“There's no such as 100% - we just try and raise the bar” - we hear what it takes to help secure the world’s largest PC maker from the man in charge of Lenovo’s AI and security

When it comes to staying secure these days, companies of all sizes are facing a variety of threats like never before.

With criminals using AI tools to create new and more advanced attacks, the need for proper security training awareness has never been more crucial.

But how do you go about trying to secure one of the world's biggest companies? We sat down with Doug Fisher, Chief Security and AI Officer at Lenovo, to find out.

"Everyone is culpable"

“Our priority is always around data,” Fisher tells me when we meet in London, “protecting our data, our customer's data, that’s our biggest priority.”

When it comes to enforcing security across your company, Fisher outlines his belief that culture is vitally important, especially across a large organization such as Lenovo.

“It's not just my job - everyone is culpable,” he says, “(Security) has always been a big focus, but previously it was siloed across various areas of expertise…and everyone had a role - but what we discovered, as more and more threats started evolving, was that we didn't have a coordinated view.”

Fisher outlines how even top-level employees at Lenovo had fallen victim to scams in the past, and needed encouragement to take the right training and get up to speed in order to maintain the high standards the company demands.

Managers play a key role in this, he adds, as they can create a culture where employees can come to them and question things - especially in emails or chat messages, where phishing threats can lie waiting.

“I'm not as convinced everybody will be as successful as Lenovo in driving a security posture,” Fisher notes, outlining how direct support from company CEO Yuanqing Yang (known as YY) helped develop a strong awareness of the importance of security across the board.

“It’s much more of a partnership culture at Lenovo - everyone jumps in,” he says, “it’s just like breathing, everybody expects that they know it.”

Fisher admits there are demographic differences at Lenovo, as older generations (including some executives) often rely less directly on technology, and have more developed critical thinking skills - so taking an extra few seconds to check or validate a source or a link is common nature to them.

“That’s what makes me nervous,” he says, “people don’t ever step back, they think just because I read it, it’s real.”

Hybrid working has also had an effect, he says, as distributed teams aren’t as physically close to their co-workers to carry out simple checks or validations.

But when it comes to mitigation, Fisher notes, “there's no such as 100% - we just raise the bar, there's no such thing as 100% security, you just try and make the wall high enough to climb over that (attackers) go somewhere else.”

The AI effect

And how about AI - the technology which has changed every facet of how we live and work. The security industry has seen improvements in threat detection and mitigation using AI, but attackers themselves are also utilizing smarter tools to create new and more effective threats.

“We look at it both ways - as a dual-edged sword,” Fisher notes, “we are driving AI innovation at a very rapid pace, and we feel we’re leading the charge - but with that does come risk.”

He outlines the company’s internal processes, particularly its Responsible AI committee, to make sure AI usage is utilized correctly and effectively, with all additions (what he says amounts to “thousands and thousands of projects” being reviewed to ensure everything is being done to protect customers.

Improved and expanded training is also a focus when it comes to AI, learning the latest advancements and improvements, especially when it comes to using AI to protect Lenovo itself - whether that is spotting anomalies, testing for threats and checking its infrastructure.

But how do we ensure AI is boosting productivity, and doesn’t just replace human workers?

Fisher notes that, “the pendulum is swinging back” when it comes to reining in complete AI takeovers in the workplace, with early mistakes proving this was not an acceptable process.

“I think you’re starting to see people recognize that human interventions are important,” he adds, “my guidance to everybody is to do as much as you can to use those tools to accelerate what you already do…it’s augmenting human capabilities, but it’s not replacing humans.”

“I think we’re going to see better and better capabilities coming out of products because the developers are much more efficient and able to get to those gains.”

And what of Lenovo’s own role in the global sphere? I ask Fisher what place the company should take in furthering AI development and governance.

“We believe our security posture and AI posture around governance is ahead of the industry, so that’s a competitive advantage,” he says, highlighting its role in NGOs and other organizations and other groups looking to form and adopt AI standards.

“Security is a funny thing - it's the only job I’ve been in where your competition and you work together,” he says, “we find a deep collaboration across the industry - and we certainly want to make it more secure.”

• We've rounded up the best online cybersecurity courses around