasises the importance of having governance processes and procedures firmly in place, including guardrails, data sovereignty and protection.
To achieve this, organisations must involve the entire C-suite. This ensures everyone knows where AI has been installed in the environment and whether it has been approved.
It is critical for organisations to know where AI is and how far it has penetrated the environment. Only once this is clear can business leaders begin taking control.
Redelinghuys underlines the importance of management buy-in, as the days of IT issues being directed solely to tech teams are over. Today, any tech issue – especially security – requires input across the board.
Gareth Redelinghuys, country MD at TrendAI.
“When you’re breached, what are the next things that follow?” he asks. “It’s your brand reputation, people’s information being put out there, and most importantly, financial loss. Financial loss doesn’t speak to IT or AI being in the wrong place. It speaks to the whole board making decisions collectively to ensure that all the right steps were followed, that all measures were followed to make sure that in the event something went wrong, we are covered.”
He adds that far from being a box-ticking exercise, organisations must prove due diligence regarding compliance and governance.
Due diligence in this context covers several questions: Was AI used? If so, did the right people use it? Did they have control? What access did they have to data or crown jewels? Were public or master keys used?
“If boards cannot answer these questions there and then, it normally tells the tale of what has happened in that environment,” Redelinghuys adds.
Resilience and responsibility
Cyber security experts continue to draw attention to the need for organisations to be resilient – primarily because it is not a matter of if an organisation is attacked, but rather when. At the same time, business leaders need to comply with regulations designed to control how, when, why and where data is handled.
This raises the question of where the onus lies in driving resilience and compliance, and how organisations extract and store required information.
Redelinghuys explains that regulations are there to ensure organisations manage their data usage with compliance in mind. “Everyone’s accountable. When things go wrong, someone needs to be accountable for that. If you are going to have data sovereignty, are you going to store your data, your ‘crown jewels’, locally or cross-border? It all depends on how critical the data is.”
He cites national government data as an example. “That data has to reside within South Africa’s borders. You cannot have that data residing on geographic servers that aren’t in SA. You need to ensure who has control.”
Research, including quarterly analysis by Surfshark, shows that since 2004, South Africa has been ranked the second most breached country in Africa, with 45.7 million compromised user accounts. Statistically, 70 out of 100 South Africans have been affected by data breaches.
Asked what companies are doing right and wrong, Redelinghuys says change is happening, but accountability remains a challenge and cannot be outsourced.
“Boards need to get it together. They need to decide on how they are going to be accountable. They are beginning to hold people accountable. In the past, it was quick decisions with no real follow-through. That is changing. It’s not a case of being able to outsource accountability in the event of a breach – that resides within the organisation and sits with the C-suite.”
Looking ahead, Redelinghuys stresses that organisations must be proactive and use AI to try to stay ahead of criminals.
