On the 10th episode of Enterprise Software Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Jason Stead, Chief Information Security Officer at Choice Hotels International. Choice Hotels is a global hospitality company with over 7,400 hotels worldwide and over $1.4 billion in annual revenue. In this conversation, Jason shares his thoughts on AI's impact in the hospitality industry, the importance of AI skill development in the workforce, and how AI will shape the future of cybersecurity.
Jason highlights the distinctive threats the hospitality sector faces, where the desire for warmth and hospitality can inadvertently make a prime target for social engineering attacks. With small, independently owned hotels often lacking sophisticated cybersecurity measures, social engineering becomes a prevalent challenge. Jason elaborates on the need for robust security awareness programs, vendor reliance, and Endpoint Detection and Response (EDR) solutions' game-changing role in identifying and countering real-time threats. Jason underscores the changing threat landscape as Choice Hotels transitions to cloud services and the emphasis on third-party risk management. He highlights the challenges of being both a consumer and provider of cloud services, underscoring the importance of ensuring downstream security through effective third and fourth-party risk management. This is where AI is beginning to make a difference for enterprises. By utilizing the next generation of tools, business leaders focus on adapting to an evolving threat landscape and gaining a competitive business advantage. According to Jason, "Obviously, you want to incorporate AI into all of your tooling going forward. I think that if a tool doesn't have AI at some level in the near future, it's just not going to hold a place in the market for too long."
Understanding where trends are heading can make a huge difference for business leaders. Jason stresses the importance of embracing AI as a skill for cybersecurity professionals, emphasizing ongoing training and upskilling. He envisions a future where cybersecurity teams defend against threats and leverage AI to drive business innovation. Looking at the potential impact of AI on security teams, Jason discusses the process of empowering professional teams to engage with new and disruptive technologies. "I want them to grow in their career, even if it's not with us. So the big area of focus for us is to give the people the training, and I know the team's excited about that, and I know the capabilities that come out of that. Now that also allows us to not only become cybersecurity AI-trained professionals, but we can be AI professionals and help the business grow." By fostering an environment that encourages the integration of AI into security operations, leaders enable their teams to harness the power of automation, machine learning, and predictive analytics. This proactive approach enhances the potential efficiency of threat detection and response and allows cybersecurity professionals to focus on strategic, high-value tasks.
Security leaders acknowledge the necessity for adjustments, both in defensive measures and in preparing for the inevitability of AI-driven attacks. Jason emphasizes the importance of identifying AI use in real-time, foreseeing challenges in countering AI-generated phishing scripts, and even the potential for AI to create malware. Exploring the trajectory of AI in cybersecurity, Jason shares insight into the dual role AI plays in offensive and defensive strategies. With the speed of current innovation, the pace security leaders must maintain to stay competitive can become breakneck. Jason emphasizes adapting to AI-driven attacks and adjusting security programs to stay ahead. "I think that there is going to be a new market. There are going to be new entrants. There are going to be new capabilities. There are going to be new threats we never envisioned. I do think that AI is going to help us move faster." When every second matters in security, AI quickly becomes a deciding factor in optimizing defensive strategies. The current and future value for leaders considering the use of AI in identifying threats, the potential risks associated with generative AI, and the need for defensive measures cannot be overstated.
Considering the benefits this next generation of tools can offer, Jason remains optimistic about AI's potential to bring positive changes. While acknowledging the challenges posed by AI in the hands of threat actors, he also envisions entrepreneurs introducing groundbreaking solutions that could redefine the cybersecurity landscape. Jason's pragmatic approach encourages a balanced perspective on AI, recognizing its potential to alleviate some of the burdens cybersecurity professionals face. Leaders can enable a cybersecurity realm where human expertise collaborates harmoniously with AI, creating a synergy that outpaces more sophisticated cybercrime. As the narrative unfolds, it becomes evident that AI isn't just a defensive tool; it's a catalyst for a paradigm shift in how organizations approach cybersecurity. Jason's optimism about the potential of AI to bring about positive change resonates as a rallying call for the industry. It's a call to embrace AI's transformative potential, collaborate, share knowledge within the community, and forge a collective path toward a more secure digital future.