The proliferation of AI has taken the world by storm, yet the impact on cybersecurity and the Chief Information Security Officers (“CISOs”) that manage it is mixed. Marching to an impressive sustained annual growth, which is expected to continue through the decade, AI can no longer be ignored for its potential benefits and risks.
As organizations embrace AI in a myriad of ways, including as a time-saver across departments in many areas of operations, a disturbingly low percentage of CISOs report relying on it in their day-to-day activities. This points to a disconnect between siloed departments and the primary parties responsible for ensuring the cybersecurity of the organization. Furthermore, there has been little, if any, training of employees in the appropriate and safe usage of generative AI in the workplace, a glaring shortcoming that can put an entire organization at risk.
Discipline and governing protocols around the use of AI are found to be lacking and CISOs have been slow in adapting to the excitement and embrace of emerging AI technologies and applications.
Furthermore, there has been little, if any, training of employees in the appropriate and safe usage of generative AI in the workplace, a glaring risk that can put an entire organization at risk.
CISOs are notoriously overworked and, in some cases, may potentially be held personally liable for errors or damages. With the rapidly evolving cyberthreat landscape, while challenging, it is absolutely critical that CISOs remain abreast of new developments in AI and address related security challenges accordingly. This will undoubtedly add to their workload and responsibilities as AI’s threats to security continue to mount.
While AI is being hailed for its obvious benefits, it is also providing opportunity for bad actors to leverage its power for nefarious purposes. Their tactics could, for example, lead to faster and more widespread phishing activities.
Through phishing, hackers can now bait potential victims with perfect accuracy, as opposed to previous attempts that were notoriously riddled with errors, typos, and inaccuracies. In addition, the use of deepfake AI technology is tripping up even the most seasoned of IT professionals, not to mention lower-level employees. Recently, a multinational suffered a $26 million loss when a deepfake video of their CFO conned staff into making what they thought were legitimate bank transfers. Another concerning trend that has emerged is the redirection of AI, causing the technology to malfunction, outputting incorrect content and information, and in many cases even damaging it. In effect, hackers can literally poison an AI system in a manner that will compromise an organization’s security and integrity. Without adequate awareness, training, governing protocols, and other security measures, more companies will remain at risk for these and other calamities.
In order to neutralize and counter threats of this nature as well as other developing risks, organizations must first understand the new AI landscape. For many non-tech administrators, the learning curve is significant and many report feeling intimidated or overwhelmed by the advent and propagation of AI. It is high time to bite the bullet and introduce broad education on generative AI–both its strengths and weaknesses–so that decision-makers can appropriately calculate their organizations’ risks and assign adequate budgets to governance, training, and technology that will more effectively secure their businesses. CISOs need their support, intellectually, managerially, and budgetarily in order to meet the threats arising from the rapid spread of AI on every level of operation. Without it, CISOs will impotently flounder in an ever-evolving sea of AI-powered advancement, unable to deflect attempts to destroy, malign, trick, and ultimately steal from their organizations. CISOs represent the front line of cybersecurity and it is imperative that they be robustly equipped with the education, tools, and comprehensive support necessary to keep their employers safe. Championing this support will take vision, courage, humility, and unwavering leadership. Time will tell who is up to the task.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Index Engines: Ensuring the Integrity and Recoverability of Data – Six Five On the Road at RSAC
The Futurum Group Announces Shira Rubinoff as President, Cybersphere
What is Autonomous Endpoint Management? – Six Five On The Road
Author Information
Acclaimed cybersecurity researcher and advisor, Shira is a global keynote speaker and presenter, and expert media commentator. She joined The Futurum Group in February 2024 as President, Cybersphere.
