- The Splunk Ciso report presents the thoughts of the security team about 2024
- Report details the increase in Genai both in CyberDefense and in cyber attacks
- There is a notable gap between the thoughts of the Board members and security experts.
The increase in generative AI (Genai) in cybersecurity continues, with more than half (52%) of the CISOs that prioritize innovative with emerging technologies, although only one third (33%) of the members of the Board , has affirmed a new investigation.
The last Splunk Ciso report describes the priorities and opinions of industry professionals, pointing out how cyberscapate is changing rapidly, but 41% of security leaders reported that the requirements are becoming easier to maintain, despite The greatest effectiveness and frequency of cyber attacks.
Genai is being used to protect companies against the threats of attackers, and the Ciso use AI to identify risks (39%), threat intelligence analysis (39%) and detection and prioritization of threats (35%), as well As to describe priorities for the fissus, this is what we know.
Playing both sides
It is no secret that Genai is becoming an integral part of cybersecurity on the defensive and offensive sides, with attackers who use technology for a variety of ends, including the fact that existing attacks are more effective (32%) , increasing the volume of existing attacks (28 %), and create new types of cyber threats (23 %).
The report illustrates a gap between the CISO and the members of the Board, not only in attitudes, but also in the allocation, with only 29% of the CISOs who feel that they are given an adequate budget to protect their companies, in Comparison with 41% of the joints that believe that their budgets are sufficient. This is manifested as a serious risk factor, with almost two thirds (64%) of the CISOs that link the lack of support for the cyber attacks they experience.
This is not the first report of a disconnection between, with many feelings of Ciso that do not obtain the right level of respect for its Board, with members of the Board minimizing the seriousness of the attacks and accusing Ciso of being “too negative.”
But there are certainly reasons to worry. Although AI is being used in cyber protections, cyber attacks are also AI are their main concern, followed by cybernetic extortion (24% (24%), and data violations (23%).
“Individual employees play a fundamental role in data protection. Phishing scams and internal threats are only becoming more sophisticated. Whether a large company or a small business, education and awareness in all departments need to be placed in layers on the technologies promoted by AI that detect threats, “says Greg Clark, Director of Product Management, Data Safety, Text Cybersecurity Open
The shortage of skills also remains a critical problem in technology, but 86% of respondents believe that AI can help firing more entrance level talent to navigate the ongoing cyber security skills gap, and the ongoing 65% also believe that AI will allow experienced security professionals to be more productive. '
Overwhelmingly, security experts join with compliance and legal equipment to increase training, with a 91% security training by increasing for legal and compliance workers, and 90% provide legal training and compliance for professionals from professionals Security, so the industry is taking measures to cover all bases.
Attack prevention
The prevention of cyber attack is really bread and butter for cyber security equipment, but if you are just beginning with a small business or want to be ultra safe, then here there are a couple of main tips to maintain cyber-higiene.
First, and probably the most important thing, they are safe passwords and multifactor authentication (MFA). About 80% of data violations come from bad password safety, so this is really crucial. Make sure all the passwords of the company are complex, varied and as long as possible as long as they are memorable.
Implement password administrators and authentication software to ensure that employee passwords are insured, and make sure there is a safe password policy so that all workers understand the criteria for solid credentials and their importance.
Regular and integral cybersecurity training for all employees is key to train their organization to recognize and mitigate possible threats. This should focus on educating employees in risk and safety management controls, such as antivirus software and firewalls, as well as the company of the cyber security frameworks.
More and more important, is the evaluation of external suppliers for vulnerabilities. Companies and organizations are inevitably connected and it is practically impossible for companies to operate without using any third -party software provider.
No matter how impenetrable its cybersecurity is, an attack against a third can leave it exposed, illustrated by the “major incident” of the United States Treasury, a cyber attack originated from a committed third party.
We know that budgets are adjusted, and cybersecurity is not always a priority, but ransomware attacks can easily cost an organization millions and can have an effect on customer confidence and commercial partners, as well as the damage of the Reputation, so safe practices are a decent investment.