Meet the expert: Minesh Pandya to speak at #RISK London

Taking place on October 18 and 19 at EcXel London, #RISK London addresses the issues impacting organisational risk today, from Governance, Risk and Compliance (GRC), to Environmental, Social and Governance (ESG), organisational culture, and much more.

The event builds on the success of #RISK 2022, allowing organisations to examine the cumulative nature of risk, unite GRC specialities and share views with subject-matter experts.

Minesh Pandya is Director, Cybersecurity and Privacy at PKF GM. He has over 15 years of industry experience leading high-performing technical and non-technical IT and cyber teams and is a trusted advisor to CEOs, CIOs, Board of Directors and Executive Committees.

We caught up with Minesh to hear more about his professional journey to date and for insight into the issues on the table at his forthcoming #RISK London session.

Could you briefly outline your career so far?

I began my career as a software engineer, but my fascination for networks led me to retrain and transition into network engineering. Subsequently, I moved into security consulting and have been leading consulting teams for the past 15 years. 

Currently, I hold the position of Director at PKF, leading their UK cyber division with a focus on advisory and remediation services. I am recognized as an industry subject matter expert and thought leader.

How important a role is AI going to play in the future of security and threat detection?

AI is already playing an important role today or security and threat detection in elements such as malware detection, web application security and User and Entity Behaviour Analytics (UEBA).

The technology can analyse vast amounts of data quickly in real-time, enabling it to identify patterns and anomalies that might be missed by humans and traditional security tools. 

While human supervision is still necessary in security and threat detection, advancements in technology are likely to reduce the amount of supervision required. AI’s role is expected to grow in areas like Automated Incident Response and Authentication services.

What are the primary challenges facing organisations as they move to leverage AI to improve cyber defences? 

Data privacy stands out as a major concern for organisations, given AI’s potential access to sensitive and personal information. This concern is compounded by legal and regulatory challenges surrounding data protection, liability, and accountability.

Moreover, there is a legitimate concern about potential attacks against the AI model itself. For example, if an attacker corrupts the training data, it could produce inaccurate output results, leading to severe consequences, especially in industries like healthcare where AI systems are gaining significant traction.

Another area of major concern is the supply chain. Earlier this year, we witnessed a popular AI tool succumbing to a software supply chain vulnerability that originated in one of its supplier’s codebases, causing an outage for a few hours. 

Although this was a relatively minor vulnerability, it inadvertently exposed users’ personal information to unauthorised access. As organisations continue to adopt complex AI tools, managing supply chain risk becomes even more challenging.