Cybersecurity teams excluded from AI onboarding

ISACA research shows automating threat detection/response and endpoint security are the most popular applications of AI for security operations.

  • Monday, 28th October 2024 Posted 5 months ago in by Phil Alsop

Only 35% of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half 45% report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.

In response to new questions asked by the annual study, sponsored by Adobe—which showcases the feedback of more than 1,800 cybersecurity professionals on topics related to the cybersecurity workforce and threat landscape—security teams noted they are primarily using AI for:

- Automating threat detection/response (28%)

- Endpoint security (27%)

- Automating routine security tasks (24%)

- Fraud detection (13%)

“In light of cybersecurity staffing issues and increased stress among professionals in the face of a complex threat landscape, AI’s potential to automate and streamline certain tasks and lighten workloads is certainly worth exploring,” says Jon Brandt, ISACA Director, Professional Practices and Innovation. “But cybersecurity leaders cannot singularly focus on AI’s role in security operations. It is imperative that the security function be involved in the development, onboarding and implementation of any AI solution within their enterprise – include existing products that later receive AI capabilities.”

Exploring the Latest AI Developments

In addition to the 2024 State of Cybersecurity survey report findings on AI, ISACA has been developing AI resources to help cybersecurity and other digital trust professionals navigate this transformational technology:

- EU AI Act white paper: Enterprises need to be aware of the timeline and action items involved with the EU AI Act, which puts requirements in place for certain AI systems used in the European Union and bans certain AI uses—most of which will apply beginning 2 August 2026. ISACA’s new white paper, Understanding the EU AI Act: Requirements and Next Steps, recommends some key steps, including instituting audits and traceability, adapting existing cybersecurity and privacy policies and programs, and designating an AI lead who can be tasked with tracking AI tools in use and the enterprise’s broader approach to AI.

- Authentication in the deepfake era: Cybersecurity professionals should be aware of both the advantages and risks of AI-driven adaptive authentication, says new ISACA resource, Examining Authentication in the Deepfake Era. While AI can enhance security by being used in adaptive authentication systems that adapt to each user’s behavior, making it harder for attackers to access, AI systems can also be manipulated through adversarial attacks, are susceptible to bias in AI algorithms, and can come with ethical and privacy concerns. Other developments, including research into integrating AI with quantum computing that could have implications for cybersecurity authentication, should be monitored, according to the paper.

- AI policy considerations: Organisations adopting a generative AI policy can ask themselves a set of key questions to ensure they are covering their bases, according to ISACA’s Considerations for Implementing a Generative Artificial Intelligence Policy—including “Who is impacted by the policy scope?”, “What does good behavior look like, and what are the acceptable terms of use?” and “How will your organisation ensure legal and compliance requirements are met?”

Advancing AI Knowledge and Skills

ISACA also has added to its education and credentialing options to help the professional community keep pace with the changing AI and cybersecurity landscape:

- Machine Learning: Neural Networks, Deep Learning, Large Language Models— ISACA’s latest on-demand AI course, which joins the recent Machine Learning for Business Enablement course, as well as others on topics such as AI essentials, governance, ethics and audit, can be accessed through ISACA’s online portal at the learner’s convenience and offers continuing professional education (CPE) credits. The courses are available at www.isaca.org/ai.

- Certified Cybersecurity Operations Analyst— As emerging technologies like automated systems using AI evolve, the role of the cyber analyst will become more critical in protecting digital ecosystems. ISACA’s upcoming Certified Cybersecurity Operations Analyst certification, launching in Q1 2025, focuses on the technical skills to evaluate threats, identify vulnerabilities, and recommend countermeasures to prevent cyber incidents.

Failure to prioritise testing and integrate generative AI tools raises concerns as agentic AI adds pressure.

CIOs 'overspend' on cloud

Posted 5 days ago by Phil Alsop
43% of CIOs say their CEOs and/or board of directors have concerns about their company’s cloud spend.
Research revealed at Coterie Connect event highlights shifting team structures, evolving skills priorities, and urgent training needed for partner...
Endava has launched its latest research report “AI and the Digital Shift: Reinventing the Business Landscape”.

3,000% surge in enterprise use of AI/ML tools

Posted 1 week ago by Phil Alsop
Zscaler has released the ThreatLabz 2025 AI Security Report, based on insights from more than 536 billion AI transactions processed between February...
Over one in four (28%) British small business owners have used AI tools to help run their business.

Tech fragmentation cited as biggest cyber challenge

Posted 1 week ago by Phil Alsop
New Palo Alto Networks data shows 82% of UK organisations confident in their use of AI, despite AI being identified as biggest cyber risk for 2025.
MIT researchers crafted a new approach that could allow anyone to run operations on encrypted data without decrypting it first.