Most businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks, according to Netacea.
Offensive AI in cyberattacks
The research, “Cyber security in the age of offensive AI”, surveyed security leaders in the UK and US about their experience with AI as a tool in cybersecurity. It reveals that not only do most security leaders expect daily AI-driven attacks, 65% expect that offensive AI will be the norm for cybercriminals, used in most cyberattacks.
The results suggest that security leaders understand the significance of offensive AI and expect the next six months to issue the dawn of a new generation of cyberattacks.
Poor in time and burdened with a pressure to secure their organization against both known threats and those that are yet to rear their heads, security leaders are tasked with making sure offensive AI has a place in board level discussions, alongside high impact attacks such as ransomware and DDoS.
Despite this expectation, there are false perceptions around where these threats do the most harm. Only 11% of security leaders see bot attacks as the greatest cyber threat facing their business, below ransomware, phishing, and malware.
In previous research, Netacea discovered that relentless bot attacks cost businesses 4.3% of their online revenue—for the largest businesses, this was the equivalent of fifty ransomware payouts.
AI transforms cyber defense and offense
AI will not only be used as a tool to enhance cyberattacks, but in cyber defence, too. While a report from the Office of National Statistics reported that 83% of businesses had no plans to adopt AI, this is not borne out when looking at cybersecurity.
All respondents to Netacea’s survey had incorporated AI into their security stack in some way, and all said that it had improved their security posture, with 27% reporting this improvement was significant. The use of AI is also proving to be efficient, with 61% of security leaders agreeing that AI has significantly decreased their operational overheads.
However, the use of AI-enhanced protection was mostly used to defend against high-impact low-frequency attacks such as DDoS (62%), rather than bot attacks (33%). This suggests that while AI is a welcome defence against cyber threats, it is not yet being applied universally and against the most damaging attacks.
The gaps remain. While 90% of respondents are confident in the defensive AI capabilities of their Web Application Firewall, DDoS protection, and API security, only 60% of security leaders could say the same about their bot management tools.
“The pressure is on security leaders to do more with less, and so the rise of the use of AI to enhance cyber attacks could not have come at a worse time,” said Andy Still, CTO, Netacea. “AI’s power and low barrier to entry means that it will be used in many ways, including cyberattacks. While it’s heartening that so many leaders recognise the everyday threat they face from AI, there are gaps in understanding where the most damaging threats are coming from. In the arms race between offensive and defensive AI, it’s important to recognise that AI will be used anywhere it can be, and they need to respond in kind.”