With artificial intelligence and machine learning attracting attention, what can marketers do to show how these technologies can address the cybersecurity concerns of CIOs?
The following article is based on a CIO Crowd panel discussion that took place under the Chatham House Rule.
A couple of the hottest topics in technology right now are artificial intelligence (AI) and machine learning (ML). These related fields offer the promise of better, faster data analysis, automated decision making, and a way to keep up with today’s ever-increasing flow of data. But there’s a dark side. These technologies are also being used for criminal purposes, as ways to attempt to defeat or evade traditional cybersecurity practices. That’s why CIOs, CTOs and other IT leaders are looking at how to apply AI and ML to their cybersecurity defences.
Effectively marketing cybersecurity solutions to these tech leaders requires an understanding of their concerns and needs. To find out what CIOs think about the threat of AI and how that is affecting their cybersecurity spend, we can look at what they said at a recent CIO Crowd event.
When those attending the (virtual) event on AI and cybersecurity were surveyed, 53.8 per cent said they didn’t need to change their cybersecurity posture to deal with AI, but 38.4 per cent said their organisation was exposed to AI-enabled threats and were responding to that. The remaining 7.7 per cent said they had already been attacked or breached by AI-enhanced tools or methods.
What tech leaders are saying
The panel discussion included the CEO of an AI cybersecurity start-up, the technical director of an established cybersecurity firm, the chief trust and security officer for a private sector firm, and the head of strategy for an agency that tracks and reports cybercrime activity.
Four key takeaways emerged from the discussion that marketers should keep in mind if they want to connect with tech professionals on AI and cybersecurity.
1. Fundamentals over technology
The CIOs at the event genuinely believe there is a security threat from AI, with only 3.5 per cent saying they thought the threat of AI is overhyped. The remainder were evenly split, with 48.2 per cent saying the threat of AI-enhanced malware and AI-powered attacks is being under-reported, and the rest saying AI is just another technology that hasn’t changed how they view cybersecurity threats.
The chief trust and security officer emphasised that cybersecurity technology must support first principles. “Security's primary function is risk mitigation, risk management. And a big piece of that is reducing the likely impact of attacks that will happen.”
If you’re going to market to CIOs, you’d do well to discuss how you will help them manage the risk to the business. Help them answer the questions their bosses are going to be asking around the business benefits of any new cybersecurity solution.
2. Economics apply to attackers as well as defenders
Most cybercriminals are looking for a quick, easy payday. The more expensive – in terms of time and resources – it is to penetrate a target’s defences, the better, said the chief trust officer.
The CEO expanded on that idea, giving insights into what tech leaders want from their cybersecurity solutions and even the role of AI in those solutions.
“As defenders we’re always under siege by more than we can handle. AI in defence is not really encountering the same kinds of weapons or tools on the adversary side, so is more about enabling us defenders to work better,” he said.
AI is simply the latest challenge CIOs must face. The CIOs you’re targeting as a marketer are always feeling the crunch – whether it’s time, staff or budget – so consider showing how your solution can help them do more with the resources they have.
3. Architecture equals agility
As a marketer, it can be tempting to see your solution as the answer to everything. But that’s often not even what CIOs and other IT leaders are looking for. They don’t expect a single technology to solve everything. Instead, a layered defence, from an architectural point of view, and having the right processes in place is seen as the way to a strong but adaptable defence that can grow with the company and respond to new threats or adjust as the organisation’s risk appetite changes.
The technical director was a strong proponent of this approach: “You’ve got to get the basics right. If you can get your hygiene right, and that includes having a layered defence, and then having the right processes in place that’ll help you – that goes a long way in terms of defending. Because then it's just a question of switching out the technology at the right time for whatever is appropriate in terms of your risk appetite,” he said.
Flexibility and agility are great points to emphasise when marketing cybersecurity solutions to CIOs. Solutions that limit options or lock organisations into frameworks that can’t adapt are going to be less appealing.
4. AI and ML can multiply power
AI and ML are tools, not magic bullets, but real benefits are possible. The head of strategy believes AI can help defend against AI attackers and CIOs should look at those possibilities: “I think as we develop AI-based systems, or systems that can defend us against AI-based attacks, we need to keep that in mind. How do humans actually interact with technology?”
With a global cybersecurity talent shortfall of more than three million, skilled cybersecurity staff need all the help they can get to extend capabilities and increase speed. From a marketing perspective, emphasising how cybersecurity products can empower staff to do more is a great idea. Whether it’s automation, ease of integration into existing workflows, or a better interface, make those benefits clear.
The emergence of AI and ML are legitimate cybersecurity threats, but new threats are always emerging. Maintaining a robust cybersecurity approach that deals with existing and emerging trends is key.