CIOs warned of AI over-reliance in cybersecurity defence
Michael Marcotte, Co-Founder of the US National Cybersecurity Center and Chairman, CEO, & Founder of artius.iD, is warning Chief Information Officers (CIOs) about the risks of over-reliance on artificial intelligence (AI) in corporate cybersecurity strategies.
Marcotte's warning comes as a recent ISC2 Cybersecurity study reveals that 58% of cybersecurity professionals believe that a lack of skills significantly jeopardises their organisation's security. Marcotte, who has previously served as Global CIO at the satellite communications company EchoStar, is concerned that CIOs and Chief Technology Officers (CTOs) are falling into what he terms "AI tunnel vision," thereby increasing the vulnerability of their organisations.
Michael Marcotte stated: "AI has rightly got cybersecurity professionals excited, and there are plenty of opportunities that it opens up. However, this does not excuse the dire lack of attention currently being paid to one of the foundational pillars of corporate security ��� cyber skills training."
He further elaborated on the issue by saying, "I'm not talking about annual training days that teach employees not to open a phishing email and then never discuss anything cyber again. I mean teaching comprehensive, robust cyber expertise to security experts. Sadly, this has completely fallen by the wayside, as CIOs look to streamline their operations with AI, neglecting the crucial importance of having genuine cybersecurity experts on your team ��� which are sadly few and far between these days."
The cybersecurity sector is currently experiencing an AI-driven transformation. Criminal entities are employing AI to create sophisticated deepfakes and produce malware at an unprecedented rate, as evidenced by recent incidents involving AI-generated malicious scripts. Despite this, a study from Vectra indicates that 89% of cybersecurity professionals intend to depend more heavily on AI in the upcoming year. Marcotte, who is also on the Board of Directors of the More Too Life Foundation, fears that this shift towards AI may lead to complacency and a gradual erosion of essential cybersecurity skills within corporations.
Michael Marcotte continued: "The rise of AI has meant that there is now a chronic shortage of genuine, foundational cybersecurity skills in corporate defence teams ��� and this is now a massive risk for these companies."
He added, "This brain drain of cyber skills and expertise means that many corporations are now far more exposed to cyber threats than they���re actually aware of ��� and CIOs and CTOs have been unconsciously complicit in this, as they have slacked on teaching the hard skills necessary to protect a corporation from the myriad of AI-enabled threats out there. And this is especially prevalent in sectors that aren���t traditionally tech-heavy, but are still targets of cyber crime ��� the charity sector is a good example of this for example."
Marcotte clarified his stance by stating, "I'm no luddite. AI should absolutely be a tool in the arsenal of any cyber professional today, and I strongly believe it's necessary to face down cutting-edge threats like deepfakes. However, it should be just that ��� a tool in the hands of a skilled professional, rather than a wholesale replacement for that skilled professional."
He concluded his argument by suggesting, "This return to emphasizing skills shouldn't just be narrowly restricted to the security departments either ��� it has to go right to the top, all the way up to the CEO. If more CEOs were cyber experts, it would set the standard for the entire organisation, greatly improving total resiliency."
