Threat actors’ use of generative AI has fueled a significant rise in attacks worldwide during the last 12 months. That’s one of several key findings from Deep Instinct’s latest Voice of SecOps Report, which surveyed 652 senior cybersecurity experts from companies with more than 1,000 employees. The research also revealed that the pressure to address the ongoing threat of ransomware is causing organizations to shift their data security approach, with an increasing number prepared to pay a ransom to recover from attacks. Furthermore, it revealed that the work required to keep organizations safe in today’s environment is placing notable strain on teams, impacting stress levels, and driving burned-out workers to consider quitting their jobs.
The report comes amid mass concern over the cybersecurity implications of generative AI. Meanwhile, ransomware remains a persistent threat vector for organizations as attackers prioritize zero-day vulnerabilities and file exfiltration, with security professionals’ stress levels estimated to have returned to mid-COVID pandemic highs.
Generative AI a disruptive threat, increases vulnerability to attacks
Almost three-quarters (70%) of security professionals said generative AI is positively impacting employee productivity and collaboration, with 63% stating the technology has also improved employee morale, according to the report. However, generative AI is also viewed as a disruptive threat. Three-quarters of respondents have witnessed an increase in attacks over the past 12 months, with 85% attributing this rise to bad actors using generative AI.
Furthermore, nearly half (46%) of respondents believe generative AI increases their organization’s vulnerability to attacks, with growing privacy concerns (39%), undetectable phishing attacks (37%), and an increase in the volume/velocity of attacks (33%) the top three threats cited. Other generative AI threats mentioned include increased deepfakes (33%) and insider attacks (31%).
Organizations more willing to pay ransoms to recover from attacks
Ransomware continues to plague organizations, with 46% of respondents saying that ransomware is the greatest threat to their organizations’ data security and 62% stating that ransomware is the number one concern of their C-suite, up from 44% last year. Organizations are adapting their internal policies to cope with the threat, with the report reflecting a sense of inevitability about the likelihood of attack and paying out to recover. Of those polled, 47% now possess a policy to pay a ransom (versus 34% in 2022), while 42% admitted to paying a ransom for the return of their data, up from 32% last year. Despite paying a ransom, 45% still had records or sensitive data exposed by hackers, up from 42% in 2022. Almost half (48%) said they would pay a ransom in future for the return of data or for the decryption key, compared to just 24% last year.
Cybersecurity teams’ stress levels rising, half of workers prepared to quit
Cybersecurity teams are grappling with an increased workload given the adoption of new technologies like generative AI, impacting stress levels and driving workers out of the profession, the report found. More than half (55%) of respondents said their stress levels have increased in the last 12 months, with staffing and resource limitations the top contributing factors (42%). This was followed by the rising complexity of technology (36%) and increased risks related to generative AI (34%).