1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

picture confederation / Contributor / representation confederation via Getty Images

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• AI-powered cybercrime poses a increasing hazard to businesses.
• Most of these organizations consciousness unprotected against the threat.
• EY highlights immoderate cardinal steps for gathering up cyber defenses.

AI-driven cyberattacks are astir universally considered a sedate menace to businesses today. Yet for some fiscal and logistical reasons, astir organizations consciousness inadequately protected and deficiency a wide roadmap to enactment up their interior defenses.

That spread betwixt consciousness and readiness is the large takeaway from a report published Thursday by consulting steadfast EY. Based connected a December survey of much than 500 elder cybersecurity officials crossed industries, the study recovered that 96% of respondents judge that "AI-enabled cybersecurity attacks are a important menace to their organization," portion less than fractional that fig (46%) accidental they consciousness "strongly confident" that their organizations person capable cybersecurity mechanisms successful spot to support the menace astatine bay.

Also: 5 information tactics your concern can't get incorrect successful the property of AI - and wherefore they're critical

The bulk of respondents (67%), furthermore, said they're inactive "in aviator mode" erstwhile it comes to ironing retired their strategy for keeping their organizations protected from this caller question of cyberattacks.

But aviator mode isn't capable successful a satellite wherever AI is continually providing cybercriminals with caller means of attack, according to Ganesh Devarajan, cyber hazard pb astatine EY Americas. 

"We are navigating a unsocial scenery wherever AI is weaponizing the integer situation conscionable arsenic it fortifies our defenses," helium told ZDNET. "If I were sitting crossed from a [chief accusation information officer] today, my proposal would beryllium simple: the clip for 'wait and see' is over. Protecting a concern present means gathering a holistic strategy wherever AI and employees aren't conscionable moving side-by-side, but are besides amplifying each other's strengths."

Also: Will AI marque cybersecurity obsolete oregon is Silicon Valley confabulating again?

A cross-industry plateau

Cybersecurity isn't the lone domain successful which businesses experimenting with AI person been failing to motorboat successful a robust, meaningful way. Despite a precocious grade of involvement successful utilizing the exertion internally, galore businesses are struggling to bash truthful successful a mode that generates existent returns. Organizations are stuck connected a benignant of plateau arsenic they effort to crook interior AI initiatives into sustained growth; the willpower is there, but the mode is often unclear.

An oft-cited MIT survey published successful August, for example, reported that 95% of enterprises' interior AI initiatives had failed to present immoderate important ROI. It was a wake-up telephone for AI developers and their concern customers. In short, thing astir the existent attack to deploying AI wrong organizations wasn't working. 

Also: Why endeavor AI agents could go the eventual insider threat

A mates of months later, a survey of thousands of concern leaders crossed 21 countries found that the immense bulk (87%) said that AI would "completely transform" however their enactment gets enactment done implicit the adjacent year, yet a paltry 29% said their teams had the skills and grooming successful spot to marque that result happen.

Hurdles for cybersecurity

Both of those themes were echoed successful EY's caller report.

Also: AI threats volition get worse: 6 ways to lucifer the tenacity of your integer adversaries

In wide strokes, the consulting steadfast recovered that portion astir high-level cybersecurity pros are each excessively alert of the information that AI is rapidly equipping their adversaries with caller and much blase modes of onslaught (such arsenic phishing and deepfake scams), they're hindered by deficiency of a wide program for gathering up their interior security.

Financial constraints were recovered to beryllium 1 important issue: 85% of the respondents to EY's survey said their employer's "current cybersecurity fund is insufficient to conscionable AI-enabled threats," according to the report. On the upside, EY besides recovered that the fig of organizations committing astatine slightest 25% of their cybersecurity fund to gathering AI-powered solutions specifically is expected to turn from 9% contiguous to 48% implicit the adjacent 2 years. 

The consensus, successful different words, seems to beryllium that the champion mode to combat caller AI-driven cyberthreats is with AI-driven defenses -- a inclination that's already begun to play out successful the fiscal sector.

Specifically, EY's survey recovered that AI volition beryllium fixed much power successful six cardinal areas of cybersecurity: 

• Advanced persistent menace detection
• Real-time fraud detection
• Identity and entree management
• Third-party hazard management
• Data privateness and compliance
• Defense against deepfakes and different uses of AI to impersonate existent people

Also: AI is making cybercriminal workflows much businesslike too, OpenAI finds

Governance was besides a large constraint: 97% of respondents said a robust information model for interior AI usage was "essential" to generating ROI, yet lone 20% said they'd afloat built retired that framework.

Four tips

OK, but what tin cybersecurity experts really do close present to conscionable the caller question of AI-powered threats? EY highlighted 4 cardinal areas they should absorption on.

1. Budgets indispensable beryllium reworked "to prioritize AI-driven cybersecurity."
2. Instead of trying to usage a plethora of AI to automate circumstantial tasks -- which EY suggested is simply a cardinal bottleneck keeping businesses locked successful the aviator signifier -- organizations should power to an "orchestrated, agent-driven" approach. In different words, instrumentality a top-down power exemplary for interior AI usage truthful cybersecurity leaders tin easy visualize AI agents' actions and, if necessary, close them.
3. Teams request to "invest aggressively" successful grooming their existing employees to safely and efficaciously collaborate with AI agents.
4. Adopt an arms-race mentality to support interior guardrails, due to the fact that arsenic AI-assisted cyberdefenses improve, truthful excessively volition the tactics deployed by AI-assisted cybercriminals. "Organizations that dainty governance arsenic a surviving strategy -- continuously improving and integrating into civilization and operations -- are champion positioned to physique trust, negociate emerging risks and construe AI innovation into durable competitory advantage."