Tooling complexity and generative AI may harm many companies’ security posture. Credit: Shutterstock Despite the dangers posed by new threats like generative AI, a new study from Cisco found that security teams are “overconfident” and comfortable in their ability to cope with a rapidly changing threat landscape. The study published today surveyed more than 8,000 cybersecurity decision-makers around the world, and found that nearly three-quarters of them expected a cybersecurity incident to disrupt their business sometime in the next two years. Fully 80%, however, said that they were anywhere from “moderately confident” to “very confident” in their ability to deal with such incidents. Cisco’s own analysis rated respondent organizations on the maturity of their security posture, from “beginner” at the low end to “mature” at the high end. Most rated as “formative,” or a step above beginner, with the bottom two categories making up 71% of organizations polled. Part of the problem that most companies are facing, according to Cisco, is the complicated nature of their security stacks. More than two-thirds of respondents said that their company had more than 10 separate offerings in their security stack, and a quarter said they had 30 or more. “This reflects the way in which the industry has evolved over the years,” the report read. “As new threats emerged, new solutions were developed and deployed to counter them, either by existing vendors or new ones.” Frank Dickson, group vice president for IDC’s security and trust research practice, said that the concern about complicated tool stacks is far from a new one. “We’ve been having that debate in security for ten years,” he said. Efforts to centralize security systems have been around for just as long, he said, but for too long, the offerings peddled as “platforms” weren’t really anything of the sort — more bundles of interrelated products than true foundations for all-around security. That’s finally beginning to change, however, Dickson said. “We’re really starting to see big vendors offering truly integrated products that are decreasing complexity,” he noted. “And companies are now realizing that this ‘best-of-breed’ approach is untenable.” The rise of generative AI, as well, represents a key threat to the security posture of the enterprise, according to the report. There are a number of different ways that generative AI may contribute to a worsening security landscape, including data theft and spam, but, according to Dickson, the biggest concern may be iterating on the present day’s most popular technique for initial compromise. “The number-one way bad actors get into our networks is phishing emails, and it’s now a lot easier to send convincing ones,” he said. To combat this and other threats, Cicso recommended several courses of action to businesses, including investment in cybersecurity, closing vulnerability gaps created by unmanaged devices, and keeping a weather eye on developments in generative AI technology. Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe