Analyses by Sophos experts indicate that cybercriminals remain sceptical about GenAI. They mainly use it for the automation of simple tasks and data analysis. At the same time, 98% of companies have already implemented some protective solutions based on artificial intelligence. However, IT department heads express concerns about over-reliance on AI. 84% are worried about the pressure to reduce the employment of cybersecurity specialists resulting from this. As many as 89% point to potential threats related to gaps in the security of AI-based tools.
Cybercriminals Still Skeptical About GenAI
During the study of hacker forums, analysts from the Sophos X-Ops team observed that many cybercriminals remain sceptically disposed towards GenAI. The number of discussions on this topic – compared to “traditional” threads such as malware or Access-as-a-Service – is limited. However, researchers noticed a small but significant change in the way cybercriminals use AI. Despite the persistent scepticism, some hackers use AI for the automation of simple tasks such as designing fake sites and editing messages, or data analysis. In the cybercriminal underworld, there may be a market for certain GenAI applications, but these are likely primarily time-saving tools for hackers, rather than facilitating the creation of new threats.
IT Departments Fear Gaps and Job Reductions
Deep learning models can identify malicious files in a fraction of a second, and GenAI can create incident summaries or recommend the next steps to an analyst. However, low-quality or improperly deployed artificial intelligence models can also introduce significant risk for company cybersecurity. This is noticed by IT department heads: as indicated by the Sophos study, as many as 89% of them express concerns that potential gaps in the GenAI tools used in cybersecurity could harm their company. Companies also realise the consequences of over-reliance on AI. 84% of respondents are concerned about the resulting pressure to reduce the employment of cybersecurity specialists (42% are very concerned). 87% express concerns about the resulting dilution of responsibility for cybersecurity.
Companies “Don’t Know What They Don’t Know”
Sophos experts point out that many companies may not have sufficient knowledge to make a reliable assessment of the acceptable risk level. Almost all the surveyed companies declare that they assess the processes and control of security used in the development of GenAI tools. However, this requires an advanced level of knowledge about artificial intelligence and transparency from suppliers, who rarely provide full GenAI development processes, and IT teams have limited insight into best AI creation practices.
GenAI A Solution for Burnout, But in Smaller Companies
Benefits companies want to achieve by implementing AI in cybersecurity areas vary depending on their size and different challenges they face. The largest enterprises (employing over 1000 people) mainly focus on increasing the level of protection. Entities employing 100 to 249 workers focus on improving business results, while smaller companies (50-99 employees) primarily aim to limit professional burnout. This aspect overall ranked lowest on the list of priorities.
Conclusion
As Sophos experts emphasise, companies should also look at artificial intelligence from a human perspective – focus on how AI can support employees by dealing with low-level, repetitive tasks and providing them with detailed information. In the situation where there is a worldwide shortage of cybersecurity specialists, artificial intelligence can especially help in reducing their turnover.
The report “Beyond the Hype: The Businesses Reality of AI for Cybersecurity” is based on a study conducted in November 2024 by Vanson Bourne on behalf of Sophos. The survey covered 400 IT security decision-makers in companies employing from 50 to 3000 workers. All respondents were employed in the private or non-profit sector and used endpoint security solutions from 19 different suppliers and 14 MDR service providers.
Source: https://managerplus.pl/szefowie-dzialow-it-o-ai-84-obawia-sie-redukcji-kadr-89-wskazuje-na-luki-w-zabezpieczeniach-67632
