What Global CISOs Are Getting Right and Wrong in the Age of AI Threats

AI has been the center of many a conversation for the last few years. Everyone is talking about the threat to jobs, the growing necessity for employees to upskill, AI-led business transformation, responsible AI, and so on. What is not spoken about much are the growing incidents of AI-based cyberattacks. They are on the rise and are becoming a serious concern for CISOs. The most recent incident was a deepfake of a company CEO which duped an employee into transferring $25 million to a fraudulent account. Two years ago, an AI-driven ransomware attack on a fast-food company resulted in the closure of nearly 30 branches in the UK. And in 2018, hackers were able to use AI to breach TaskRabbit and steal over 3.75 million users’ personal and financial details. 

The attacks are innovative and show that advances in technology are also being used effectively to bypass defences and fool employees. CISOs have the daunting task of implementing a security plan that can learn, detect, and prevent attacks before they cause any damage. So far, they seem to be on the right track and with some course correction, CISOs can build a field-ready barrier to thwart unauthorised intrusions.   

What Global CISOs Are Getting Right

CISOs are rewriting the playbook when it comes to dealing with AI-driven cyber threats. They are becoming more proactive and strategic in their approach, aligning their plan with the organization’s business objectives.  

• CISOs are viewing AI as a force multiplier in their overall game plan, with its ability to process massive volumes of data and identify anomalies faster than before. This allows analysts to prioritize threats in real time, improving overall response times. Here, AI empowers the analysts, instead of replacing them. It helps them deal with complex challenges in a faster and smarter manner. 
• Cybersecurity professionals are moving away from an ‘alert-driven’ mode to a ‘risk-driven’ one. An SOC-as-a-Service model is based on this approach where an enterprise enjoys round-the-clock monitoring with AI/ML-based detection and advanced security orchestration and response, with alert prioritization, custom workflow and integrations for easy operation and automation. This takes the pressure off the team that would otherwise be bogged down chasing every notification alert. This helps employees understand business risk, wherein aspects like context, potential business impact, and organizational resilience are assessed. It also lets teams allocate resources more effectively and focus on threats that matter most to the business. 
• Global CISOs are strengthening their threat intelligence programs by extracting business relevance from raw technical data and correlating it to business relevance, industry trends, geolocation, etc., to give it context. This integration of technical and strategic insight allows security teams to detect threats sooner and also understand their potential impact on operations, brand reputation, and revenue. 
• CISOs are now part of the boardroom, translating cyber risk into the language of business, articulating how threats can affect revenue, customer trust, and competitive positioning. This allows leadership to understand the importance of allocating adequate resources required to protect business IP and data from getting compromised. 

While CISOs are becoming more strategic in the way they build a robust security framework and communicate with the executive leadership, they are also falling short in certain areas.   

What CISOs are Still Getting Wrong

• There is a big dependence on legacy tools, especially the ones that are marketed as AI-powered solutions. Such integrations rarely achieve any positive outcomes. In order to extract value from an AI-enabled tool, analysts will need to train the model with relevant data and in simulated environments to gauge how it will perform in a live situation. Training and validating with data is very essential to successful implementation; otherwise, it will only create a false sense of security that the organization is suitably protected. 
• AI-enhanced social engineering is still grossly underestimated. AI is making phishing emails, deepfakes, and voice clones even more convincing than before. CISOs who fail to address the human aspect of the security framework are potentially putting the organization at risk. Regular awareness training sessions, a zero trust architecture, and non-invasive identity management systems can help lower the risk of seeing their strongest technologies being bypassed by AI-infused deception. 
• Simply investing heavily in detection and prevention solutions is not the answer to the problem. Detection is only one part of the solution. Incidence response is the other. Improving response times consistently, through automation, will let CISOs achieve a more resilient security framework. 
• Organizations continue to treat security checks and audits as a periodic exercise even though threats—like ransomware attacks, data breaches, etc.—are lurking round the clock. A CISO must ensure that the framework moves from a reactive model to one that is in a state of ‘continuous readiness.’ This would require various methods like ethical hacking to find weak points, continuous testing, and live simulations to ensure 24x7 preparedness. 

Dealing with AI-based threats will require security experts to do something more than rely on tools. CISOs will have to integrate real-time intelligence, human expertise and judgment, with continuous awareness to defend against cyber-attacks. In order to become better at thwarting intrusion attempts, a business will need to measure its AI threat readiness with a tailored assessment, followed by a detailed threat detection, mitigation and response plan that aligns perfectly with overall business objectives.