Building a Culture of Cyber Resiliency with AI
New data shows chief information security officers are caught between unleashing AI’s productivity and securing against its threats.
As generative AI technology continues to dominate executive mindshare, security leaders find themselves in a precarious position: tasked with harnessing the productivity promises of the technology while simultaneously safeguarding against its potential vulnerabilities, errors and biases.
Despite concerns, most chief information security officers (CISOs) say they believe in the technology’s potential to help build a more cyber resilient organization. A recent report on the state of AI in cyber risk management from Balbix surveyed more than 600 US-based cybersecurity leaders and found that two out of three are keen to harness AI to prevent vulnerabilities.
But even in organizations that have partially or fully adopted AI, just 47% of CEOs and board members consider AI crucial to their cybersecurity risk management programs, compared to 64% of CISOs. This discrepancy highlights the need for CISOs to demonstrate the value of AI in improving their organizations' cybersecurity resilience. Below, I highlight ways in which CISOs can begin to leverage AI and showcase its impact in exponentially boosting their organization’s cybersecurity function.
The Challenge of Keeping Pace with Vulnerabilities
The National Vulnerability Database (NVD) tracked over 3,000 critical vulnerabilities in July of this year alone. According to Verizon’s 2024 Data Breach Investigations Report (DBIR), the rate of vulnerability exploits has been exploding with a 180% increase over the past year. That’s almost triple the number of vulnerabilities exploited from the year prior as cyber threats continue to evolve and scale.
It makes sense that the top concern for cybersecurity leaders is vulnerabilities associated with unpatched software and systems in their current tech stack (54%). Close behind are concerns around vulnerabilities brought on by misconfiguration (48%), and end-of-life systems (43%). Despite recognizing the need to address these exposures, nearly half of organizations surveyed scan for vulnerabilities only once a week, or less frequently, signaling a lack of adequate resources to identify and address potential threats in a timely manner. The Verizon DBIR suggests that organizations took almost two months to patch and remediate 50% of critical vulnerabilities, while these same vulnerabilities became mass-exploitable in five days. This makes it a perilous situation for enterprises.
To top it all, threat actors and their methods, powered by AI, are becoming increasingly difficult to detect and prevent. Recent data found that 95% of IT leaders believe that cyber-attacks are more sophisticated than ever before, with AI-powered attacks being the most serious emerging threat. Over 80% of those respondents agreed that scams like phishing have become more difficult to detect with the rise in actors using AI maliciously. In response to the growing threat landscape, enterprise organizations must enable a culture of continuous monitoring, detection, and remediation to ensure better cyber resilience.
Generative AI tools Can Help
In the face of escalating cyber threats, shrinking budgets, and understaffed teams, narrowing the skills gap is not just a necessity, it is a strategic imperative. For many CISOs, AI offers a significant opportunity to help bridge the gap between the resources they have and the resources they need.
Of the 54% of security professionals that have either fully adopted or partially adopted AI, 63% specifically want to use AI to help prioritize threats and vulnerabilities and 57% consider inference to be AI’s best functionality for cybersecurity. Clearly, CISOs recognize the critical role AI can play in prioritizing threats and vulnerabilities, helping to ensure that critical issues are flagged and addressed with the urgency they demand. Integrating AI-powered tools can help streamline security operations and free-up teams to focus on more complex threats, which is especially critical as security teams continue to feel overwhelmed and understaffed.
That’s why GenAI is becoming an increasingly essential tool for security teams to stay ahead of emerging threats as it enables them to effectively analyze data, draw meaningful conclusions and enhance decision-making processes at a timely pace.
However, AI isn't a magic bullet solution. To truly capitalize on AI’s potential, enterprises need to commit to regular training and upskilling. Security teams that receive specialized training to effectively deploy and manage AI tools, can interpret the complex data these tools generate, and stay ahead of emerging threats.
AI is not the sole culprit taking advantage of the dynamic threat landscape, though it is increasingly becoming a powerful tool for threat actors to enable more sophisticated and unpredictable attack methods. CISOs can better respond to this fast-changing threat landscape by implementing a flexible, adaptive approach to cybersecurity risk management. This involves staying ahead of emerging vulnerabilities with new technologies that enable more visibility and empower CISOs to revise strategies as necessary. Integrating AI into your daily security operations is an important step in proactively building a culture of cyber resiliency, not just as a defensive measure. By implementing these strategies, CISOs can effectively showcase the business impact of AI in making their organization more cyber resilient and in turn get executive buy-in.
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022