Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Using generative AI in cyberattacks is something that’s keeping CISOs up at night—but strategies to manage the danger are here to ease those sleepless evenings, no melatonin required.
“Their job is to be able to manage risks in this huge, uncertain environment that they have,” RSA Conference’s Laura Robinson told IT Brew. “And it’s not like uncertainty has changed with GenAI—they’ve always had to deal with uncertainty—but GenAI has really upped the level of uncertainty.”
Robinson is the program director for RSA Conference’s Executive Security Action Forum (ESAF), a community for Fortune 1000 security executives. In new data from the forum, the C-suite’s concerns over the increasing threat of generative AI are front and center.
Findings, findings. The ESAF survey of 100 Fortune 1000 CISOs found that 72% of respondents have seen the technology deployed against their enterprise, of which 70% were used in “highly tailored” phishing emails, while vishing, automated hacking, and deepfake videos accounted for 37%, 22%, and 21%, respectively.
Board members are expressing their frustration with the rise in generative AI attacks, and that’s adding a new level of complexity to an already stressful role. Robinson noted that “the board’s fears may be influenced by all the hype in the media about the threat,” adding a complication for CISOs who may know more about the threat but have to explain that to the rest of the C-suite team. As IT Brew reported last year, CISOs and boards are both considering the opportunity and danger presented by the technology.
“The biggest risk is that attackers use AI themselves in order to sophisticate and improve their attacks…and the second is more this accidental leakage of information,” Endor Labs Security Researcher Henrik Plate told IT Brew at the time. “Because even though the adoption of this generative AI within companies is still relatively low, as soon as the adoption is growing, that risk becomes more important.”
Sunny skies. Executives are looking at strengthening their defenses with the same tech that’s causing them stress, they told ESAF. AI assessments and security data preparation are on the list of proposed solutions, but training may be the most important aspect, Robinson said.
“A lot of it is communication with users, helping them to recognize these sorts of things,” Robinson said. “There will be technical controls that they’ll be putting in place, especially as vendors increase their capabilities.”
Robinson added that the opportunity in place for generative AI to make a difference in CISO workloads means it’s more than just something to be worried about—there’s potential.
“They are concerned about it, but they are also really focused on the opportunity to use GenAI to make defenses better,” Robinson said. “I thought that was quite optimistic.”