Artificial intelligence is the 'biggest cyber threat' to their organizations, say one in five cyber security officers (CSOs). Not only this, but a further 20% of CSOs admit that employees at their organization have exposed company data by using generative AI.
This research, which was conducted by Censuswide and RiverSafe, exposes the top fears and threats of those in the cybersecurity industry. They're right to have these fears, too.
The most egregious example of employees sharing confidential company information via generative AI platforms is that of Samsung in April, 2023. In one month alone, three separate Samsung employees leaked data by inputting it into ChatGPT.
The information submitted included Samsung's source code, a transcription of a recorded company meeting that included information about Samung's hardware and a test sequence for identifying faults in chips. These three incidents took place despite the company urging employees to not input private information into ChatGPT, and to “pay attention to the security of internal information”.
Another more worrying factor was that the data was submitted to OpenAI's servers, making it it impossible to retrieve. This also meant that the data was technically accessible to anyone using ChatGPT, as the data could be used to train the language learning model.
AI anxiety in cybersecurity
While Censuswide and RiverSafe's survey was only of 250 UK CSOs, making it not representative of the entire cybersecurity industry, many other surveys have found that those in cybersecurity are wary of artificial intelligence.
In 2023, research by CyberArk that surveyed over 2,300 industry professionals from across the world found that 93% of them expected AI-powered cyber attacks to impact their organization, with the top concern being AI-powered malware. Similarly, a study also in 2023 by Deep Instinct of 652 senior cybersecurity experts from the US found that 85% of them said that the rise in cyber attacks seen from 2022 to 2023 was because of bad actors using generative AI. Plus, another survey by Metomic of more than 400 CISOs found that 72% of them are worried about the use of generative AI tools leading to more cybersecurity incidents.
This shows that while the Censuswide and RiverSafe study may not cover the cybersecurity industry as a whole, there is definitely a trend towards suspicion where AI is concerned for those in the cybersecurity industry.
Nevertheless, AI persists
Despite this wariness and anxiety, artificial intelligence within cybersecurity is an undeniably growing part of the sector. This growth is rapid, with Precedence Research evaluating the AI in cybersecurity market size to be worth $17.4 billion in 2022, and has predicting it will rise to $102.78 billion by 2032.
Not only this, research by Google Cloud and the Cloud Security Alliance has discovered that just under two thirds of security professionals (63%) believe in the ability of generative AI to enhance cybersecurity within organizations, especially in threat detection and response. Additionally, 55% of organizations plan to adopt generative AI security solutions within this year and 12% of security professionals even said they think AI will eventually completely replace their role.
While there are reasons to be concerned about the rise in use of generative AI by hackers, especially in phishing attacks and to create malware, it is also a tool that has great potential to help fight these threats. As with all new technology, it's important to look at and evaluate the risks of generative AI, but this shouldn't stop people from harnessing it and using it to power their security solutions.
