CISOs Reconsider Their Roles in Response to GenAI Integration – Source: securityboulevard.com

Chief information security officers (CISOs) face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge.

The vast majority — 92% — of the 500 CISOs surveyed by Trellix admitted they are questioning the trajectory of their CISO roles as they grapple with the growing pressures of AI integration, even as nearly half (45%) of those CISOs are actively engaged in securing their AI tools.

While 91% of survey respondents expressed optimism about the potential prospects and opportunities that AI presents, the cybersecurity skills gap and the need to recruit individuals with AI expertise added pressure.

According to the research, 89% of CISOs favor the adoption and integration of GenAI tools to address the looming cyber talent gap, viewing them as a potential solution to staffing issues within their organizations. Additionally, CISOs unanimously agree that any roles rendered redundant by GenAI implementation would be reallocated within the organization to oversee and manage these tools.

Many survey respondents have already established AI committees to assess these tools and to implement governance measures, including security frameworks and standards.

The rise in cyberattacks is another pressing issue, with nearly all (99%) of respondents reporting a cyberattack within the past six months, and 82% noting an uptick in such incidents.

Despite these challenges, 91% of CISOs believe that AI can be instrumental in fortifying their organizations against ransomware attacks and remain optimistic about the potential productivity gains offered by GenAI.

AI, GenAI Present Challenges for CISOs

Harold Rivas, CISO of Trellix, said the rapid adoption of GenAI within organizations presents a great challenge for CISOs.

“Organizations are relying heavily on the CISO to help adopt and implement AI in addition to their typical responsibilities of overseeing cybersecurity budget allocation, cyberattack incidents, technology procurement, and vendor and third-party risk management,” Rivas said.

The vast majority (92%) acknowledged AI and GenAI had made them contemplate their future as a CISO. “It may indicate a high degree of concern about the ability of CISOs to be successful in a GenAI world,” Rivas said. “However, I can see the good guys developing their capabilities and this gives me encouragement that we can succeed in a post-AI world.”

CISO Should Leverage Leadership Role

From Rivas’s perspective, CISOs have a unique opportunity to demonstrate their thought leadership and elevate their engagement with other executives by embracing the changes AI will bring and finding effective ways to govern this disruptive technology. “CISOs must lead from the front on GenAI and charge in with domain knowledge that will aid organizations in safely adopting this technology,” he said.

Organizations are responsible for keeping customers and their proprietary data secure, which uniquely positions CISOs to play a pivotal role in GenAI adoption and implementation. “CISOs have been experiencing this shift by being actively involved in new technology decisions and facing a heavier load of responsibility for the outcomes of its implementation,” Rivas said. “With security and compliance being key non-negotiables, CISOs must continue participating in decision-making.”

CISOs Deploy AI to Combat Malicious AI Use

The rise of AI and generative AI tools is a double-edged sword. “On one hand, it’s increasing their organizations’ threat exposure because cybercriminals can now use generative AI tools to rapidly scale their attacks,” said Mike Britton, CISO of Abnormal Security. “On the other hand, CISOs also have a valuable opportunity to leverage AI in strengthening their defenses.”

GenAI can help enhance security content creation, security testing and analytics, incident response, and forensics. AI and machine learning can play a role in that, Britton pointed out, by ingesting signals from across the email and SaaS environment and deeply understanding normal behavior across this ecosystem.

“AI models can then be used to detect anomalous activity and understand when a message or an event may be malicious,” Britton said. “This can help security teams detect more attacks at a faster speed, ensuring that threat actors never successfully reach their targets.”

CISO as Catalyst for AI Adoption

Jose Seara, CEO and founder of DeNexus, pointed out that modern cybersecurity solutions are already AI-enabled and take advantage of AI’s data processing power to make sense of a large volume of cybersecurity signals. “Through advanced models, AI can be the linchpin behind the translation of raw and granular cyber signals into business metrics such as value at risk and expected financial losses for CISOs to present to their board,” he explained.

With risk quantified, the CISOs can identify the most pressing risk mitigation projects, justify cybersecurity investments, and optimize the allocation of their cybersecurity budget and resources.

“The CISO can be a catalyst for the adoption of AI and GenAI by leveraging use cases to demonstrate how to evaluate and deploy the technology in a productive and secure way,” Seara added.

Photo by Jon Tyson on Unsplash