NEW YORK, NY, August 23, 2023 – Deep Instinct, the prevention-first cybersecurity company that stops unknown malware pre-execution with a purpose-built, AI-based deep learning (DL) framework, released the fourth edition of its Voice of SecOps Report. The research – “Generative AI and Cybersecurity: Bright Future or Business Battleground?” – was conducted by Sapio Research and surveyed over 650 senior security operations professionals in the US, including CISOs and CIOs.
The study highlights the impact of generative AI in the cybersecurity industry, analyzing the technology’s positive and negative effect on organizations’ security postures and preparedness. Unsurprisingly, 75% of security professionals witnessed an increase in attacks over the past 12 months, with an astonishing 85% attributing this rise to bad actors using generative AI.
Generative AI: Business Friend or Foe?
According to the study, 69% of respondents have already adopted generative AI tools within their organization, with the highest adoption taking place (80%) within the finance sector. Nearly three fourths (70%) of security professionals say generative AI is positively impacting employee productivity and collaboration, with 63% stating the technology has also improved employee morale.
However, senior security professionals also view generative AI as a disruptive cybersecurity threat, with nearly half (46%) of respondents believing generative AI will increase their organization’s vulnerability to attacks. The top three generative AI threat issues include growing privacy concerns (39%); undetectable phishing attacks (37%); and an increase in the volume and velocity of attacks (33%).
The technology has already been repurposed by bad actors as evidenced by WormGPT, a new generative AI tool advertised on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise attacks.
Ransomware: As New Vulnerabilities Emerge, An Old Threat Remains a Challenge
In addition to concerns around unknown attacks fueled by generative AI, ransomware continues to plague organizations, with nearly half (46%) of respondents saying that ransomware is the greatest threat to their organization’s data security. In fact, 62% admit that ransomware is the number one C-suite concern, up from 44% in 2022.
The pressure to address the ongoing threat of ransomware is causing organizations to shift their data security approach, with almost half (47%) of respondents now possessing a policy to pay the ransom, versus 34% in 2022. This has resulted in 42% of respondents paying for the return of their data over the past year – up from 32% last year. Conversely, those who opt to pay because they have ransomware insurance has fallen from 62% in 2022 to 43% in 2023.
Mounting Security Team Stress: A Call to Change the Status Quo
Today’s cybersecurity teams are grappling with an increased workload given the adoption of new technologies like generative AI. As a result, more than half (55%) of security professionals say their stress levels have increased, with the top reason being staffing and resource limitations (42%). In fact, 51% are likely to leave their job in the next 12 months as a result of stress.
Furthermore, despite the persisting industry skills gap, job security has become a concern for some cybersecurity professionals, with 14% of respondents fearing their job will soon become irrelevant and 11% feeling unclear if their role will exist five years from now due to the rise of AI.
When diving deeper into the top stressors, false positives from antiquated cybersecurity tools are creating a massive strain on security operations teams’ time, with false positives accounting for over two working days of lost productivity per week. This has caused dissatisfaction with current security tools, with most (65%) respondents saying they deserve better from Endpoint Detection and Response (EDR) and Next-Generation Antivirus (NGAV) solutions – up from 51% in 2022.
EDR tools make it impossible to truly prevent threats. To alleviate cybersecurity team stress and strengthen security postures, prevention must take precedence over reactive protection. Nearly three out of four respondents (72%) believe preventing attacks before they occur is a priority, signaling a needed change from the industry.
“In this new era of generative AI, the only way to combat emerging AI threats is by using advanced AI – one that can prevent and predict unknown threats. Relying on antiquated tools like EDR is the equivalent of fighting a five-alarm fire with a garden hose,” said Lane Bess, CEO of Deep Instinct. “Assuming breach has been an accepted stance but the belief that EDR can get out ahead of threats is simply not true. A shift toward predictive prevention for data security is required to remain ahead of vulnerabilities, limit false positives, and alleviate security team stress.”
Sapio Research surveyed 652 senior cybersecurity experts from companies with 1,000+ employees in the USA. The interviews were conducted online in June 2023 using an email invitation and an online survey.
Respondents worked at organizations which operated in either financial services, technology, manufacturing, retail, healthcare, public sector, or critical infrastructure (such as telecoms, energy, utilities, and transportation).
C-suite is defined as those who hold chief, global, head of department, or director roles, while reports are those who hold a manager, administrator, analyst, team lead, or officer role.