Sophos released a new report, "Beyond the Hype: The Businesses Reality of AI for Cybersecurity,"
which surveyed 400 IT leaders on their use of AI in security. The survey found
that, despite 65% having adopted generative artificial intelligence (GenAI
capabilities) 89% of IT leaders are concerned that flaws in GenAI cybersecurity
tools could put their organization at risk.
Additionally,
according to new Sophos X-Ops research, "Cybercriminals Still Not Getting on
Board the AI Train (Yet)," also released, there has been a slight but noteworthy shift in the way cybercriminals use
AI. After investigating several underground forums, Sophos X-Ops found that,
while there's still skepticism about GenAI, some criminals are using it to
automate mundane tasks, such as crafting bulk emails and analyzing data. Others
are incorporating it into spam and social engineering toolkits.
"As with many
other things in life, the mantra should be ‘trust but verify' regarding
generative AI tools. We have not actually taught the machines to think; we have
simply provided them the context to speed up the processing of large quantities
of data," said Chester Wisniewski, director, global field CTO, Sophos. "The
potential of these tools to accelerate security workloads is amazing, but it
still requires the context and comprehension of their human overseers for this
benefit to be realized."
With some form
of AI embedded in the cybersecurity infrastructure of 98% of organizations
surveyed, IT leaders expressed concern about potential over-reliance on AI,
with 87% of respondents stating they were concerned about a resulting lack of
cybersecurity accountability.
GenAI
and Reducing Burnout
Different-sized
organizations expressed different priorities for utilizing GenAI. While large
organizations (those with more than 1,000 employees) are prioritizing improved
protection, respondents with 50-99 employees rated reducing burnout as their
top desired benefit from GenAI tools. However, complicating matters, across all
sizes of organizations, 84% of leaders surveyed said they were concerned about
pressure to reduce cybersecurity professional headcount due to unrealistic
expectations about AI's abilities to replace human operators.
Other
Key Findings from the "Beyond the Hype" Report:
- Costs of GenAI Are Hard to Quantify: 75% of IT leaders agree that the costs of GenAI in
cybersecurity products are hard to quantify.
- Companies Are Counting on Savings from GenAI: While 80% of IT leaders believe that GenAI will
significantly increase the cost of cybersecurity tools, most organizations
believe GenAI offers a path to lowering overall cybersecurity expenditure
with 87% of respondents believing the savings of GenAI will offset the
costs.
To learn more
about IT leaders utilizing AI, read the report, "Beyond the Hype: The Businesses Reality of AI for Cybersecurity,"
on Sophos.com.