Over a third of organizations experienced AI-related security breaches, with many not implementing adequate access controls
In a recent IBM Cost of a Data Breach Report, concerns about the security of Artificial Intelligence (AI) systems have come to the forefront. The report emphasizes that the current pace of AI adoption is outstripping the development of AI security and governance, creating a gap that threat actors are starting to exploit.
Suja Viswesan, Vice President of Security and Runtime Products at IBM, highlighted this issue, stating that the rapid adoption of AI without adequate oversight is leading to vulnerabilities that attackers are eager to exploit.
The report suggests that AI is already an easy, high-value target for breaches. Shockingly, 13% of organizations reported breaches of AI models or applications, and 8% are unsure if they were compromised. What's more alarming is that 97% of organizations that experienced AI-related breaches reported lacking proper AI access controls.
This lack of controls highlights the urgent need to implement stringent access management specifically tailored for AI models and applications. The report recommends incorporating AI security governance frameworks, conducting thorough risk assessments before AI deployment, and training staff to recognize and respond to AI-enabled threats.
The report also stresses the importance of embedding AI security deeply into business operations rather than treating it as an afterthought. Failure to do so not only increases breach risks but also can lead to loss of trust, transparency, and operational control.
Rapid, ungoverned AI adoption enables attackers to exploit vulnerabilities, such as using generative AI to craft effective phishing attacks that are faster and more convincing. These attacks increase incident costs and prevalence.
The report offers some promising news for organizations that prioritize AI security. Those using AI and automation extensively throughout their security operations saved an average of $1.9 million in breach costs and reduced the breach lifecycle by an average of 80 days.
However, one in five organizations reported a breach due to shadow AI, and only 37% have policies to manage AI or detect shadow AI. This underscores the need for organizations to establish policies for AI governance and implement stringent access controls to prevent data breaches.
In conclusion, the IBM Cost of a Data Breach Report underscores the urgent need for organizations to prioritize AI security and governance to mitigate the heightened risks posed by AI-driven attacks and reduce the costly impact of data breaches.
- The rapid adoption of technology, such as data-and-cloud-computing and AI, necessitates a focus on cybersecurity, given that the report reveals a gap in AI security and governance, which threat actors are starting to exploit.
- To combat the increasing AI-related threats, it's essential to implement robust cybersecurity measures that include stringent access controls, AI security governance frameworks, comprehensive risk assessments, and training for recognizing and responding to AI-enabled threats.
