GenAI keeps cybersecurity pros on high alert
“Businesses across every industry face unprecedented challenges posed by an increasing attack surface, zero-day vulnerabilities, cloud misconfigurations, and new emerging threats driven by AI,” said Andrei Florescu, president and GM of Bitdefender Business Solutions Group.
“The findings of our recent survey underscore a now vital approach to cybersecurity that layers threat prevention, protection, detection, and response across all environments, including cloud infrastructure, services, and supply chains. The goal of effective cybersecurity is not only stopping attacks at the door but also lowering risk and optimizing resources (technology and people) to help relieve pressure from security teams,” added Florescu.
When asked how much of a threat GenAI technology is to the overall cybersecurity landscape, a remarkable 96% of all respondents agreed it’s a threat with more than a 36% stating its use for manipulating or the creation of deceptive content (deepfakes) is a significant threat. Interestingly, confidence (or perhaps overconfidence) in spotting a deepfake type of attack (audio/video) was high with 74% believing colleagues in their department could do so.
Data breaches continue to increase year-over-year
57% of organizations experienced a data breach or data leak in the last 12 months, up 6% from the previous year when asked the same question. At 73.5%, UK respondents experienced the most data breaches or leaks Germany at 61%, and Singapore experienced the least at 33% (24% below the average).
64.3% of all respondents stated they will be looking for a new job in the next 12 months, up a considerable 25% when compared to last year’s result. This finding correlates with 70.2% of respondents agreeing they must work weekends due to security concerns their company faces. Respondents in the UK were most likely to work weekends at 81% and German respondents are most likely to look for new jobs at 76.6% (12.2% higher than the average).
When asked what the top security concerns are when it comes to managing cloud environments, 38.7% stated IAM followed closely by maintaining cloud compliance at 38%. Singapore respondents were well above the average (50.5%) saying IAM was their biggest challenge.
At 36%, shadow IT came in as a strong third overall followed by risk of misconfigurations at 34%. Additionally, when asked how risk is monitored across cloud infrastructure, only 44.6% of overall respondents say they conduct regular audits and assessments.
Phishing attacks growing in sophistication
The top cybersecurity threats according to overall respondents are phishing/social engineering and software vulnerabilities and/or zero-days both at 32% followed closely by GenAI’s influence on cyber threats and ransomware (both at 29%) and insider threats at 28%.
Over 74% of respondents say they have seen an increase in the sophistication of phishing attacks (likely correlating to the sudden rise of GenAI). Surprisingly, in the regions of France, US and Germany, GenAI was seen as the top threat over ransomware at 35.5%, 34.3% and 32.8% respectively.
Respondents cited the top reasons for utilizing or contemplating the use of a managed detection and response (MDR) service. Over a third of respondents cited 24×7 security coverage as the number one reason followed by access to high-level security analysts and ability to proactively threat hunt both at 29%.
Relating to managed services, an overwhelming 93% of respondents plan to increase investment in proactive cybersecurity measures (e.g. pen testing, red teaming) with 37% stating it’s very likely. Singapore respondents were most likely to invest in proactive cybersecurity at 97%.
When asked what the biggest challenge is about an organization’s current security solutions, adhering to data compliance and regulations was the number one challenge for 28% of all respondents. Extending capabilities across multiple environments was a close second at 27.5% followed by incompatibility with other security solutions at 25%. At 29%, respondents in the US were most concerned about how secure third-party partners are or 5% above the average.
The report is based on an independent survey and analysis of over 1,200 IT and security professionals ranging from manager to CISO who work in companies with 1,000 or more employees in geographical regions across the world.