Rapid Surge in Enterprise AI Adoption by 600% Poses Significant Data Security Risks, Zscaler Reports
The adoption of artificial intelligence (AI) and machine learning (ML) tools in enterprises has surged by nearly 600%, according to a report by Zscaler. The number of monthly transactions using these tools has increased from 521 million in April 2023 to 3.1 billion by January 2024. However, this rapid adoption comes with significant data security risks.
Concerns about security have led to a 577% increase in blocked AI/ML transactions in just nine months. Adversarial AI, a growing threat, has been weaponized by attackers to launch cyber attacks without organizations’ knowledge. This poses a serious challenge to Chief Information Security Officers (CISOs) and the enterprises they protect.
Zscaler’s ThreatLabz 2024 AI Security Report emphasizes the need for a scalable cybersecurity strategy to protect the increasing number of AI/ML tools being onboarded by enterprises. The report highlights data protection, AI data quality management, and privacy concerns as dominant issues in the industry.
The report also sheds light on the adoption of AI/ML tools and the risk of cyber attacks in various industries. Manufacturing accounts for the highest proportion of AI traffic at 20.9%, followed by finance and insurance at 19.9%, and services at 16.8%. These statistics reveal the unpreparedness of these industries for AI-based attacks.
To mitigate these risks, CISOs and their security teams have resorted to blocking a record number of AI/ML transactions. However, blocking is only a temporary solution to a larger problem. It is important for organizations to make better use of available telemetry data and decipher the massive amount of data captured by cybersecurity platforms.
Leading cybersecurity vendors such as CrowdStrike, Palo Alto Networks, and Zscaler have deep expertise in AI and machine learning. These vendors are training their models on AI-driven attack data to keep up with the attackers’ use of adversarial AI.
The report also highlights the emergence of a more lethal AI threatscape. Enterprises face both data protection and security risks associated with enabling AI tools, as well as the risks posed by generative AI tools and automation. CISOs and their teams must prioritize risk management and ensure the protection of intellectual property, containment of shadow AI, and data privacy and security.
The challenges of balancing productivity and security in the face of the new AI threatscape are evident. Zscaler’s CEO, Jay Chaudhry, was targeted in a vishing and smishing attack where threat actors impersonated him to deceive an employee into divulging information. Attackers are relying on AI to launch ransomware attacks at scale and faster than ever before.
Generative AI is being used to automate various stages of the attack chain, including reconnaissance, code exploitation, and the creation of polymorphic malware and ransomware. Attackers are continually experimenting with generative AI to improve the sophistication and effectiveness of their attacks.
In conclusion, the rapid surge in enterprise AI adoption has brought about significant data security risks. Organizations must prioritize cybersecurity strategies to protect themselves from AI-based attacks. The challenges of balancing productivity and security in the face of a new AI threatscape require careful consideration and proactive measures to mitigate risks.