Marcus Fowler, SVP of Strategic Engagements and Threats at Darktrace and CEO of Darktrace Federal, warns of the rise in cybercrime as a service, combined with accelerating automation and offensive AI, which has increased the scale, speed, and sophistication of cybersecurity attacks. This includes threats from novice actors seeking ransom payments to nation-state actors attempting to dismantle critical infrastructure. The World Economic Forum’s 2024 Global Cybersecurity Outlook reveals that 70% of surveyed leaders believe geopolitics have influenced their organization’s cybersecurity strategies.
Security leaders are facing increased pressure as organizations struggle to defend against AI-augmented cyber threats. A recent survey of nearly 1,800 security leaders across 14 countries found that 74% are experiencing significant impacts from these threats, with 60% feeling inadequately prepared to defend against them. To effectively defend against these evolving threats, organizations must shift from reactive to proactive cybersecurity practices, which can be a challenging transition.
The World Economic Forum notes that between 2022 and 2023, the number of organizations maintaining minimum cyber resilience decreased by 30%. Security teams cite three main barriers to protecting against AI-augmented attacks: insufficient knowledge or use of AI-driven countermeasures, a lack of personnel to manage tools and alerts, and insufficient knowledge and skills related to AI technology and its threats. The focus on the right combination of people, processes, and technology can help overcome these challenges.
Security professionals recognize the benefits of defensive AI, with 71% confident in AI-augmented security solutions’ ability to detect and block threats. However, using defensive AI effectively requires a partnership between humans and machines. Security leaders should identify security risks, workflows, and visibility gaps to understand where AI can address existing challenges. Organizations need a holistic understanding of AI applications to maximize efficiency and mission impact.
While there is a shortage of approximately 4 million cybersecurity professionals globally, adding more people to security teams is not a sustainable solution in the age of AI threats. AI can act as a force multiplier, accelerating situational awareness, autonomous investigations, and incident learnings to reduce remediation time and alert fatigue. AI supports entry-level professionals’ upskilling and allows senior team members to focus on strategic proactive security efforts.
Security teams face the challenge of educating themselves on AI while ensuring its responsible adoption within their organizations. Initiatives like the U.S. NSF’s EducateAI aim to train future workforces in AI. Higher education institutions should mandate introductory AI courses to provide a foundation for cyber professionals. Security leaders must be involved early in discussions about potential AI use cases to implement appropriate guardrails and policies for secure adoption. Overcoming technical and organizational inhibitors to cyber preparedness will allow organizations to focus on planning for the future and reducing the risk of sophisticated attacks.
