Tooling complexity and generative AI may harm many companies’ security posture. Credit: Shutterstock Despite the dangers posed by new threats like generative AI, a new study from Cisco found that security teams are “overconfident” and comfortable in their ability to cope with a rapidly changing threat landscape. The study published today surveyed more than 8,000 cybersecurity decision-makers around the world, and found that nearly three-quarters of them expected a cybersecurity incident to disrupt their business sometime in the next two years. Fully 80%, however, said that they were anywhere from “moderately confident” to “very confident” in their ability to deal with such incidents. Cisco’s own analysis rated respondent organizations on the maturity of their security posture, from “beginner” at the low end to “mature” at the high end. Most rated as “formative,” or a step above beginner, with the bottom two categories making up 71% of organizations polled. Part of the problem that most companies are facing, according to Cisco, is the complicated nature of their security stacks. More than two-thirds of respondents said that their company had more than 10 separate offerings in their security stack, and a quarter said they had 30 or more. “This reflects the way in which the industry has evolved over the years,” the report read. “As new threats emerged, new solutions were developed and deployed to counter them, either by existing vendors or new ones.” Frank Dickson, group vice president for IDC’s security and trust research practice, said that the concern about complicated tool stacks is far from a new one. “We’ve been having that debate in security for ten years,” he said. Efforts to centralize security systems have been around for just as long, he said, but for too long, the offerings peddled as “platforms” weren’t really anything of the sort — more bundles of interrelated products than true foundations for all-around security. That’s finally beginning to change, however, Dickson said. “We’re really starting to see big vendors offering truly integrated products that are decreasing complexity,” he noted. “And companies are now realizing that this ‘best-of-breed’ approach is untenable.” The rise of generative AI, as well, represents a key threat to the security posture of the enterprise, according to the report. There are a number of different ways that generative AI may contribute to a worsening security landscape, including data theft and spam, but, according to Dickson, the biggest concern may be iterating on the present day’s most popular technique for initial compromise. “The number-one way bad actors get into our networks is phishing emails, and it’s now a lot easier to send convincing ones,” he said. To combat this and other threats, Cicso recommended several courses of action to businesses, including investment in cybersecurity, closing vulnerability gaps created by unmanaged devices, and keeping a weather eye on developments in generative AI technology. Related content news analysis MD5 attack puts RADIUS networks everywhere at risk A design flaw in the decades-old RADIUS authentication protocol allows attackers to take over network devices from a man-in-the-middle position by exploiting MD5 hash collisions. By Lucian Constantin Jul 09, 2024 7 mins Cyberattacks Network Security brandpost Sponsored by CyberArk Identity security: The keystone of trust Security leaders must cultivate the trust of stakeholders and end users to reduce their sense of cyber vulnerability and foster digital progress. By Claudio Neiva, CyberArk’s Security Strategic Advisor, Director (LATAM) Jul 09, 2024 8 mins Security news Microsoft mandates Chinese staff to use iPhones, not Android The move is not about Android security as such, but about the unavailability of the Microsoft Authenticator app in Chinese app stores. By John Leyden Jul 09, 2024 3 mins Multi-factor Authentication Mobile Security feature Cisco adds heft to cybersecurity push with acquisitions, new talent Cisco aims to relieve beleaguered network and security teams with its AI-driven, platform-based approach to enterprise security. By Bob Violino Jul 09, 2024 1 min Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe