Google Cloud and CSA: 2024 will see significant adoption of generative AI in cybersecurity driven by executives

The “departmentless” stereotype in cybersecurity leaves security teams and CISOs locking the door on generative AI tools within their workflows.

Yes, there are risks to this technology, but the reality is that many security professionals are already tinkering with AI, and the majority of them don't see it coming to their jobs. In fact, they realize how useful this technology can be. .

More than half of organizations will ultimately have gen AI security tools in place by the end of the year, according to a new State of AI and Security Survey Report from the Cloud Security Alliance (CSA) and Google Cloud.

“When we hear about AI, there’s a misconception that everyone is scared,” said Caleb Sima, president of the CSA AI Security Alliance. “Every CISO says no to AI. AI is a big security risk and a big problem.”

But in reality, “AI is transforming cybersecurity, bringing both exciting opportunities and complex challenges.”

Increased implementation — and disconnection

According to the report, nearly three-quarters (67%) of security professionals are already testing AI specifically for security tasks. Additionally, 55% of organizations plan to implement AI security tools this year. Its main use cases are rule creation, attack simulation, compliance violation detection, network detection, false positive reduction, and anomaly classification. This drive primarily involves executives, as confirmed by 82% of respondents.

Contrary to conventional wisdom, only 12% of security professionals say they believe AI will completely take over their role. Almost a third (30%) say technology improves their skill set, supports their role in general (28%) or replaces a large part of their job (24%). did. The majority (63%) said they felt they could improve their security measures.

Anton Chuvakin, security advisor in the CISO office at Google Cloud, said:

Sima agreed, adding: “Most people tend to think it's creating more work for them.”

Interestingly, however, executives self-reported being more familiar with AI technology than their staff (52% compared to 11%). Similarly, 51% had a clear use case, compared to just 14% of staff.

“Let's face it, most of us don't have time,” Sima said. Rather, executives are dealing with everyday problems because they receive a flood of news about his AI from other leaders, podcasts, news sites, newspapers, and many other sources.

“The disconnect between executives and staff in understanding and implementing AI highlights the need for a strategic, integrated approach to successfully integrating this technology,” he said.

AI in action in cybersecurity

no. Sima says one of his uses of AI in cybersecurity is around reporting. Typically, members of her security team spend “a significant amount of time” manually collecting output from various tools. But “AI can do it much faster and in a much better way,” he said. AI can also be used for mechanical tasks such as policy reviews and handbook automation.

However, it can also be used more proactively to detect threats, perform end detection and response, find and fix vulnerabilities in code, and recommend remediation actions.

“What we're going to see a lot of action on right away is, 'How do we triage these things?'” Sima said. “There's a lot of information and a lot of alarm. In the security industry, we're good at finding the bad points, but we're not so good at determining which of those bad points are most important.”

He noted that it's difficult to cut through the noise and determine “what's true, what's not, what's a priority.”

However, AI can catch an email when it arrives and immediately determine whether it is phishing or not. This model takes data and determines the reputation of email sources, destinations, and website links. It does everything instantly and provides inferences about threats, chains, and communication history. In contrast, verification by a human analyst takes at least five to 10 minutes, Sima said.

“They can now say with a lot of confidence, 'This is phishing,' or 'This is not phishing,'” he said. “It's pretty amazing. It's happening today and it still works today.”

Management promotes promotion, but there is a valley ahead

Chuvakin said there is an “infection among leaders” when it comes to the use of AI in cybersecurity. They will, among other things, incorporate AI to fill skills and knowledge gaps, enable faster threat detection, increase productivity, reduce errors and misconfigurations, and provide faster incident response. We are considering.

But, he said, “this will take us into a valley of disillusionment.'' He claimed that we are “nearing the peak of the hype cycle” because so much time and money is being poured into AI and expectations are rising, but the use cases are not as clear and proven. Body.

The current focus is on discovering and applying real-world use cases that will prove “magical” by the end of the year.

If concrete examples emerge, “the way we think about security centered around AI will change dramatically,” Chuvakin says.

AI makes low hanging fruit lower than ever

But enthusiasm and risk continue to mix. His 31% of respondents to the Google Cloud-CSA survey perceive AI to be equally advantageous for both defenders and attackers. Additionally, 25% said AI could be more useful to malicious actors.

“An attacker always has an advantage because they can utilize the technology much faster,” Sima said.

As many have done before, he compared AI to previous cloud evolutions. The cloud allows attackers to conduct large-scale attacks. ”

Attackers can now target everyone instead of intentionally targeting one target. AI further supports their efforts by making them more sophisticated and focused.

For example, Sima noted that a model could trawl someone's LinkedIn account and glean valuable information to craft a completely believable phishing email.

“This allows for personalization at scale,” he said. “This makes the low-hanging fruit even lower.”