The report, which analyses organisation’ plans for securing and governing the use of generative AI tools, details cognitive dissonance among security leaders as the technology increasingly becomes a mainstay at work. According to the findings, 73% of IT and security leaders admit their employees use generative AI tools or Large Language Models (LLM) sometimes or frequently at work, yet, they aren’t sure how to appropriately address security risks.
Security isn’t the top priority
When asked, IT and security leaders are more concerned about getting inaccurate or nonsensical responses (40%) than security-centric issues, like exposure of customer and employee personal identifiable information (PII) (36%), exposure of trade secrets (33%), and financial loss (25%).
Generative AI bans prove ineffective
Almost a third (32%) of respondents shared that their organisation has banned the use of generative AI tools, a similar proportion to those who are very confident in their ability to protect against AI threats (36%). Despite these bans, only 5% say employees never use these tools at work, signalling that they are ineffective.
Organisations want more guidance - especially from their governments
Although nearly three-quarters (74%) surveyed have invested or are planning to invest in generative AI protections or security measures this year, IT and security leaders want more guidance. A majority (90%) of respondents want the government involved in some way, with 60% favouring mandatory regulations and 30% supporting government standards that businesses can adopt at their own discretion.
Basic hygiene is lacking
More than four in five (82%) are very or somewhat confident their current security stack can protect against threats from generative AI tools. However, less than half have invested in technology that helps their organisation monitor the use of generative AI. Furthermore, only 46% have policies in place governing acceptable use, and 42% train users on safe use of these tools.
Following the launch of ChatGPT in November 2022, enterprises have had less than a year to fully weigh the risks versus the rewards that come with generative AI tools. Amid rapid adoption, it is important that business leaders better understand their employees’ generative AI usage so they can then identify potential gaps in their security protections to ensure data or intellectual property is not improperly shared.
“There is a tremendous opportunity for generative AI to be a revolutionary technology in the workplace,” said Raja Mukerji, Co-founder and Chief Scientist, ExtraHop. “However, as with all emerging technologies we’ve seen become a staple of modern businesses, leaders need more guidance and education to understand how generative AI can be applied across their organisation and the potential risks associated with it. By blending innovation with strong safeguards, generative AI will continue to be a force that will uplevel entire industries in the years to come.”
Click here to download the report and read the blog.
This research was conducted by Censuswide in Fall 2023.
FACTFILE; ExtraHop is the cybersecurity partner enterprises trust to reveal the unknown and unmask the attack. The company’s Reveal(x) 360™ platform is the only network detection and response platform that delivers the 360-degree visibility needed to uncover the cybertruth. When organisations have full network transparency with ExtraHop, they see more, know more, and stop more cyberattacks. Learn more at www.extrahop.com
And October is Cyber Security month, after all...
(Image courtesy of Pete Linforth from Pixabay)
No comments:
Post a Comment