CISOs Facing the Growing Impact of AI-Powered Threats

The rapidly changing pace of cybersecurity is an ever present talking point in the industry. 

And for good reason: for years CISOs and their organisations have faced keeping pace with threat actors who don’t stand still and increasingly, use more innovative tools and techniques to infiltrate companies. 

Over the last couple of years however, the pace has quickened further as a result of ongoing innovation and advances in AI. 

The technology’s proliferation in the enterprise environment is a double edged sword: for companies it increases efficiency, reduces costs and improves competitiveness. For CISOs it rewrites the terms of the contest between attackers and defenders. 

According to Darktrace’s State of AI Cybersecurity report, security leaders must build strategies to stay ahead of the curve and harness the power of AI so that defences can evolve along with attack sophistication. 

The report offers a global perspective on the growing role of AI in cybersecurity based on discussions with over 1,500 cybersecurity and IT professionals. It finds that 78% of CISOs believe that AI is having an impact on cyber threats and as a result, they are moving quickly to protect themselves. 

AI threats become a reality

AI-powered threats are having an increasing impact on organisations as the technology is used more effectively by threat actors. Darktrace observes a 135% increase in novel social engineering attacks, which are harder to detect and more readily bypass traditional defences.

At the same time, easy access to AI technologies makes advanced takes at speed and scale more commonplace with attackers targeting AI systems in the enterprise environment. 

The report finds that 26% of leaders say AI-powered cyber threats are already having a significant impact on their organisation, while 49% believe they will likely have a significant impact over the next two years.

"The impact of AI on cybersecurity is clear and increasing. There are more employees and enterprise applications using AI that must be protected,” says Jill Popelka, CEO, Darktrace. 

“Adversaries are using it to make their attacks more targeted, scalable and successful. All of this is unfolding in a highly volatile geopolitical environment that is creating more uncertainty.”

While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against these threats, an increase of nearly 15% year-over-year. 

However, a lack of AI knowledge, skill gaps and a shortage of talent remain the top barriers to a successful defence.

Gaps in confidence and comprehension

A large proportion of leaders (95%) believe AI can improve the speed and efficiency of their ability to prevent, detect, respond and recover from threats. However, many concede that significant knowledge gaps persist.

Only 42% reported that they fully understand the types of AI in their existing security stack. Moreover, two of the top three inhibitors to successfully defending against AI-powered threats include insufficient knowledge or use of AI-driven countermeasures and insufficient knowledge/skills pertaining to AI technology. 

“To stay ahead, organisations must integrate AI-driven security solutions that not only detect and respond to threats but proactively anticipate them,” explains Jon Mendoza, CISO of Technologent. “True resilience comes not just from deploying AI but from empowering security teams with the knowledge and tools to wield it effectively. 

“A security platform built on actionable-intelligence and hyper-automation is essential to containing threats and minimising the blast radius of attacks. In today’s ever-evolving threat landscape, AI isn’t just an advantage, it’s a fundamental necessity."

To mitigate threats, teams are increasingly using AI to help navigate skills and training shortages and automate tasks to allow security professionals to focus on securing their organisations – 88% say the use of AI is critical for enabling security teams to become more proactive. 

Prioritising future action

Data privacy and developing a platform approach remain key priorities for security leaders. Discussing technology preferences, 84% say they prefer solutions that don’t require external data sharing and 87% believe a platform approach to be more effective than implementing a collection of point solutions. 

Notably, managing risk is a core priority but the report finds more action is needed. Of all respondents, 95% say their organisation is either discussing or has implemented a formal policy for safe and secure use of AI.

When asked to look ahead at the future impact of AI, cloud security and network security are identified as two domains where defensive AI will have the biggest impact. 

"There has never been a more urgent need for AI in the SOC to augment teams and pre-empt threats so organisations can build their cyber resilience,” adds Jill. 

“That's why Darktrace continues to invest in new innovations to help customers manage risk and thrive in this new era of AI threats." 

Considering future development, security leaders expect Gen AI to have the biggest impact on cybersecurity over the next three years, closely followed by deep learning and neural networks and supervised machine learning. 

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand