CISOs concerned about attackers using AI

Data from a recent survey conducted by RSA Conference shows that 72 percent of Fortune 1000 CISOs say they have already seen threat actors using generative AI against their organization.

AI-generated phishing emails are the top threat, with 70 percent of CISOs reporting that they've observed highly tailored phishing emails targeting their business Other top GenAI threats include vishing (37 percent), automated hacking (22 percent), deepfakes (21 percent) and misinformation (17 percent).

Laura Robinson, ESA F program director at RSA Conference, writes on the organizations blog:

Currently, sophisticated attacks are generally conducted in stages that can take days, weeks, or months. This gives security teams a window of time to detect an attack and contain it. At some point in the future, with AI-powered automated hacking, an attack might be completed in milliseconds.

To defend against this kind of attack, the end goal is to deploy defenses that respond
instantaneously to match the speed of the malicious actor’s AI-driven attack. Human response is too slow; security teams will need an autonomous system working independently and reacting instantly to threats. Getting there will require building increasingly more powerful AI-enabled defenses over time.

Most security teams are already deploying AI systems with analysis and assistance capabilities. Higher-level capabilities including giving AI autonomy to take defensive actions are seen as longer-term goals.

You can read more and see advice on defending against AI threats on the RSAC blog.

Image credit: khosrork/depositphotos.com