Dive Temporary:
- One in 4 CISOs has skilled an AI-generated assault on their firm’s community prior to now yr, and AI dangers now high their precedence lists, according to a report launched Thursday from cybersecurity firm Team8.
- The true variety of firms focused by AI-powered assaults “could also be even increased,” Team8 stated in its report, “as most AI-driven threats mimic human exercise and are troublesome to detect with out superior metrics like time to exploitation and velocity indicators.”
- AI outranked vulnerability administration, knowledge loss prevention and third-party threat on CISOs’ precedence lists, in keeping with the report, which is predicated on interviews with greater than 110 safety leaders from main enterprises.
Dive Perception:
AI is creating a variety of latest cybersecurity challenges for CISOs, from newly efficient assaults to newly susceptible expertise platforms.
The problems dominating CISOs’ minds are securing AI brokers (which 37% of respondents talked about) and making certain that workers’ use of AI instruments conforms to safety and privateness insurance policies (36%). Past AI-powered phishing and malware improvement, the report exhibits, executives are additionally anxious in regards to the unintended safety penalties of their very own firms’ use of AI.
“Boards are pushing aggressively for enterprise-wide [AI] adoption, and safety leaders are anticipated to allow, not block, this transition,” Team8 stated in its report. “That places CISOs within the scorching seat: charged with mitigating threat in a expertise area that’s nonetheless poorly understood, shifting quick, and missing mature controls.”
Nearly half of firms nonetheless require workers to get permission to make use of specific AI instruments, an allow-listing method that Team8 stated might trigger friction with non-security executives desirous to develop their companies’ AI use. “The demand for efficient ‘allow-by-default’ controls is acute,” Team8 noticed, “as safety groups grapple with shadow AI utilization and the absence of enterprise-grade governance frameworks.”
On the flip aspect, CISOs are additionally keen to include AI into their very own operations. Almost eight in 10 CISOs instructed Team8 that they anticipate security operations center roles to be the primary positions changed by AI. Almost half of these CISOs stated that decreasing their worker depend was a significant factor of their experimentation with AI-powered SOCs. Executives additionally anticipate AI to interchange people within the areas of penetration testing (which 27% of CISOs cited), third-party threat assessments (27%), evaluations of consumer entry requests (24%) and risk modeling (22%).
Within the areas of penetration testing and risk modeling — the place there’s a main workforce scarcity due to the required expertise and information — Team8 stated that AI brokers might “unlock expert-level capabilities throughout a broader floor space.”
Already, practically seven in 10 firms are utilizing AI brokers and one other 23% are planning to deploy them subsequent yr, in keeping with Team8’s report. Curiously, given the proliferation of agentic AI distributors, greater than two-thirds of the businesses utilizing or testing AI brokers stated they had been growing them in-house.
