Is the cybersecurity industry ready for AI?

A few months ago, we shared an article with you about the importance of artificial intelligence in combating cyber threats and the advantages of introducing this technology into business cybersecurity strategies.

Today, we want to turn this around and reflect on whether the cybersecurity industry is prepared for AI’s full implications beyond all its benefits.   

Cybersecurity in the GenAI era

Generative AI has conquered virtually every part of the world, but there is still confusion about its application in cybersecurity and the extent to which cybercriminals could adopt it and use it to harm.

According to a McKinsey global survey on AI, 40% of respondents said their organizations plan to increase their investment in this technology thanks to advances in generative AI.

However, it suggests that few companies are prepared to use it or the business risks it may bring, with 53% recognizing cybersecurity as a risk related to generative AI but only 38% working to mitigate it.

On the other hand, according to a survey by Cybersecurity Magazine, only 46% of security professionals believe they understand the impact of this technology on cybersecurity, and CIOs have the lowest understanding of AI among the different job roles surveyed (42% admit this).

These are worrying figures and put businesses, their most sensitive data, and their employees at risk. This is why it is so important to consider crucial points such as:

• Prioritise risk modeling and risk assessment scoring
• Establish new regulatory and reporting requirements for cyber incidents
• Consider social, humanitarian, sustainable, and technological risks
• Partner with cybersecurity vendors to implement next-generation security products.   

Problems in dealing safely with AI

These concerns and worries can affect companies’ proactive approach to addressing their technology implementation strategy. It would be a big mistake not to invest in viable security policies, user education, or AI-enabled tools.

Therefore, it is critical for the security industry to familiarise itself with the technology and identify where and how it can be used effectively.

Seventy-three percent of the magazine’s survey respondents agreed that AI is becoming an increasingly important tool for security operations and incident response. This technology can respond to incidents faster and more accurately by analyzing data at scale, identifying threats in real-time, and proposing possible courses of action in response to findings.

As such, the cyber security industry cannot let its guard down in its artificial intelligence implementation strategies.  

Keys to preparedness

There is no quick or easy solution to address the kind of societal and technological change that AI is stirring up, but what is clear is that any strategy that includes AI should include the development of a framework to identify and address current and future threats.

This should start by ensuring that AI expertise is present at the board level, for example, by appointing a CAIO. In addition to mitigating threats, this will be a person who can ensure that opportunities are identified and exploited, as well as raise awareness of related risks within the team.

On the other hand, each employee should be aware of how AI can affect their role and how to enhance their skills to make them more efficient and effective. Hence, the company should ensure that there is an open and continuous dialogue. 

Indeed, AI is used to gather information or make decisions, and policies should be implemented to assess accuracy and identify areas of operation that could be affected by AI bias, especially for those using it at scale.

Therefore, identifying and mitigating AI cyber threats will become part of organizations’ cybersecurity strategies. This will involve applying best practices to combat security breaches, training employees on AI-enhanced social engineering and phishing attacks, or implementing AI-based cyber defense systems to protect against attempted cyberattacks.

In addition, companies should engage with regulators and government bodies in discussions about AI regulation and legislation as, as the technology matures, all stakeholders will be involved in drafting and implementing codes of practice, regulations, and standards. Therefore, businesses need to be informed and trained in the use of this technology, as by not understanding and reacting to these threats, they risk affecting them by failing to take advantage of AI opportunities and falling behind competitors.   

A secure and robust AI strategy

Embracing digital transformation forces a re-examination of traditional security models, which do not provide agility in a rapidly evolving environment. Today, data footprints have expanded to the cloud or hybrid networks, and the security model has evolved to address a more holistic set of attack vectors.

Zero Trust is the essential security strategy for today’s reality. At Plain Concepts, we have the expertise and resources to meet the needs of all layers of security.

Moving to a Zero Trust security model does not have to be all or nothing. We recommend using phased approaches, closing the most exploitable vulnerabilities first and covering identity, endpoints, applications, network, infrastructure, and data.  

In addition, we provide a Generative AI adoption Framework for you to learn best practices, discover the use cases that will be most beneficial to you, and learn how to implement them effectively in your organization while preserving the security of your data and your employees.

We’ve already helped hundreds of organizations evolve their Zero Trust deployments to respond to the transitions to remote and hybrid working in parallel with the increasing sophistication of cyber-attacks and new challenges posed by the latest technologies. Want to be next? We’ll help you!