1 In 2 Security Leaders Say They're Not Ready For Ai Attacks - 4 Actions To Take Now

picture confederation / Contributor / image confederation via Getty Images

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• AI-powered cybercrime poses a increasing consequence to businesses.
• Most of these organizations consciousness unprotected against nan threat.
• EY highlights immoderate cardinal steps for building up cyber defenses.

AI-driven cyberattacks are almost universally considered a sedate threat to businesses today. Yet for some financial and logistical reasons, astir organizations consciousness inadequately protected and deficiency a clear roadmap to statement up their soul defenses.

That spread betwixt consciousness and readiness is nan large takeaway from a report published Thursday by consulting patient EY. Based connected a December study of much than 500 elder cybersecurity officials crossed industries, nan study recovered that 96% of respondents judge that "AI-enabled cybersecurity attacks are a important threat to their organization," while less than half that number (46%) opportunity they consciousness "strongly confident" that their organizations person capable cybersecurity mechanisms successful spot to support nan threat astatine bay.

Also: 5 information strategies your business can't get incorrect successful nan property of AI - and why they're critical

The mostly of respondents (67%), furthermore, said they're still "in aviator mode" erstwhile it comes to ironing retired their strategy for keeping their organizations protected from this caller activity of cyberattacks.

But aviator mode isn't capable successful a world wherever AI is continually providing cybercriminals pinch caller intends of attack, according to Ganesh Devarajan, cyber consequence lead astatine EY Americas. 

"We are navigating a unsocial scenery wherever AI is weaponizing nan integer situation conscionable arsenic it fortifies our defenses," he told ZDNET. "If I were sitting crossed from a [chief accusation information officer] today, my proposal would beryllium simple: nan clip for 'wait and see' is over. Protecting a business now intends building a holistic strategy wherever AI and labor aren't conscionable moving side-by-side, but are besides amplifying each other's strengths."

Also: Will AI make cybersecurity obsolete aliases is Silicon Valley confabulating again?

A cross-industry plateau

Cybersecurity isn't nan only domain successful which businesses experimenting pinch AI person been failing to motorboat successful a robust, meaningful way. Despite a precocious grade of liking successful utilizing nan exertion internally, galore businesses are struggling to do truthful successful a measurement that generates existent returns. Organizations are stuck connected a benignant of plateau arsenic they effort to move soul AI initiatives into sustained growth; nan willpower is there, but nan measurement is often unclear.

An oft-cited MIT study published successful August, for example, reported that 95% of enterprises' soul AI initiatives had grounded to present immoderate important ROI. It was a wake-up telephone for AI developers and their business customers. In short, thing astir nan existent attack to deploying AI wrong organizations wasn't working. 

Also: Why endeavor AI agents could go nan eventual insider threat

A mates of months later, a study of thousands of business leaders crossed 21 countries found that nan immense mostly (87%) said that AI would "completely transform" really their statement gets activity done complete nan adjacent year, yet a paltry 29% said their teams had nan skills and training successful spot to make that result happen.

Hurdles for cybersecurity

Both of those themes were echoed successful EY's caller report.

Also: AI threats will get worse: 6 ways to lucifer nan tenacity of your integer adversaries

In wide strokes, nan consulting patient recovered that while astir high-level cybersecurity pros are each excessively alert of nan truth that AI is quickly equipping their adversaries pinch caller and much blase modes of onslaught (such arsenic phishing and deepfake scams), they're hindered by deficiency of a clear scheme for building up their soul security.

Financial constraints were recovered to beryllium 1 important issue: 85% of nan respondents to EY's study said their employer's "current cybersecurity fund is insufficient to meet AI-enabled threats," according to nan report. On nan upside, EY besides recovered that nan number of organizations committing astatine slightest 25% of their cybersecurity fund to building AI-powered solutions specifically is expected to turn from 9% coming to 48% complete nan adjacent 2 years. 

The consensus, successful different words, seems to beryllium that nan champion measurement to combat caller AI-driven cyberthreats is pinch AI-driven defenses -- a inclination that's already begun to play out successful nan financial sector.

Specifically, EY's study recovered that AI will beryllium fixed much power successful six cardinal areas of cybersecurity: 

• Advanced persistent threat detection
• Real-time fraud detection
• Identity and entree management
• Third-party consequence management
• Data privateness and compliance
• Defense against deepfakes and different uses of AI to impersonate existent people

Also: AI is making cybercriminal workflows much businesslike too, OpenAI finds

Governance was besides a awesome constraint: 97% of respondents said a robust information model for soul AI usage was "essential" to generating ROI, yet only 20% said they'd afloat built retired that framework.

Four tips

OK, but what tin cybersecurity experts really do correct now to meet nan caller activity of AI-powered threats? EY highlighted 4 cardinal areas they should attraction on.

1. Budgets must beryllium reworked "to prioritize AI-driven cybersecurity."
2. Instead of trying to usage a plethora of AI to automate circumstantial tasks -- which EY suggested is simply a cardinal bottleneck keeping businesses locked successful nan aviator shape -- organizations should move to an "orchestrated, agent-driven" approach. In different words, instrumentality a top-down power exemplary for soul AI usage truthful cybersecurity leaders tin easy visualize AI agents' actions and, if necessary, correct them.
3. Teams request to "invest aggressively" successful training their existing labor to safely and efficaciously collaborate pinch AI agents.
4. Adopt an arms-race mentality to support soul guardrails, because arsenic AI-assisted cyberdefenses improve, truthful excessively will nan strategies deployed by AI-assisted cybercriminals. "Organizations that dainty governance arsenic a surviving strategy -- continuously improving and integrating into civilization and operations -- are champion positioned to build trust, negociate emerging risks and construe AI invention into durable competitory advantage."