AI vital in cyber security arms race, say IT leaders
The technology improves response time to threats and helps with cyber security awareness training, Commvault survey finds.
Nearly 70 per cent of IT teams have integrated AI with their data protection protocols and two-thirds are "bullish" it will improve their organisation's cyber security, according to a survey by security firm Commvault.
The survey of over 200 C-suite and senior-level IT executives found a further 16 per cent planned to implement the technology in the next 12 months, leaving only 10 per cent who had no plans to use it at all.
“AI is expected to be a major theme in 2024,” the survey said. “This figure is a bullish indicator of customers’ appetite to utilise AI to augment and otherwise improve their cyber-resiliency.”
The most popular benefit expected from AI was its ability to help teams identify and respond to threats more quickly and accurately than regular processes.
Commvault said this expectation, shared among 68 per cent of respondents, was unsurprising.
“With the ongoing need to shift protection operations from being reactive to being more proactive, it is not surprising that teams value capabilities such as the ability to detect anomalous and potentially nefarious user activity within the environment,” it said.
Existing anomaly detection capabilities “stood to be augmented materially by AI”, enhancing a program’s ability to understand user behaviour and cyber attack methodologies.
Two-thirds of respondents also believed AI could add value by improving employee training processes and security awareness.
“It can be used to personalise training content per individuals’ specific needs and risk profile as it pertains to their job function and risk exposure – as well as to provide feedback and identify areas where an employee might require more training,” the report said.
Applications included tailoring training content to emerging cyber attack trends, making the course more engaging and immersive and even simulating cyber attacks like phishing emails.
Rounding out the top five benefits identified by respondents was AI’s ability to increase organisational efficiency by automating manual processes associated with data protection (66 per cent), improving user authentication and access control (57 per cent) and compliance monitoring and reporting (52 per cent).
“AI is a huge win because of how strapped for time IT operations teams are today,” the survey said.
However, it acknowledged the overwhelmingly positive attitudes towards AI could be partially inflated by “AI washing”, where products or services made false claims about using the sophisticated technology in a similar vein to “greenwashing” for sustainability claims.
It also said robust policies and regulations would be needed to deal with risks around data access, privacy and control when using AI.
The Australian Signals Directorate’s Cyber Crime Threat Report 2022-23 found an incident was reported every six minutes and cost small businesses an average of $46,000 last financial year.
The report said AI presented new data and cyber security risks as “malicious cyber actors could use AI tools to augment their activities”.
“A cyber criminal may be able to produce low-effort, high-quality material for phishing attacks. AI could also be used to create fraudulent deep-fake content like voice and video clips, or to create malware.
However, the ASD said AI could also help businesses stay on the offensive by sorting through large amounts of logs and data to look for suspicious behaviour, identify malware and block exploitation attempts. It could also help triage information and automate security tasks.
“Entities wanting to adopt AI tools should treat them with the same care as any other ICT service, using a risk-based approach,” it said.