In a recent interview with the media, Caleb Sima, Chairman of the CSA Artificial Intelligence Security Alliance, discussed how artificial intelligence (AI) will enhance the technical capabilities of security professionals. He emphasized that AI can play a positive role in improving skills and productivity, rather than simply replacing employees.
While it remains uncertain whether AI will replace cybersecurity professionals’ work, Sima believes that AI is a tool that can be used to enhance the abilities of security professionals, not replace them. A recent survey conducted by CSA in collaboration with Google found that many organizations plan to leverage AI to strengthen their security teams, aiming to enhance skills and knowledge base, improve detection times, and increase productivity rather than entirely replace employees.
In the near future, we may see AI technology widely used in daily team operations, such as automating tasks like report writing, freeing up time currently spent on administrative tasks and allowing teams to focus on more critical work. According to the survey, 58% of respondents believe AI will enhance their skills or provide comprehensive support for their current work, while 24% think AI will replace some of their work, enabling them to concentrate on other activities.
Moreover, Sima mentioned that security teams can utilize AI algorithms to identify and address threats at a speed and efficiency far surpassing what can be achieved manually. By inputting historical data, security teams can use AI to help predict potential threats and develop mitigation strategies before these threats escalate.
Currently, security experts need to learn how to best utilize AI in their organizational and individual roles. Integration of AI primarily involves applying standard security measures, with a small portion addressing new AI risks. Security professionals usually find this unknown territory “tricky” until they can determine the specifics of their organization’s situation.
The year 2024 is poised to be a transformative year for implementing AI technology in enterprises. The survey revealed that over half of the enterprises plan to implement GenAI solutions this year, driven by the C-suite. Furthermore, over 80% of respondents believe their organizations are moderately to highly mature in this area.
It is crucial for enterprises to understand that AI is imminent, and they will encounter various challenges along the path of AI development. Hence, appropriate training should be provided when integrating AI technology into current processes or allowing employees to use it.
Firstly, enterprises should treat AI similar to personnel in specific roles, emphasizing best practices. Secondly, they need to discern AI’s functionality, understanding that if it only provides auxiliary data in customer conversations, the security risk is minimal. However, if AI integrates and executes operations, accessing internal and customer data, enterprises must prioritize stringent access control and independent “roles.”
For years, the industry has discussed the skills gap in the cybersecurity sector, and AI may deepen this gap in the near future. The application of AI technology is still in its nascent learning stages, with related training not keeping pace.
With AI evolving rapidly, training materials quickly become outdated. As more enterprises seek training for their employees on how best to utilize AI, the focus should be on stable concepts and emphasizing that AI security primarily relies on established best practices of current applications and infrastructure.
Given the strong uncertainty and potential security risks associated with AI, reasonable and strict surveillance is crucial. Over time, as knowledge of AI increases and its integration with all technologies becomes clearer, the security risks will become more apparent, and AI governance will evolve from professional teams to broader technical management.
Establishing AI governance teams within enterprises reflects a serious approach to integrating and managing AI. The tasks of these teams likely involve addressing issues ranging from corporate policy formulation and ethical considerations to risk management and regulatory compliance.
Reference: https://www.helpnetsecurity.com/2024/04/16/caleb-sima-csa-security-pros-ai/