How Businesses Can Use AI in a Secure Way

Learn how businesses can safely harness the power of AI . Discover best practices for data privacy, model security, and governance to mitigate risks and ensure ethical AI implementation.

? Introduction

Artificial intelligence (AI) is rapidly transforming the business landscape, offering unprecedented opportunities for innovation and growth. From personalized recommendations to predictive analytics, AI is being deployed across various industries to streamline operations, enhance customer experiences , and gain a competitive edge. However, the increasing reliance on AI also introduces new security risks that businesses must address to protect their valuable data and reputation.

?? Most Intriguing AI Statistics

• McKinsey predicts AI could boost the global economy by a staggering $25.6 trillion by 2030.
• Goldman Sachs estimates that AI could automate two-thirds of tasks across various jobs. However, the firm emphasizes that AI will primarily complement human workers rather than replace them.
• According to Statista, the global AI market expanded to nearly $208 billion in 2023 and is projected to grow to almost $2 trillion by 2030.

By following a comprehensive set of best practices, organizations can effectively mitigate these risks and ensure the secure and ethical use of AI. This article will explore the key security challenges facing businesses, provide practical guidelines for protecting AI implementations, and highlight real-world examples of successful AI security strategies.

? Understanding AI Security Risks

?? Key Privacy and Security Risks Associated with AI

As organizations increasingly adopt AI technologies, they face a range of privacy and security challenges. Here’s a detailed overview of five critical risks: data privacy breaches, model poisoning attacks, intellectual property theft, bias and discrimination, and regulatory compliance issues.

?? Data Privacy Breaches

AI systems often require vast amounts of data, including sensitive personal information such as health records and financial data. This reliance on extensive datasets increases the risk of data privacy breaches. Unauthorized access to this data can lead to significant violations of individuals' privacy rights. For example, data reconstruction attacks can reverse-engineer confidential information from aggregate data, revealing sensitive individual records. Neural networks can inadvertently memorize training data, making it easier for malicious actors to extract personal information from AI models.

?? Model Poisoning Attacks

Model poisoning attacks occur when adversaries manipulate the training data used to develop AI models, leading to compromised outputs. By injecting malicious data into the training set, attackers can alter the model's behavior, causing it to produce incorrect or biased results. This poses a significant risk, especially in critical applications like healthcare or finance, where decisions made by AI systems can have serious consequences. The integrity of AI systems can be undermined if they are trained on compromised data, making it essential for organizations to implement robust data validation and monitoring processes.

?? Intellectual Property Theft

The use of AI can also expose organizations to intellectual property theft. As AI systems analyze and generate content, they may inadvertently reproduce proprietary information or trade secrets. This risk is particularly pronounced in generative AI applications, where the model might generate outputs that closely resemble the training data. Organizations must ensure that their AI systems are designed to respect intellectual property rights and implement measures to prevent the unauthorized use of sensitive information.

?? Bias and Discrimination

AI algorithms can perpetuate bias and discrimination, leading to unfair outcomes in various applications, such as hiring, lending, and law enforcement. This bias often stems from flawed training datasets that do not adequately represent diverse populations. If AI systems are trained on biased data, they may produce discriminatory results, exacerbating existing inequalities. Organizations must prioritize algorithmic fairness by employing techniques to detect and mitigate bias, ensuring that AI systems promote equitable outcomes and do not infringe on individuals' rights.

?? Regulatory Compliance Issues

The rapid advancement of AI technologies poses challenges for regulatory compliance. Existing privacy laws may not adequately address the unique risks associated with AI, leading to potential violations. Organizations must navigate complex regulatory landscapes, such as GDPR and CCPA, which impose strict requirements on data handling and user consent. Failure to comply with these regulations can result in significant penalties and reputational damage. Establishing clear policies and governance frameworks for AI usage is crucial for ensuring compliance and protecting individuals' privacy rights.

Summary : While AI offers transformative potential, it also introduces significant privacy and security risks. Organizations must proactively address these challenges by implementing robust data governance practices, ensuring transparency, and adhering to regulatory requirements. By doing so, they can harness the benefits of AI while safeguarding individuals' rights and maintaining public trust.

? Best Practices for Secure AI

?? Secure Data Storage and Transmission

Ensuring the security of data storage and transmission is critical for protecting sensitive information. Here are some key practices:

?? Data Encryption

Implement strong encryption algorithms like AES-256 to protect data both at rest and in transit. Use encryption keys that are securely managed and regularly rotated[1][2]. Employ techniques like tokenization and hashing to minimize the exposure of sensitive data[4].

?? Access Controls and Authentication

Implement robust access control mechanisms that verify the identity of users and devices before granting access to data. Use multi-factor authentication, biometrics, and role-based access controls to limit access to authorized personnel only[1][3]. Monitor and log all access attempts to detect and prevent unauthorized access.

?? Secure Protocols and Channels

Use secure protocols like HTTPS, SFTP, and FTPS for data transmission. These protocols establish encrypted channels to protect data from eavesdropping and tampering during transit[3]. Avoid using insecure protocols like FTP and HTTP that transmit data in plaintext.

?? Secure Storage Systems

Choose storage systems that offer built-in security features like encryption, access controls, and immutability. For on-premises storage, use hardened systems with secure configurations. For cloud storage, select providers that offer robust security controls and comply with industry standards[4].

?? Secure Backups and Disaster Recovery

Maintain secure backups of data using the 3-2-1 rule: three copies of data, two on different storage media, and one offsite. Use immutable backups that cannot be altered or deleted by ransomware or malicious actors[1]. Test backups regularly to ensure recoverability.

?? Data Minimization and Anonymization

To reduce the risk of data breaches, collect and store only the minimum data necessary for business purposes. Implement data minimization practices to limit the amount of sensitive data collected and retained[4]. Anonymize or pseudonymize personal data to protect individuals' privacy.

?? Regular Data Audits and Vulnerability Assessments

Conduct regular audits to assess the effectiveness of data security controls and identify areas for improvement. Perform vulnerability assessments to detect and remediate security weaknesses in systems and applications that store or process sensitive data[4]. Engage independent security experts to conduct penetration testing and red team exercises to validate the security posture.

?? Compliance with Data Privacy Regulations

Ensure compliance with relevant data privacy regulations like GDPR and CCPA by implementing appropriate security controls and data governance practices[4]. Appoint a data protection officer to oversee compliance efforts and serve as a liaison with regulatory authorities. Conduct regular compliance audits and implement corrective actions to address any gaps or non-conformities.

Summary : By adopting these secure data storage and transmission practices, organizations can effectively protect sensitive information and maintain the trust of customers and stakeholders. Regular monitoring, testing, and improvement of security controls is essential to keep pace with evolving threats and regulatory requirements.

? Model Security and Integrity

?? Model Validation and Testing

Model validation and testing are critical steps in ensuring the security and reliability of AI systems. Here's a more detailed look at these processes:

?? Validation Techniques

There are several common techniques used for model validation:

• Train/Validation/Test Split: The dataset is divided into three subsets - training, validation, and test data. The model is trained on the training set, validated on the validation set to tune hyperparameters, and finally evaluated on the held-out test set to get an unbiased estimate of performance.
• Cross-Validation: The dataset is split into k folds. The model is trained k times, each time leaving out a different fold for validation. This provides a more robust estimate of performance.
• Backtesting: The model is run on historical data to evaluate its performance on past scenarios. This helps assess how the model would have performed in real-world conditions.

?? Validation Metrics

Appropriate metrics are chosen based on the task and data. Some common metrics include:

• Accuracy, Precision, Recall, F1-Score: For classification tasks
• Mean Squared Error, R-Squared: For regression tasks
• Area Under the ROC Curve (AUC-ROC): A threshold-independent metric that summarizes the tradeoff between true positive rate and false positive rate

?? Testing for Robustness

Model validation also involves testing the robustness of the model to distribution shift, noise, and adversarial attacks. This includes:

• Evaluating performance on out-of-distribution data
• Injecting noise and perturbations into inputs
• Generating adversarial examples to fool the model

?? Adversarial Training

Adversarial training is a technique to improve model robustness by training on adversarially perturbed examples. The model is trained not just on the original data, but also on worst-case perturbations that an adversary could make to fool the model. This makes the model more resilient to attacks.

The adversarial training process involves:

1. Training the model on original data

2. Generating adversarial examples by finding worst-case perturbations that maximize the model's loss

3. Retraining the model on the original data combined with the adversarial examples

This iterative process of generating attacks and training on them improves the model's ability to handle malicious inputs.

?? Continuous Monitoring and Updating

Monitoring the performance of deployed models is crucial, as data distributions can shift over time. Key aspects include:

• Tracking model performance metrics continuously
• Detecting anomalies or significant performance degradation
• Retraining or fine-tuning the model on new data if needed
• Rigorous testing before deploying any model updates

Automated monitoring systems can alert when models need to be updated. Maintaining model performance requires diligence, as models can degrade or be attacked over time.

?? Protection Against Model Poisoning

Model poisoning attacks involve injecting malicious data into the training set to cause the model to learn the wrong thing. Defenses include:

• Careful data curation and validation before training
• Anomaly detection to identify suspicious training examples
• Differential privacy techniques to limit the influence of individual data points
• Robust aggregation methods to mitigate the impact of outliers

Proactive monitoring for signs of poisoning, like sudden drops in performance, is also important. Robust model design and training practices are key to preventing such attacks.

In summary, model validation, adversarial training, continuous monitoring, and protection against poisoning are all critical components of building secure and reliable AI systems. Rigorous testing and monitoring throughout the model lifecycle is essential to ensure models behave as intended.

? Secure Development and Deployment

?? Secure Coding Practices

Secure coding practices are essential for developing applications that are resilient against cyber threats. These practices involve writing code that minimizes vulnerabilities and adheres to security standards throughout the software development lifecycle. Key principles include:

• Input Validation and Sanitization

Input validation ensures that data entered into an application meets predefined criteria, preventing malicious data from being processed. Sanitization further cleans input data to remove harmful elements, such as scripts or SQL commands, thereby neutralizing potential threats.

• Authentication and Authorization

Implementing strong authentication mechanisms verifies user identities, while robust authorization controls ensure that users only access resources necessary for their roles. This is crucial for preventing unauthorized access and protecting sensitive information.

• Secure Data Storage and Transmission

Data should be securely stored using encryption and access controls. During transmission, secure protocols like HTTPS should be employed to protect data from interception. This prevents unauthorized access and ensures data integrity.

• The Principle of Least Privilege

This principle dictates that users and processes should have the minimum level of access necessary to perform their functions. By limiting permissions, organizations can reduce the attack surface and mitigate the impact of potential breaches.

• Regular Security Updates and Patching

Consistently updating software components and applying security patches is vital to address known vulnerabilities. This proactive approach helps protect applications from evolving threats and maintains overall security.

?? Vulnerability Scanning and Patching

Vulnerability scanning is the process of identifying security weaknesses in software and systems. Regular scans help organizations detect vulnerabilities before they can be exploited. Key components include:

• Automated Scanning Tools

Using automated tools can streamline the scanning process, allowing for continuous monitoring of applications and infrastructure. These tools can identify known vulnerabilities based on databases like the Common Vulnerabilities and Exposures (CVE) list.

• Manual Penetration Testing

In addition to automated scans, manual penetration testing can uncover complex vulnerabilities that automated tools might miss. Ethical hackers simulate attacks to identify weaknesses and recommend remediation strategies.

• Timely Patching

Once vulnerabilities are identified, timely patching is critical. Organizations should prioritize patches based on the severity of the vulnerabilities and the potential impact on their systems. Implementing a patch management policy ensures that updates are applied consistently and efficiently.

?? Secure Infrastructure and Cloud Environments

Creating a secure infrastructure is essential for protecting applications and data. This involves:

• Secure Configuration

All components of the infrastructure, including servers, databases, and network devices, should be securely configured. This includes disabling unnecessary services, applying security patches, and following best practices for system hardening.

• Network Security

Implementing firewalls, intrusion detection systems, and secure network segmentation helps protect against unauthorized access and potential attacks. Monitoring network traffic for anomalies can also provide early detection of security incidents.

• Cloud Security Best Practices

For cloud environments, organizations should utilize security features provided by cloud service providers, such as encryption, identity and access management, and security monitoring tools. Additionally, understanding shared responsibility models is crucial for ensuring that security measures are appropriately implemented.

??Incident Response Planning

An effective incident response plan is vital for minimizing the impact of security breaches. Key elements include:

• Preparation

Organizations should develop and document incident response protocols, ensuring that all team members understand their roles and responsibilities. Regular training and simulations can help prepare teams for real incidents.

• Detection and Analysis

Implementing monitoring tools and processes allows for the early detection of security incidents. Analyzing alerts and logs helps determine the nature and scope of the incident.

• Containment, Eradication, and Recovery

Once an incident is detected, it is essential to contain the threat to prevent further damage. After containment, organizations should eradicate the root cause of the incident and restore affected systems to normal operations.

• Post-Incident Review

Conducting a thorough post-incident review helps organizations learn from incidents and improve their response processes. This includes identifying what worked well and what could be improved, as well as updating the incident response plan accordingly.

Summary: By implementing secure coding practices, conducting regular vulnerability scans, ensuring secure infrastructure, and having a robust incident response plan, organizations can significantly enhance their security posture and better protect against cyber threats.

?Governance and Risk Management

?? AI Governance Framework

An AI governance framework provides the necessary structure for overseeing the development, deployment, and use of artificial intelligence technologies. This framework is essential for ensuring that AI systems operate within ethical and legal boundaries, fostering trust and accountability. Key components of an effective AI governance framework include:

• Objectives and Principles

The framework should define clear objectives, such as promoting innovation while safeguarding human rights and ensuring fairness. Principles like transparency, accountability, and inclusivity should guide the development and use of AI systems.

• Oversight Mechanisms

Establishing oversight mechanisms, such as ethical review boards and compliance committees, is crucial for monitoring AI systems. These bodies should include stakeholders from various fields, including technology, ethics, law, and business, to ensure diverse perspectives are considered.

• Risk Management

The framework must incorporate risk management strategies to identify, assess, and mitigate potential risks associated with AI technologies. This includes addressing issues like bias, privacy violations, and data security.

• Regulatory Compliance

AI governance should align with existing regulations and standards, such as the General Data Protection Regulation (GDPR) and the OECD Principles on Artificial Intelligence. Compliance ensures that AI systems respect legal requirements and ethical norms.

• Continuous Evaluation

An effective governance framework requires ongoing evaluation and adaptation to keep pace with technological advancements and emerging risks. Regular audits, stakeholder feedback, and performance assessments are essential for maintaining the framework's relevance and effectiveness.

?? Risk Assessment and Mitigation Strategies

Risk assessment involves identifying potential threats to AI systems and evaluating their impact and likelihood. Mitigation strategies are then developed to address these risks effectively. Key steps include:

• Identifying Risks

Organizations should conduct thorough assessments to identify risks associated with AI technologies, including technical vulnerabilities, ethical concerns, and operational challenges. This can involve stakeholder interviews, surveys, and analysis of historical incidents.

• Evaluating Risks

Once risks are identified, they should be evaluated based on their potential impact and likelihood. This assessment helps prioritize risks and determine which require immediate attention.

• Developing Mitigation Strategies

Mitigation strategies may include:

- Technical Solutions: Implementing security measures, such as encryption, access controls, and regular software updates, to protect against vulnerabilities.

- Policy Development: Establishing policies and procedures to guide ethical AI use, including guidelines for data handling and algorithmic transparency.

- Training and Awareness: Providing training for employees on AI ethics, security practices, and risk management to foster a culture of responsibility.

• Monitoring and Review

Continuous monitoring of AI systems is essential to detect new risks and assess the effectiveness of mitigation strategies. Regular reviews and updates to risk assessments ensure that organizations remain proactive in managing risks.

?? Ethical AI Considerations

Ethical considerations in AI involve ensuring that AI systems are designed and used in ways that align with societal values and human rights. Key ethical principles include:

• Fairness and Non-Discrimination

AI systems should be designed to avoid biases that could lead to unfair treatment of individuals or groups. This involves using diverse training datasets and implementing fairness metrics to evaluate outcomes.

• Transparency and Explainability

AI systems must be transparent, allowing users to understand how decisions are made. Explainability is crucial for building trust and accountability, particularly in high-stakes applications like healthcare and criminal justice.

• Accountability

Establishing accountability mechanisms ensures that individuals or organizations are responsible for the outcomes of AI systems. This includes defining roles and responsibilities for AI development and deployment.

• Privacy Protection

Ethical AI considerations must prioritize the protection of individuals' privacy rights. This involves implementing data minimization practices, obtaining informed consent, and ensuring secure handling of personal data.

?? Regular Security Audits and Certifications

Regular security audits and certifications are vital for maintaining the integrity and security of AI systems. These processes help organizations identify vulnerabilities, ensure compliance with regulations, and build stakeholder trust. Key aspects include:

• Conducting Security Audits

Security audits involve comprehensive evaluations of AI systems to assess their security posture. This includes reviewing code, configurations, and access controls to identify potential weaknesses.

• Engaging Third-Party Assessors

Organizations may benefit from engaging independent third-party assessors to conduct audits. These experts can provide an unbiased evaluation of security practices and recommend improvements.

• Achieving Certifications

Certifications, such as ISO 27001 for information security management, demonstrate an organization's commitment to security best practices. Achieving these certifications often involves rigorous assessments and adherence to established standards.

• Continuous Improvement

Security audits should not be a one-time event. Organizations should establish a schedule for regular audits and continuously improve security measures based on audit findings and emerging threats.

Summary: By implementing a robust AI governance framework, conducting thorough risk assessments, considering ethical implications, and performing regular security audits, organizations can effectively manage the complexities and risks associated with AI technologies. This proactive approach fosters trust, accountability, and responsible innovation in the AI landscape.

? Real-World Examples of AI Security Incidents

?? AI Security Incidents

AI systems, while powerful, are not immune to security incidents. Here are notable examples of AI-related security breaches:

?? 1. Data Reconstruction Attacks

In recent years, there have been incidents where attackers successfully executed data reconstruction attacks on AI systems. These attacks involve reverse-engineering confidential information from aggregate data. For instance, researchers demonstrated that neural networks could memorize training data, allowing adversaries to reconstruct sensitive individual records from the model's outputs. This vulnerability highlights the risks associated with AI systems that rely on large datasets, particularly in sectors like healthcare and finance where sensitive information is prevalent[1].

?? 2. Evasion Attacks on AI Systems

A practical example of an evasion attack was conducted by Wavestone's cyber teams, who tested their internal AI system used for classifying IT support tickets. They simulated attacks that aimed to trick the AI into misclassifying requests. Although the immediate impact was low, the experiment underscored the potential dangers of such attacks, especially in critical applications like autonomous vehicles or healthcare systems, where incorrect classifications could lead to severe consequences[3].

?? 3. Phishing Detection Failures

Even advanced AI systems can struggle with security threats like phishing. Google’s Gmail employs machine learning to detect phishing attempts, but attackers continuously adapt their strategies. Despite these efforts, sophisticated phishing campaigns still manage to bypass detection, leading to unauthorized access to sensitive user information. This ongoing cat-and-mouse game illustrates the vulnerabilities inherent in AI systems that rely on pattern recognition for security[4].

?? Successful Case Studies of Businesses Implementing Strong AI Security Measures

While AI security incidents highlight vulnerabilities, many organizations have successfully implemented robust AI security measures. Here are some exemplary case studies:

?? 1. IBM Security QRadar SIEM

A major Gulf-based bank faced challenges with its legacy Security Information and Event Management (SIEM) system, which generated excessive false positives, leading to alert fatigue among security analysts. To address this, the bank implemented IBM Security QRadar SIEM, which utilizes AI and machine learning to enhance threat detection and reduce alert overload. This transition resulted in a significant reduction in false positives and improved response times, demonstrating the effectiveness of AI in streamlining security operations[4].

?? 2. Google’s Phishing Detection

Google has effectively leveraged AI to enhance the security of its Gmail service, which handles over 1.5 billion users. By employing machine learning models trained on vast datasets of email characteristics, Google has significantly improved its ability to detect phishing attempts. The system analyzes various factors, including content and sender information, to identify potential threats and protect users from malicious attacks. This proactive approach has made Gmail one of the most secure email platforms available today[4].

?? 3. VirusTotal's Code Insight

VirusTotal, a subsidiary of Google, introduced Code Insight, an AI-powered tool designed to analyze suspicious files and URLs. This tool utilizes Google's Cloud Security AI Workbench to understand code semantics and identify malicious patterns. By generating human-readable explanations of code functionality, VirusTotal has enhanced the efficiency of security operations teams, enabling them to quickly assess risks and respond to threats more effectively[2].

??4. HackerOne's AI Co-Pilot

HackerOne, a leading bug bounty platform, developed an AI co-pilot named Hai to assist security analysts. This AI tool analyzes vulnerability reports, providing context and remediation advice. By streamlining the vulnerability assessment process, Hai enhances the productivity of security teams and helps organizations address security issues more efficiently. This case illustrates how AI can augment human capabilities in cybersecurity[2].

These examples demonstrate that while AI systems face significant security challenges, proactive measures and innovative solutions can effectively mitigate risks and enhance overall security. Organizations that adopt strong AI security practices not only protect their data but also build trust with their users and stakeholders.

? Conclusion: Securing the Future of AI

As AI technologies continue to advance and become more prevalent in businesses, it is crucial to prioritize security and responsible development. By implementing robust security measures and best practices, organizations can harness the power of AI while effectively mitigating risks and building trust with stakeholders.

?? Key Best Practices for Secure AI

Throughout this discussion, we have explored several key best practices for securing AI systems:

?? 1. Implementing secure coding practices to minimize vulnerabilities and adhere to security standards

?? 2. Conducting regular vulnerability scans and applying timely patches to address known weaknesses

?? 3. Ensuring secure infrastructure and cloud environments with proper configurations, network security, and cloud security best practices

?? 4. Developing comprehensive incident response plans to minimize the impact of security breaches

?? 5. Establishing an AI governance framework with clear objectives, oversight mechanisms, and risk management strategies

?? 6. Considering ethical AI principles such as fairness, transparency, accountability, and privacy protection

?? 7. Performing regular security audits and pursuing relevant certifications to validate security measures

?? Ongoing Vigilance and Adaptation

Securing AI systems is an ongoing process that requires continuous vigilance and adaptation. As threats evolve and new vulnerabilities emerge, organizations must remain proactive in their security efforts. Regular monitoring, testing, and updating of security measures are essential to keep pace with the changing landscape.

Moreover, the field of AI security itself is rapidly advancing, with researchers and security professionals continuously developing new techniques to detect and mitigate attacks. Staying informed about the latest developments in AI security and actively participating in the security community can help organizations stay ahead of potential threats.

?? Prioritizing AI Security for Responsible Innovation

Prioritizing AI security is not only a matter of risk mitigation but also a key enabler of responsible innovation. By demonstrating a strong commitment to security and ethical practices, organizations can build trust with their customers, partners, and regulators. This trust is crucial for unlocking the full potential of AI and driving widespread adoption.

Furthermore, a robust security posture can provide a competitive advantage in the market. Customers and stakeholders are increasingly aware of the importance of data privacy and security, and they are more likely to engage with organizations that prioritize these aspects.

In conclusion, securing AI systems is a critical imperative for businesses in the modern digital landscape. By implementing the best practices outlined in this discussion and maintaining ongoing vigilance, organizations can harness the transformative power of AI while effectively managing risks and fostering trust. As we move forward, it is essential for businesses to prioritize AI security as a key pillar of their innovation strategies, paving the way for a future where the benefits of AI are realized safely and responsibly.

AI Driven Customer Support Platform that Transforms Customer Service

Supportbench.com plays a pivotal role in the context of secure AI by providing an AI-driven customer support platform specifically designed for B2B environments. Its comprehensive suite of features integrates seamlessly into existing workflows, enabling businesses to enhance customer interactions while maintaining robust security practices. Supportbench utilizes advanced AI capabilities to automate processes, such as ticket organization and sentiment analysis, which not only streamlines operations but also minimizes the risk of human error that can lead to security vulnerabilities.

Supportbench empowers businesses to fulfill their customer needs with AI and data science. They provide a comprehensive platform that:

• Integrates seamlessly with your existing customer support systems.
• Offers a suite of AI-powered tools, including chatbots, sentiment analysis, and predictive analytics.
• Provides actionable insights to optimize your customer support efforts.
• Facilitates human-AI collaboration through intuitive interfaces.

By centralizing customer communications and support processes, Supportbench allows organizations to maintain a clear oversight of interactions, ensuring that sensitive data is handled securely and in compliance with privacy regulations. Furthermore, the platform's emphasis on continuous learning and adaptation empowers businesses to stay ahead of emerging threats, reinforcing the importance of ongoing vigilance in AI security. Overall, Supportbench exemplifies how AI can be harnessed effectively and securely, enabling businesses to unlock the full potential of AI-driven customer support while mitigating associated risks.