The Splunk report reveals that generative AI is both a problem and a solution for security teams.

As organizations navigate increasingly complex technology environments, they face a dichotomy: some leverage advanced cybersecurity tools and practices, while others struggle under the weight of new challenges.

The new Splunk Inc. State of Security Report 2024: The Race to Harness AI, released Tuesday highlights significant differences in how cybersecurity is managed. It also examines the impact of geopolitical tensions and the rise of sophisticated cyber threats, forcing security teams to rethink their approaches.

Splunk surveyed 1,650 security executives and professionals between December 2023 and January 2024 across nine countries and 16 industries. The data revealed a shared perception among cybersecurity professionals regarding the ease of managing cybersecurity requirements: approximately 41% find it easier with robust security protocols, and 46% find it more difficult.

The challenges relate to increasing technological complexity, sophisticated cyberattacks, escalating threats related to geopolitical tensions and the integration of technologies such as artificial intelligence, the Internet of Things and multi-cloud systems. These factors increase data volumes, making it difficult for organizations to establish baseline cybersecurity controls to secure new assets and protect against simple human errors.

Additionally, compliance requirements have become more stringent. Security professionals are personally responsible for their organization’s compliance violations, with 28% acknowledging that regulatory compliance complicates their role. Around 27% of security teams struggle to manage emergencies, indicating a lack of long-term strategic planning and investment. Additionally, the sheer volume of security alerts remains a challenge for 26% of professionals.

In 2024, various cybersecurity threats have emerged, ranging from business email compromises exploiting human deception to brute force distributed denial of service attacks, all with the common goal of causing disruption. Additionally, 86% of organizations believe that current geopolitical tensions are making their organizations more frequent targets. This is especially true for technology companies, which play a central role in information technology infrastructure and are therefore commonly exploited.

The adoption of generative AI is quickly becoming a focal point of cybersecurity strategies. About 44% prioritize AI initiatives, even over cloud security. Generative AI is prevalent across all industries, with 93% of organizations using it daily.

This rapid adoption, driven by innovation or perhaps fear of missing out, has raised concerns about its dual use by cybercriminals. According to the results, 45% of professionals fear that generative AI will primarily benefit criminals by augmenting existing threats like phishing. Internally, 77% anticipate more data breaches due to the use of generative AI.

The use of generative AI within security teams is very high, with 91% of security teams saying they use it, although 65% say they do not fully understand its implications. I found this data point interesting because it shows that security teams are looking for a better way of doing things, even if it means having to understand the ramifications later.

Yet, with 93% of organizations relying on their past experiences with AI, they feel optimistic about managing risks. Large organizations are leveraging generative AI more effectively and innovatively in their cybersecurity efforts than their less mature counterparts. In these organizations, 48% of leaders prioritize generative AI, compared to just 30% in developing organizations. Additionally, 75% of executives cite widespread use of generative AI within their security teams, compared to just 23% in developing organizations.

Cybersecurity leaders are taking a more systematic, less experimental approach to integrating generative AI. Most (82%) have established specific security policies for generative AI, while only 46% of developing organizations have done so.

This strategic approach extends to incident response, where leading organizations significantly outperform others. They report an average time to detect disruptive incidents of 21 days, compared to 34 days. There is also a notable difference in recovery times, with executives taking just over 44 hours to recover business-critical workloads, compared to 5.7 days on average.

Splunk recommends that organizations implement the following best practices to protect their data and maintain a strong security posture in a digitally interconnected world:

• Embrace generative AI. Since most businesses and security teams already use generative AI, create policies that promote innovation and address risks like data breaches.
• Promote collaboration and consolidation of tools. Encourage cooperation between departments, particularly IT, to improve digital resilience. Simplify operations by consolidating tools to focus on major threats.
• Align with legal and compliance teams. As regulatory requirements become more central, work closely with legal and compliance teams to integrate compliance into daily security operations.
• Advocate for resources. Leaders must demonstrate the business value of robust cybersecurity measures to gain management support.
• Encourage hiring and training. Address skills shortages by using AI and employing creative training methods, such as allowing non-security personnel to participate in security operations.
• Focus on the fundamentals. Adopt basic cybersecurity practices, such as regular updates of IT asset inventories, which can mitigate risks and improve compliance in the long term.
• Stay informed about global dynamics. Stay up to date with global policy and regulatory changes and understand their impact on cybersecurity.

Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.

Image: SiliconANGLE/Microsoft Designer