Deep Instinct, a cybersecurity company focused on proactive prevention, has launched the fourth edition of its Voice of SecOps Report. The report, titled “Generative AI and Cybersecurity: Bright Future or Business Battleground?”, was crafted in collaboration with Sapio Research and encompasses insights from over 650 senior security operations professionals in the United States, including CISOs and CIOs.
The study delves into the impact of generative artificial intelligence (AI) on the cybersecurity landscape, analyzing its positive and negative effects on organizations’ security readiness. An astounding 75% of security experts acknowledged a surge in attacks within the past year, with a significant 85% attributing this increase to malicious actors employing generative AI.
Generative AI has made significant inroads in the industry, with 69% of respondents incorporating generative AI tools in their organizations. The finance sector leads in adoption, with an impressive 80% implementation rate. The majority (70%) of security professionals noted that generative AI positively influences employee productivity and collaboration, and 63% indicated that it boosts employee morale.
Yet, amid the advantages, senior security personnel also perceive generative AI as a disruptive cybersecurity menace. Nearly half (46%) of the respondents anticipate that generative AI will heighten their organizations’ susceptibility to attacks. Concerns include rising issues of privacy (39%), undetectable phishing attacks (37%), and an escalation in the frequency and velocity of attacks (33%).
Signs of generative AI’s repurposing by malicious actors are already apparent, such as the emergence of WormGPT, a generative AI tool aimed at sophisticated phishing and business email compromise attacks, promoted on underground forums.
Apart from these generative AI-related concerns, ransomware remains a formidable threat. Around 46% of respondents identified ransomware as the most significant threat to their data security. Additionally, the report revealed that ransomware is now the foremost concern for 62% of C-suite executives, up from 44% in the previous year.
Pressure to address ransomware’s persistent threat has led organizations to alter their data security approach. Presently, 47% of respondents possess a policy to pay ransoms, up from 34% in the preceding year. Consequently, 42% of participants have paid for data retrieval over the past year, compared to 32% in the prior year. Conversely, those paying due to having ransomware insurance have decreased from 62% in 2022 to 43% in 2023.
As new technologies like generative AI reshape the cybersecurity landscape, security teams are grappling with escalated workloads. Over half (55%) of security professionals reported increased stress levels, largely due to staffing and resource limitations (42%). The strain has led 51% to consider leaving their jobs within the coming year due to stress.
Despite the industry-wide skills gap, job security is a growing concern for some cybersecurity experts, with 14% fearing their roles will become obsolete, and 11% uncertain if their positions will exist in five years due to AI’s rise.
Delving into top stressors, antiquated cybersecurity tools producing false positives are a substantial burden, accounting for over two working days of lost productivity each week for security operations teams. Dissatisfaction with current security solutions is evident, as 65% of respondents believed they deserved better from Endpoint Detection and Response (EDR) and Next-Generation Antivirus (NGAV) solutions, an increase from 51% in the previous year.
The report underscores the imperative of prioritizing prevention over reactive protection to alleviate security team stress and fortify security postures. A significant 72% of respondents emphasized the importance of thwarting attacks before they transpire, indicating the industry’s need for a shift toward predictive prevention.
“In this new era of generative AI, the only way to combat emerging AI threats is by using advanced AI – one that can prevent and predict unknown threats. Relying on antiquated tools like EDR is the equivalent of fighting a five-alarm fire with a garden hose,” emphasized Lane Bess, CEO of Deep Instinct. “Assuming breach has been an accepted stance, but the belief that EDR can get out ahead of threats is simply not true. A shift toward predictive prevention for data security is required to remain ahead of vulnerabilities, limit false positives, and alleviate security team stress.”