Artificial intelligence (AI) will play an important role in the cybersecurity evolution, Gartner analysts expected. As both offense and defense sides are using AI, organizations should strengthen their strategy and leadership, and investigate emerging technologies including AI-augmented security tools.
“The rise of AI is a double-edged sword for CISOs,” Katell Thielemann, VP analyst at Gartner, said at the Gartner Security & Risk Management Summit this week. “Enterprises are facing a deluge of automated cyberattacks, which are exponentially rising in velocity, variety, and complexity. However, AI is simultaneously supporting security teams in detecting and responding to threats, fundamentally changing organizations’ defense paradigms.”
“If the 2020s were the decade of [hybrid everything], the 2030s will be the decade of [augmented everything],” echoed Andrew Walls, distinguished VP analyst at Gartner. “Attackers are weaponizing AI just as fast as organizations augment their defenses with it, meaning that it’s not enough for cybersecurity technologies to evolve – strategy and leadership approaches must change, too.”
Because of that, Gartner analysts recommended three ways security leaders can prepare for the ever-changing threat landscape over the next 10 years.
First of all, security leaders shouldn’t just focus on immediate threats, instead, they should embrace the continuous foresight strategy that integrates research insights into internal capabilities and third-party tools to maintain a proactive security approach, analysts suggested.
This approach also will help teams to build a “flexible enough” investment strategy to respond to new threats, as executives and boards of directors are expecting security investment returns typified by fewer breaches and greater enterprise resilience.
Secondly, analysts reminded security leaders that they are unlikely to excel in all effective enterprise security requirements — deep technical, business, and strategy expertise, so know your strengths and weaknesses.
Gartner predicted that a single, centralized cybersecurity function will not be agile enough to meet the needs of a digital organization by 2025.
“The most effective CISOs don’t try to do it all,” Thielemann argues. “Play to your strengths as a leader, and then augment your teams with those who complement your weaknesses.”
Lastly, analysts remind organizations that new attack techniques and threat vectors will continue to emerge. So, leaders must remain on the cutting edge of innovations by researching technologies such as cybersecurity mesh architecture, AI-augmented security tools, and homomorphic confidential computing.