- Splunk CISO Report Lays Out Security Team’s Views on 2024
- Report details the rise of GenAI in both cyber defense and cyber attacks
- There is a notable gap between the thoughts of board members and security experts.
The rise of generative AI (GenAI) in cybersecurity continues: More than half (52%) of CISOs prioritize innovation with emerging technologies, although only one-third (33%) of board members agree agreement, according to new research.
Splunk’s latest CISO Report outlines the priorities and opinions of industry professionals, noting how the cyber landscape is changing rapidly, but 41% of security leaders reported that requirements are becoming easier to meet, despite of the greater effectiveness and frequency of cyber attacks.
GenAI is used to protect businesses against threats from attackers, and CISOs use AI for risk identification (39%), threat intelligence analysis (39%), and threat detection and prioritization (35%), plus to outline CISO priorities. , this is what we know.
Playing both sides
It’s no secret that GenAI is becoming an integral part of cybersecurity on both the defensive and offensive sides, with attackers using the technology for a variety of purposes, including making existing attacks more effective (32% ), increase the volume of existing attacks (28%). %) and the creation of new types of cyber threats (23%).
The report illustrates a gap between CISOs and board members, not only in attitudes, but also in allocation, as only 29% of CISOs feel they have an adequate budget to protect their companies, compared to 41% of boards of directors who believe their budgets are sufficient. This emerges as a serious risk factor, with nearly two-thirds (64%) of CISOs linking a lack of support to the cyberattacks they experience.
This is not the first report of a disconnect between them, as many CISOs feel they do not receive the appropriate level of respect from their board, with board members downplaying the severity of the attacks and accusing CISOs of be “too negative.”
But there are certainly reasons to worry. Although AI is used in cyber protections, it is also making cyber attacks even smarter and more dangerous, and this tops the list of CISOs’ concerns, with 36% saying AI-powered attacks are their main concern, followed by cyber extortion (24%). ) and data leaks (23%).
“Individual employees play a vital role in data protection. Phishing scams and insider threats are becoming more sophisticated. Whether a large enterprise or a small business, education and awareness across all departments must be combined with AI-powered technologies that detect threats,” says Greg Clark, Director of Product Management, Data Security, OpenText Cybersecurity.
Skills shortages also remain a critical issue in technology, but 86% of respondents believe AI can help fire more entry-level talent to bridge the current cybersecurity skills gap, and 65% also believe that AI will ‘enable experienced security professionals ‘to be more productive’.
Overwhelmingly, security experts are joining legal and compliance teams to step up training: 91% increase security training for legal and compliance workers, and 90% provide legal and compliance training for security professionals, so the industry is taking steps to cover all bases.
Attack prevention
Preventing cyberattacks is really the bread and butter of cybersecurity teams, but if you’re just starting out with a small business or want to be ultra-secure, here are a couple of top tips for maintaining cyber hygiene.
First, and probably most important, are strong passwords and multi-factor authentication (MFA). Around 80% of data breaches are due to poor password security, so this is really crucial. Make sure all company passwords are complex, varied, and as long as possible while still being easy to remember.
Deploy password managers and authentication software to ensure employee passwords are secure and ensure a strong password policy is in place so all workers understand the criteria for secure credentials and their importance.
Regular and comprehensive cybersecurity training for all employees is key for your organization to recognize and mitigate potential threats. This should focus on educating employees on risk management and security controls, such as antivirus software and firewalls, as well as enterprise-wide cybersecurity frameworks.
Vulnerability assessment by external providers is becoming increasingly important. Companies and organizations are inevitably connected and it is practically impossible for companies to operate without using third-party software providers.
No matter how impenetrable your cybersecurity is, an attack on a third party can leave you exposed, as illustrated by the US Treasury’s “major incident,” a cyberattack originating from a compromised third party.
We know budgets are tight and cybersecurity is not always a priority, but ransomware attacks can easily cost an organization millions and can have a knock-on effect on the trust of customers and business partners, as well as damage to business. reputation, so safe practices are a worthy investment.
