Cybersecurity Industry Struggles with Balancing AI Use and Protection, Reports Cobalt
A recent State of Pentesting Report by Cobalt has highlighted the challenges faced by the cybersecurity industry in balancing the use of AI technologies and protecting against them. The report reveals that organizations are grappling with significant resource and staffing constraints in the midst of increasing cyber threats.
Pentesting, the practice of testing systems and applications for vulnerabilities, has emerged as a critical tool in addressing these challenges. By enabling organizations to conduct security tests on critical assets, expanded environments, and cloud applications more frequently, pentesting plays a key role in enhancing cybersecurity measures.
Cobalt’s analysis of 4,068 pentests showed a 21% increase in the number of findings per engagement year-over-year, reflecting the uptrend in Common Vulnerabilities and Exposures (CVE) records. The report also indicated a rise in the median time taken to fix vulnerabilities compared to previous years.
In addition to pentesting analysis, the report included a survey of over 900 cybersecurity professionals in the U.S. and U.K. The survey explored how cyber professionals are managing internal staffing, engaging with external partners, navigating the AI landscape, and addressing leadership challenges within the C-suite.
One of the key findings of the study was the complex relationship that cybersecurity teams have with AI technologies. While 86% of respondents reported adopting AI-powered tools, seven in ten professionals also noted an increase in AI-related threats. The report highlighted vulnerabilities in AI systems, particularly in software products with AI-enabled chatbots, such as prompt injection, denial of service, and information disclosure issues.
The report also shed light on the impact of industry layoffs and ongoing workforce uncertainties on cybersecurity. With 31% of respondents stating that their organizations had conducted layoffs in the past six months, concerns over increased cyber risks due to staff departures were evident. The report warned that further losses could be imminent, as 29% of impacted professionals expressed a desire to leave their current roles.
Despite the challenges, the report emphasized the significance of pentesting in enhancing cybersecurity defenses. As cyber attacks continue to rise, C-suite executives are increasingly held accountable for security incidents. The study highlighted the mental and physical toll that C-suite leaders face, as they navigate talent shortages, budget constraints, and evolving cyber threats.
In light of these findings, industry experts stressed the importance of prioritizing talent acquisition, exercising caution in AI integration, and leveraging pentesting as a proactive measure against evolving threats. As technology advances and cyber threats evolve, maintaining a commitment to regular pentesting remains crucial for safeguarding digital assets and organizational security.
