As AI changes cyber forever, training is key to keeping up

Artificial intelligence is already changing professional work patterns in almost every industry. It has the power to dramatically reduce the time we spend on routine tasks and free us up to think more strategically in our daily professional lives.

This also applies to the IT and cybersecurity sector. Our ISACA survey of business and IT professionals in Europe found that almost three quarters (73%) of businesses surveyed said their workforce is using AI in the workplace.

But the key issue with AI, transformative as it can be, is that we need to ensure we use it responsibly and safely. After all, LLMs are trained on data that is often sensitive, and we need good protections for these programs so that hallucinations don’t compromise the integrity of our work. Only 17% of the organizations we surveyed have a formal, comprehensive AI policy that outlines the company’s approach to these issues and provides best practices for use, despite the fact that employees are using AI at work.

Chris Dimitriadis

Chief Global Strategy Officer at ISACA.

AI is changing the threat landscape

At the same time, cybercriminals also have access to AI and are using it to amplify their criminal enterprises and capabilities, making their threats more convincing and effective than ever before. This not only poses a threat to the individual, but also a significant threat to businesses. Businesses are interconnected organizations with networks of suppliers and professional relationships – when one suffers a breach, all organizations in the network are at risk.

CrowdStrike’s recent IT outage shows how vulnerable businesses are to a single IT failure or cyberattack. When one service provider in the digital supply chain is affected, the entire chain can collapse, causing widespread disruptions – a digital pandemic. A single rogue update, the unfortunate result of a lack of foresight and expertise, has wreaked havoc across a number of critical industries, from aviation and healthcare to banking and broadcasting.

Sometimes such incidents are caused by unintentional errors in updating software, and sometimes it is the result of a cyberattack. But the irony is that cybersecurity companies are also part of the supply chain, and the same companies that are fighting to create cyber resilience can also become victims, which affects the continuity of service.

Cyber ​​professionals are well aware of this: when we asked our respondents about the potential for generative AI to be exploited by malicious actors, 61% of respondents were extremely or very concerned that this could happen. Compared to our data from last year’s survey, sentiment has hardly improved.

Education and training are key to long-term resilience

AI is being used in two ways: threat actors are weaponizing the technology to develop more sophisticated attacks, and in response, it’s being used by cyber professionals to keep pace with the changing threat landscape and to better detect and respond to those threats. Employees know they need to keep pace with cybercriminals, upskill, and really get to grips with AI, but when we asked our respondents how familiar they are with AI, nearly three-quarters (74%) were only somewhat or not at all familiar with it.

The CrowdStrike incident has highlighted the need for a more robust and resilient digital infrastructure, and the rise of AI will only make cyber threats more important. It’s important that we invest in upskilling and training as a sector to prevent similar crises in the future, and advances in technologies such as AI could be the key to working more efficiently. The right protocols need to be established well in advance to be able to act quickly when attacks and outages occur to minimise damage and disruption. But this won’t be possible without the people with the skills to put in place bespoke security frameworks and ensure everyone involved is trained to follow them.

If businesses want to protect themselves and their partners in the long term and see the benefits of using AI, they need to have the right skills to identify new threat models, risks and controls. AI training in the cybersecurity sector is desperately needed – currently, 40% of businesses do not provide training to employees in technical roles. Furthermore, 34% of respondents believe they will need to increase their AI knowledge in the next 6 months, and overall, an overwhelming 86% of respondents believe this training will be needed within the next two years.

By taking an approach to AI that prioritises training and comprehensive workplace policies, both businesses and employees can be confident that they are harnessing the potential of AI and keeping pace with evolving cyber threats in a safe and responsible manner, protecting both the business itself and all other enterprises within their wider network.

We have highlighted the best IT infrastructure management service.

This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of Ny BreakingPro or Future plc. If you’re interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Related Post