GenAI keeps cybersecurity professionals on high alert

“Companies across all industries are facing unprecedented challenges from an increasing attack surface, zero-day vulnerabilities, cloud misconfigurations and new emerging AI threats,” said Andrei Florescu, President and GM of Bitdefender Business Solutions Group.

“The results of our recent survey underscore a now essential approach to cybersecurity that incorporates threat prevention, protection, detection and response across all environments, including cloud infrastructure, services and supply chains. The goal of effective cybersecurity is not only to stop attacks at the door, but also to reduce risk and optimize resources (technology and people) to reduce pressure on security teams,” added Florescu.

When asked how big a threat GenAI technology poses to the overall cybersecurity landscape, a remarkable 96% of all respondents agreed that it poses a threat, with more than 36% saying that its use to manipulate or create misleading content (deepfakes) is a significant threat. Interestingly, confidence (or perhaps overconfidence) in detecting a deepfake attack (audio/video) was high: 74% believed that colleagues in their department were capable of doing so.

Data breaches are increasing year after year

57% of organisations have experienced a data breach or data leak in the last 12 months, up 6% from the previous year when they were asked the same question. Respondents from the UK were most likely to experience a data breach or data leak at 73.5%, followed by Germany at 61% and Singapore at 33%, the least (24% below average).

64.3% of all respondents said they will be looking for a new job in the next 12 months, a notable increase of 25% from last year. This result correlates with 70.2% of respondents saying they have to work weekends due to safety concerns at their company. UK respondents are the most likely to work weekends at 81%, and German respondents are the most likely to be looking for a new job at 76.6% (12.2% more than average).

When asked what the biggest security concern is when managing cloud environments, 38.7% said IAM, closely followed by maintaining cloud compliance at 38%. Singaporean respondents were well above the average (50.5%), saying IAM was their biggest challenge.

Shadow IT came in third at 36%, followed by the risk of misconfigurations at 34%. In addition, when asked how risk is monitored across the cloud infrastructure, only 44.6% of respondents said they conduct regular audits and assessments.

Phishing attacks are becoming more sophisticated

According to the total number of respondents, phishing/social engineering and software vulnerabilities and/or zero-day attacks (both at 32%) are the top cybersecurity threats, closely followed by the impact of GenAI on cyber threats and ransomware (both at 29%) and insider threats at 28%.

Over 74% of respondents said they have observed an increase in the sophistication of phishing attacks (likely related to the sudden rise of GenAI). Surprisingly, GenAI was seen as the biggest threat to ransomware in France, the US and Germany, at 35.5%, 34.3% and 32.8% respectively.

Respondents cited the top reasons for using or considering using a Managed Detection and Response (MDR) service. Over a third of respondents cited 24/7 security coverage as the top reason, followed by access to senior security analysts and the ability to proactively hunt for threats (both 29%).

In terms of managed services, an overwhelming 93% of respondents plan to increase their investment in proactive cybersecurity measures (e.g. penetration testing, red teaming), with 37% saying they are very likely to do so. Singaporean respondents were the most likely to invest in proactive cybersecurity at 97%.

When asked what the biggest challenge is with an organization’s current security solutions, 28% of all respondents cited compliance with data privacy and regulations as the biggest challenge. Extending capabilities to multiple environments was a close second at 27.5%, followed by incompatibility with other security solutions at 25%. At 29%, U.S. respondents were most concerned about third-party security, 5% more than the average.

The report is based on an independent survey and analysis of over 1,200 IT and security professionals, from managers to CISOs, working in organizations with 1,000 or more employees in geographic regions around the world.