printer friendly version

The impact of GenAI on cybersecurity

Sophos released a new report, Beyond the Hype: The Business Reality of AI for Cybersecurity (https://tinyurl.com/yt4wmjtd), which surveyed 400 IT leaders on using AI in security. The survey found that, despite 65% having adopted generative artificial intelligence (GenAI) capabilities, 89% of IT leaders are concerned that flaws in GenAI cybersecurity tools could put their organisation at risk.

Additionally, according to new Sophos X-Ops research, Cybercriminals Still Not Getting on Board the AI Train (https://tinyurl.com/mu4sum95), there has been a slight but noteworthy shift in how cybercriminals use AI. After investigating several underground forums, Sophos X-Ops found that, while there is till scepticism about GenAI, some criminals are using it to automate mundane tasks, such as crafting bulk emails and analysing data. Others are incorporating it into spam and social engineering toolkits.

“As with many other things in life, the mantra should be ‘trust but verify’ regarding generative AI tools. We have not actually taught the machines to think; we have simply provided them with the context to speed up processing large quantities of data,” said Chester Wisniewski, director, global field CTO, Sophos. “The potential of these tools to accelerate security workloads is amazing, but it still requires the context and comprehension of their human overseers for this benefit to be realised.”

With some form of AI embedded in the cybersecurity infrastructure of 98% of organisations surveyed, IT leaders expressed concern about potential over-reliance on AI, with 87% of respondents stating they were concerned about a resulting lack of cybersecurity accountability.

GenAI and reducing burnout

Organisations of different sizes expressed different priorities for utilising GenAI. While large organisations (those with more than 1000 employees) are prioritising improved protection, respondents with 50-99 employees rated reducing burnout as their top desired benefit from GenAI tools. However, complicating matters, across all sizes of organisations, 84% of leaders surveyed said they were concerned about pressure to reduce cybersecurity professional headcount due to unrealistic expectations about AI’s abilities to replace human operators.

Other key findings from the report

• Costs of GenAI are hard to quantify: 75% of IT leaders agree that the costs of GenAI in cybersecurity products are hard to quantify.

• Companies are counting on savings from GenAI: While 80% of IT leaders believe that GenAI will significantly increase the cost of cybersecurity tools, most organisations believe GenAI offers a path to lowering overall cybersecurity expenditure, with 87% of respondents believing the savings of GenAI will offset the costs.

Share this article:

Further reading: