Will AI enhance enterprise cybersecurity?

Artificial Intelligence (AI) has rapidly integrated into everyday business, impacting not only our work habits, but also the management of cybersecurity.

AI is a topic of great public and media interest, whether for its achievements, the ethical and regulatory issues it raises, or for exploring its limits. Discussing AI also involves addressing safety and security issues. However, little is said about how AI affects cybersecurity management. The roles of CISOs and CIOs, as well as those of other business departments, are evolving as companies incorporate AI into their strategies.

The launch of ChatGPT in November 2022 has transformed many sectors. In just a few months, generative AI has been adopted by many companies, officially or not. According to a 2023 McKinsey report, nearly 22% of respondents use generative AI in their work. Among the reasons cited by these early adopters are its ability to process and analyse data, automate tasks and create content (photos, videos, songs).

Cybercriminals, always on the cutting edge, have adopted AI as a large-scale attack tool, allowing them to generate ultra-personalised attacks with ease. A recent example is a deepfake that resulted in a $26 million scam on a Chinese company. Cybercriminals are unscrupulous and exploit new technologies without limits. According to PwC’s annual ‘Global Digital Trust Insights 2024’ study, 52% of CISOs and CIOs expect Generative AI technology to cause catastrophic cyberattacks in the next 12 months. In addition, 47% of respondents already use AI to detect and mitigate cyber risks. While generative AI is integrated into defensive solutions, it can also improve cybersecurity management in general. For example, with the following inputs:

Generative AI can act as a daily assistant to cybersecurity managers in three main areas:

  • Content creation: Facilitates the development of reports and the creation of cybersecurity awareness and training content through creative montages, videos, songs, etc.

 

  • Analytics for strategic decision making: Automates the monitoring of compliance with security regulations and policies, detects suspicious behaviour and malicious activity, and analyses the data collected.

 

  • Cybersecurity operational management: Helps managers plan tasks, engage and guide employees in actions to improve the organisation’s security. Generative AI can be considered the CISO’s co-pilot, not a replacement. Some human skills, such as soft skills, deep knowledge of the organisation and its context, and the ability to communicate and support employees, can never be replaced.

The professions of CISO and RESI are relatively recent. Initially technical, they are now oriented towards management and strategy. These professions will not be replaced by AI, but will evolve towards more managerial roles, supported by AI.

Generative AI is not capable of replacing CISOs and ISMSs in decision making, as decisions can be complex and nuanced, involving trade-offs that require a human perspective. Organisations will always need a human to make final decisions, especially in security. AI will be a companion, providing effective support without replacing the human.

For more details, you can contact us at Info@bravent.net