Splunk report finds generative AI both a problem and a solution for security teams

This syndicated post originally appeared at Zeus Kerravala – SiliconANGLE.

As organizations navigate increasingly complex technological environments, they face a dichotomy: Some are harnessing advanced cybersecurity tools and practices, while others are struggling under the weight of new challenges.

Splunk Inc.’s new 2024 State of Security Report: The Race to Harness AI, released Tuesday, highlights significant differences in how cybersecurity is managed. It also delves into the impact of geopolitical tensions and the rise of sophisticated cyber threats, all forcing security teams to rethink their approaches.

Splunk surveyed 1,650 security executives and professionals from December 2023 to January 2024 in nine countries and 16 industries. The data revealed a split perception among cybersecurity professionals regarding the ease of managing cybersecurity requirements: Some 41% find it easier due to robust security protocols, and 46% find it more challenging.

The challenges are linked to rising technological complexity, sophisticated cyberattacks, escalating threats from geopolitical tensions, and integration of technologies such as artificial intelligence, the internet of things and multicloud systems. These factors increase data volumes, making it difficult for organizations to establish basic cybersecurity controls to secure new assets and protect against simple human errors.

Additionally, compliance requirements have become stricter. Security professionals are personally accountable for their organizations’ compliance violations, with 28% acknowledging that regulatory compliance complicates their roles. About 27% of security teams struggle to manage emergencies, indicating a lack of long-term strategic planning and investment. Additionally, the sheer volume of security alerts remains challenging for 26% of professionals.

In 2024, various cybersecurity threats emerged, from business email compromises that exploit human deception to brute-force distributed denial-of-service attacks — all with the common goal of causing disruption. Furthermore, 86% of organizations believe current geopolitical tensions made their organizations more frequent targets. This is especially true for technology companies, which are central to information technology infrastructure and thus commonly exploited.

Generative AI adoption is rapidly becoming a focal point in cybersecurity strategies. About 44% prioritize AI initiatives, even over cloud security. Generative AI is widespread across industries, with 93% of organizations using it daily.

This rapid adoption, driven by innovation or possibly the fear of missing out, has led to concerns about its dual use by cyber criminals. According to the findings, 45% of professionals worry generative AI mainly benefits criminals by enhancing existing threats like phishing. Internally, 77% anticipate more data leaks from generative AI usage.

The use of generative AI within security teams is very high, with 91% of security teams claiming they are using it, although 65% say they do not fully understand the implications. I found this data point interesting, as it shows that security teams are looking for a better way of doing things, even if that means having to understand the ramifications later.

Yet with 93% of organizations drawing on past AI experiences, they feel optimistic about managing the risks. Leading organizations are leveraging generative AI more effectively and innovatively in their cybersecurity efforts compared to their less mature counterparts. At these organizations, 48% of leaders prioritize generative AI as a top initiative, compared to only 30% in developing organizations. Additionally, 75% of leaders cite widespread use of generative AI within their security teams, in contrast to just 23% in developing organizations.

Cybersecurity leaders are taking a more systematic and less experimental approach to integrating generative AI. Most (82%) have established specific security policies for generative AI, while only 46% of developing organizations have done so.

This strategic approach extends to incident response, where leading organizations significantly outperform others. They report a mean time to detect disruptive incidents of 21 days, compared to 34 days. There’s also a notable difference in recovery times, with leaders taking just over 44 hours to recover business-critical workloads, compared to the average 5.7 days.

Splunk recommends organizations implement the following best practices to protect their data and maintain a strong security posture in a digitally interconnected world:

  • Embrace generative AI. Since most businesses and security teams already use generative AI, create policies that foster innovation and address risks like data leakage.
  • Promote collaboration and tool consolidation. Encourage cooperation across departments, especially IT, to improve digital resilience. Simplify operations by consolidating tools to focus on major threats.
  • Align with legal and compliance teams. As regulatory requirements become more central, work closely with legal and compliance teams to integrate compliance into everyday security operations.
  • Advocate for resources. Leaders should demonstrate the business value of robust cybersecurity measures to gain executive support.
  • Encourage hiring and training. Address skill shortages by utilizing AI and employing creative training methods like allowing non-security staff to participate in security operations.
  • Focus on fundamentals. Commit to basic cybersecurity practices like regular updates of IT asset inventories, which can mitigate risks and improve long-term compliance.
  • Stay informed on global dynamics. Keep abreast of global political and regulatory changes, and have an understanding of how they impact cybersecurity.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.