How CISOs could cut through the confusion: The conflicting narratives around AI threats leave many CISOs struggling to reconcile hype with operational reality.Given the emergence of AI-enabled cyber threats amid pushback from some cyber experts who contend these threats are not real, Sophos CEO Joe Levy tells CSO that AI is becoming a “Rorschach test, meaning that however individuals will choose to look at it, that is the pattern that they will find there.”However, Levy cautions that leaders need to take a more balanced view of the situation. “There is indeed novelty in the use of AI and the threat of agentic AI being used in a much more scalable way by attackers than we’ve seen through previous forms of either manual attacks or even automated attacks,” he says. “That element of it is certainly real. But I don’t think to this point we’ve seen a significant escalation that inhibits our ability to use our current set of defenses to the same level of effectiveness.”PwC’s Adamski stresses that CISOs should be prepared to turn around new defenses on a dime, given how fast the new AI era will be. “From a defensive perspective, it’s going to have to be seconds,” she says.She also believes it’s important to dispel any confusion that AI threats are not real. “The bottom line is that it is an emerging technology and capability that our adversaries can leverage. It exists, and we know that there are people out there testing it, deploying it, and quite honestly being successful in its use,” she says.Clyde Williamson, senior product security architect at Protegrity, agrees that it’s dangerous to assume attackers won’t exploit generative AI and agentic tools. “Anybody who has that hacker mindset when presented with an automation tool like what we have now with generative AI and agentic models, it would be ridiculous to assume that they’re not using that to improve their skills,” he tells CSO.Jimmy Mesta, CTO and co-founder of RAD Security, says CISOs should be preparing their boards now for difficult budget decisions. “Boards will have to be presented with the options of being insecure or being secure, what it’s going to cost, and what it’s going to take,” he tells CSO. “CISOs aren’t going to be able to walk in and say we must do everything to 100%. There will be more trade-offs than ever.”Even as CISOs prepare for the coming wave of AI-assisted attacks, they must maintain focus on cybersecurity fundamentals, Alexandra Rose, global head of government partnerships and director of CTU threat research at Sophos, tells CSO. “We come back to the basics so often because they’re the most effective at stopping what we see, from every level of sophistication, including threat actors experimenting with AI,” she says.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4101936/ignoring-ai-in-the-threat-chain-could-be-a-costly-mistake-experts-warn.html
