AI's impact on business.

Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.

At 550 words, this briefing is about a 5-minute read.

Grappling with AI.

Artificial Intelligence (AI) has become an unavoidable reality of today’s business world. While this technology can rapidly expand productivity, accelerate business growth, and enhance security efforts, there are significant concerns about it that need to be both understood and properly addressed.

From a threat actor perspective, AI is already being exploited at an alarming rate by threat actors who are looking to expand both the scope and impact of their attacks. The United Kingdom’s National Cyber Security Centre released a report in 2024 detailing the impacts that hostile AI use will have on security efforts. In their report, researchers found the following:

• AI will “almost certainly increase the volume and heighten the impact of cyber attacks.”
• All types of threat actors are already using AI to varying degrees.
• AI provides capability uplifts for both social engineering and reconnaissance.
• Threat actors will be able to analyze exfiltrated data more quickly and efficiently.

Alongside threat actors abusing this technology, there are other implementation concerns. AI is not perfect and can be prone to hallucinations, have biases, or become “poisoned” by corrupted data. Furthermore, Shadow AI, or AI systems that are being deployed without security oversight, occur daily. These Shadow AI systems can expose businesses to risks such as compliance violations and sensitive data leakage. However, for all these concerns, effective AI management can also have significant positive impacts on a business's security efforts.

When evaluating AI’s positive impacts on security, it is undeniable that this technology can help rapidly enhance an organization’s security posture. Some of these key benefits include:

• Improving vulnerability management by assessing systems more effectively and improving problem-solving capabilities.
• Discovering unknown threats as AI can map and prevent threats before they are identified and patched by providers.
• Aggregate vast data volumes to better discover threats that may have gone undetected by traditional solutions.
• Improve detection and response efforts by assisting in creating a more systematic and immediate response to a new threat.

This balance of both the positives and negatives of AI demonstrates how important it is to get ahead of this technology and design a system that effectively manages it.

Managing the unmanageable.

To properly manage AI, it is critical to understand how this technology can be effectively used and the inherent risks it creates. By understanding these dynamics, security leaders can create programs that will better combat AI-driven attacks, utilize its strengths, and minimize improper AI deployments. Through proper AI management, security leaders can implement automation efforts that:

• Improve cost-efficiency by improving data collection and analysis efforts.
• Remove human error by reducing the need for human intervention and allocating human resources where they are needed the most.
• Improve decision-making by helping organizations better identify and correct potential deficiencies in their strategy and develop formalized procedures.

An effective AI strategy enables security leaders to better navigate and operate in a world where technologies are rapidly changing and having a significant impact on day-to-day operations. As AI continues to proliferate and become more sophisticated, managing its impacts will only become more important for both improving a business's operational capacity and its long-term security.