Dive summary:
- IT leaders say increased investment in AI have made their organizations more vulnerable to cyber threats, according to a Flexential survey published last week.
- More than half of executives attribute complexity of AI applications toor weaken their company’s cybersecurity posture by expanding the attack surfaceaccording to the survey of 350 IT decision-makers in organizations with annual revenues greater than $100 million.
- Around 2 out of 5 IT managers say their security teams lack the skills to protect AI applications and workloads.
Dive Overview:
As AI becomes increasingly integrated into IT strategy, concerns around the technology are growing. security has increased among business leaders.
So far, AI-driven attacks have been minimal in the context of overall threat activity, according to Chris Novak, Senior Director of Cybersecurity Consulting at Verizon.
“I try to be careful when I say this, because I’m not saying it can’t happen or that there aren’t cases,” Novak told CIO Dive earlier this summer. “But what we’re seeing is that if you look at it statistically, in the grand scheme of cyberattacks, AI is probably one of the lowest risks.”
The return on investment for malicious actors is partly to blame for the status quo. Cyberattacks that exploit human error are so effective that adding a new, often costly technique wouldn’t change much, Novak said.d. More than two-thirds of data breaches This year, it was a non-malicious human element, such as a social engineering attack or a worker making a mistake, according to Verizon’s annual Data Breach Investigations Report.
“Malicious actors don’t necessarily have to do a lot of work,” Novak said. “For many of them, it’s already working very, very well, and the gains are usually very quick.”
Organizations must continue to invest in employee training to limit errors, but leaders can also take advantage of the lag in AI attacks.
More than a third Executives highlighted cybersecurity and AI as Key areas of investment for skills upgrading this year, according to a SKILLS survey published in June. Failing to fill skills gaps can compound risks. More than 2 in 5 cybersecurity professionals admitted to having little or no experience in securing AIaccording to ISC2 Search.
Instilling security in AI Adoption Projects is critical.
“This is an opportunity for us to get ahead of the bad actors, whereas normally we wait and see what they do,” Novak said. Understanding how organizations can mitigate AI risks and protect the business from AI-based attacks is critical.