Deep Instinct: Cyber strategies changing to combat AI-powered threats

June 3, 2024
The study found that three in four security professionals (75%) had to change their cybersecurity strategy in the last year due to the rise in AI-powered cyber threats.

NEW YORK, NY, June 3, 2024 – Deep Instinct today released the fifth edition of its Voice of SecOps Report, which examines AI’s increasingly large impact on cybersecurity, the continued over-reliance of reactive cybersecurity tools, related defender stress and burnout, and the promise of preventative strategies.

The study found that three in four security professionals (75%) had to change their cybersecurity strategy in the last year due to the rise in AI-powered cyber threats, with 73% expressing a greater focus on prevention capabilities. Additionally, 97% of respondents are concerned their organization will suffer a security incident due to adversarial AI.

“The biggest challenge for SecOps teams is keeping pace with the rapidly evolving threat landscape being driven by AI. These never-before-seen threats are disrupting organizations, causing breaches that are accompanied by costly remediation. SecOps must stay ahead of these unknown attacks that often penetrate existing defenses, despite investment in technology and talented cybersecurity professionals,” said Lane Bess, CEO of Deep Instinct. “Threat hunting teams need to be equipped with better solutions that leverage more sophisticated AI, specifically deep learning, to not only predict but prevent unknown threats and offer explainability to facilitate response.”

The report, conducted by Sapio Research, surveyed 500 senior cybersecurity experts from companies with 1,000+ employees in the US operating in financial services, technology, manufacturing, retail, healthcare, public sector, or critical infrastructure. Key findings included the following:

Deepfakes continue to plague organizations, with C-suite impersonations rising

Deepfakes, or synthetic audio or video media files that have been digitally manipulated with AI, no longer just impact public figures and celebrities. Corporate leadership teams are now prime targets for manipulation. Our research found that 61% of organizations experienced a rise in deepfake incidents over the past year, with 75% of these attacks impersonating an organization’s CEO or another member of the C-suite.

An over-reliance on Endpoint Detection and Response leaves organizations increasingly vulnerable

Relying on legacy, reactive cybersecurity tools like Endpoint Detection and Response (EDR) continues to set organizations up for failure, as EDR cannot combat next-generation, AI-powered cyber threats. It’s like fighting a five-alarm fire with a garden hose. Yet, 41% of organizations still rely on EDR solutions to protect them from adversarial AI – but less than a third (31%) plan to increase their EDR investments to prepare for unknown attacks.

EDR should be a last resort. A prevention-first approach to cybersecurity blocks an attack from ever reaching the endpoint, eliminating the need to respond to threats.

Cybersecurity prevention is the future, but pressure is being applied now

The only way to properly combat rising AI-powered attacks is to adopt a prevention-first approach to cybersecurity. Fortunately, the industry is starting to shift its mindset from “assume breach” to prevention. The study found that 42% of organizations currently use preventative technologies, like predictive prevention platforms, to help protect against adversarial AI.

However, more than half (53%) of security professionals feel pressure from their board to adopt tools that allow them to prevent the next cyber attack, rather than rely on antiquated defense mechanisms that have proven ineffective – as evidenced in the recent security incident impacting Microsoft, where bad actors dwelled in the network for months. Prevention is the future, and it’s finally being prioritized.

AI is causing greater SecOps burnout and stress

The rise of adversarial AI is also taking a toll on cybersecurity professionals, with 66% admitting their stress levels are worse than last year and two in three (66%) saying AI is the direct cause of burnout and stress.

To help alleviate this burnout SecOps professionals believe that AI can be used for good. In fact, over a third (35%) want to implement AI tools to help alleviate repetitive and time-consuming tasks. Additionally, 35% of respondents say having proactive cybersecurity measures in place, like predictive prevention, would help decrease their stress levels.

To get the full report, and download past Voice of SecOps reports, please visit https://www.deepinstinct.com/voice-of-secops-reports. To learn more about Deep Instinct’s predictive prevention capabilities, visit www.deepinstinct.com

Survey Methodology

Sapio Research surveyed 500 senior cybersecurity experts from companies with 1,000+ employees in the USA. The interviews were conducted online in April 2024 using an email invitation and an online survey.

Respondents worked at organizations operating in financial services, technology, manufacturing, retail and e-commerce, healthcare, public sector, or critical infrastructure (such as telecoms, energy, utilities, and transportation).

C-suite is defined as those who hold chief, global, head of department, or director roles, while reports are those who hold a manager, administrator, analyst, team lead, or officer role.