IT security fears keep European decision makers awake at night
New research conducted by Corelight highlights the persistent fear of new cyber attacks amongst senior IT security teams in Europe. The study reveals that more than half (54%) of European IT decision makers (ITDMs) regularly lose sleep over concerns that their organisations will fall victim to cybercriminals. This anxiety is particularly pronounced among smaller firms with 100-249 employees, where the figure rises to 63%.
The report, titled "Productive Paranoia: How Threat Hunters Can Turn Their Fear of the Unknown into a Positive," gathers insights from senior ITDMs across the UK, France, and Germany. It underscores the anxiety induced by a rapidly evolving threat landscape, despite thorough planning efforts. The challenges are exacerbated by issues such as remote work environments and supply chain vulnerabilities.
"Ambiguity and uncertainty are not just occasional challenges but the norm in security operations," stated Matt Ellison, technical director EMEA at Corelight. "This is why embracing what we term 'productive paranoia' is crucial. By combining advanced AI technology with human intelligence, organisations can proactively manage threats and build resilience."
According to the survey, 86% of IT decision makers have been feeling increased pressure from executive leadership since 2020. The challenge of adapting to an ever-shifting threat landscape is further intensified by the rise of remote working environments, which topped the list of concerns for 51% of respondents. Supply chain threats are also a major worry, expected to rise to 67% over the next year.
Half of the respondents (49%) reported that staying abreast of evolving threats is their largest challenge, while a lack of access to threat intelligence was cited as a critical issue by 68%.
Despite the mounting pressures, ITDMs are committed to building resilience against new and unknown threats. The survey indicates that more than three-quarters (78%) of respondents aim to improve their Security Operations (SecOps) capabilities. However, the fast-changing threat landscape (44%) and a shortage of skilled security staff (41%) continue to be significant barriers.
The survey also examined the optimal security approach, revealing that nearly half (45%) of the organisations already have dedicated threat hunters. Risk-based threat hunting and threat intelligence-based strategies are equally popular, with each being utilised by 60% of respondents.
Ellison highlighted that human efforts alone are increasingly insufficient due to the surge in threat volumes and the deployment of automated tools by adversaries. "This is where AI, specifically GenAI, becomes crucial. GenAI enhances threat hunter productivity by reducing human error and enabling rapid, sophisticated search queries. It can also summarise large data volumes, preventing analyst burnout," he explained.
The study shows strong support for GenAI, with 89% of respondents either already using it or planning to incorporate it into their security solutions. When asked about the most significant impact on improving security scenarios by 2033, 50% of respondents pointed to "AI & automation for threat hunting and prevention."
Looking forward, European ITDMs express enthusiasm for enhancing SecOps capabilities using GenAI. They believe this technology will help in mitigating attacks based on past tactics (75%), improving threat detection (71%), and shortening the breach cycle (63%). However, ITDMs acknowledge the need to address potential GenAI risks and bolster in-house skills. Planned initiatives for the coming year include:
- Training to hunt threats with and without GenAI to avoid over-reliance on the technology (68%)
- Validating GenAI output, especially for threat detection algorithms (58%)
- Hiring talent to incorporate GenAI capabilities into solutions (62%)
- Guarding against external tampering with GenAI algorithms (59%)
- Guarding against AI-generated false information (60%)
Ellison concluded, "The world is filled with uncertainty, but by enhancing and upskilling in-house talent with AI and automation, IT leaders can turn their paranoia about the future into a strategic advantage. It's time to put the plan into action."