In the business world, the wizards created another problem; bad configurations. I have worked in environments where it is clear that a quick config wizard was used on everything from Domain Controllers to Firewalls. Someone ran the quick config and pushed it to production. There was, apparently, no thought of hardening, no thought of reviewing things, just get it out. I am not talking about a small Mom and Pop either. This was a SME client, which was quite scary to see. Later I learned that they moved to the cloud and, yep you guessed it, they ran the basic configuration options there as well.
Now, why am I bringing all of this up? Well, it is because we are well into the push for AI (everything from GenAI, to Statistical Math Models, to Advanced Decision Making “AI”) as a viable option in IT operations and Cybersecurity to human staff. Now, interestingly enough, there are studies (one by Microsoft) that are showing the effects of reliance on GenAI. These effects include the potential for a reduction in Critical Thinking Skills or the potential for cognitive atrophy. The study finds that overreliance on GenAI can have a negative impact on how the brain operates. It is as if, not exercising your brain impacts the building and maintaining of neural pathways in the human brain. Spoiler Alert, it does.
The release of this study is interesting as this type of cognitive atrophy has been discussed for years under the phrase “skillset gap” People are becoming less able to perform complex logical tasks due to overly automated functions and the lack of any requirement to prove skill for many technical or complex functions. We see this in IT hiring, where certifications and education are often prioritized over being able to show any actual skill at the job (I have seen this one firsthand). It is a part of the modern talent acquisition and talent retention failure in the business world. For non-technical or general staff, there has been push for “don’t blame the user” when it comes to security issues. There is no requirement for an employee to demonstrate that they can perform their job properly and in a safe and secure manner. If they get popped or break a system, it is IT’s fault or it is cybersecurity’s fault. These same people then complain when IT or Cybersecurity add extra layers of protection, and the cycle continues.
Again, we get back to a core problem, which the Microsoft Study touches on, the Human Brain can lose the ability to perform logical processing when it is not used in those ways. You have to develop those pathways in the brain and maintain them through continued use (logical exercises, and other learning). By simply “doing it for them” there is a lack of building these patterns in the people who need it most. This is before you get into removing agency and responsibility from the people involved in the function and operation of your business. While you are listening to marketing messages on “enabling businesses” think about how you can also enable your staff to be more effective, efficient, and productive. A well trained and enabled staff increases your production and *Gasp* also increases your ability to respond to impacts to your business, including being able to identify, report, and avoid many basic attack types.
Now, before anyone gets out the touches and pitchforks, none of this is to say that IT operations and Cybersecurity do not need to do their job too. They have a very difficult and complex job of ensuring everything is running and as secure as their budgets and staffing can make it while allowing the business to run. It is not a fun job, and it is not an easy one. Yet, I am also seeing a reduction in practical and logical skill sets there as well (for reasons already discussed in this article). An overreliance on toolsets, automated functions, and “AI” have assisted in creating this environment (long with an almost obsessive attention to reduction of costs in these areas). You end up with underpaid, and under skilled staff trying to protect… well underpaid and under skilled staff. It is an untenable model and AI (as studies are starting to show) is not going to fix the issue and might make it worse.
Technology is great and can help with many tasks, but we should not become so reliant on it that we forget how to do things ourselves, or worse never learn them in the first place.
