Cyber attackers and defenders are racing to up their AI game
CSO: Advances in AI are significantly shaping the cybersecurity industry, with IT and security teams investing more in AI to counter increasingly sophisticated AI-generated cyber threats. A recent survey highlights that 76% of respondents are allocating more funds to AI compared to the previous year, and a vast majority show interest in integrating AI into their IT and security operations. However, nearly 72% express concerns about AI’s potential negative impacts on cybersecurity. Defenders are grappling with a period of asymmetric advantage for attackers, as the rapid evolution of AI technologies creates a gap between the offensive capabilities of threat actors and the defensive responses. Experts suggest that while AI can be a threat when misused, it has long been part of the cybersecurity landscape and can be harnessed as a powerful tool for good. Despite the fast pace of AI development and the novel challenges it presents, the industry is actively developing frameworks and risk management strategies to harness AI’s potential responsibly.
Budget Cuts, Layoffs Add to Pressure on Cyber Teams
Wall Street Journal ($): The cybersecurity sector is facing economic headwinds, with almost half of 14,865 surveyed professionals noting reductions in staff and technology investments, as revealed by a recent study. Companies are turning to artificial intelligence to mitigate the impact of these cutbacks on workloads. Training programs are also under pressure, with a significant portion of respondents seeing a decrease in cybersecurity education funding. Despite the assumption that cybersecurity is resilient to economic downturns, the industry has experienced layoffs, reflecting a dip in security spending. The challenge is intensified by a 13% increase in the cybersecurity talent gap over the past year, forcing companies to prioritize essential roles during hiring, despite financial limitations, and navigate a competitive market for skilled workers.
Ace Hardware Still Reeling From Weeklong Cyberattack
Dark Reading: Five days into a cyberattack, Ace Hardware is still grappling with IT disruptions. In a letter to franchise owners, CEO John Venhuizen detailed the impact on key systems like warehouse management and the retailer mobile assistant, affecting shipments and suspending certain operations. The POS systems remain functional, encouraging stores to keep operating. Out of Ace’s extensive server and network device infrastructure, a significant number were compromised, with just over half restored so far. The incident has escalated with phishing attacks on store owners, exploiting the breach. Attackers have attempted to reroute company payments and gain unauthorized system access. Experts emphasize the need for zero-trust security measures, multi-factor authentication, strong password practices, and continuous employee training to mitigate such threats and their long-term repercussions.
In a recent survey, 71% of organizations rated their SaaS cybersecurity maturity as mid to high, yet 79% suffered a SaaS cybersecurity incident in the past 12 months, with data exposure as the leading incident. (source)
The year-on-year increase in malicious software supply chain attacks in 2022 was 633%. (source)
This Veterans Day, we celebrate, honor, and thank all Veterans that have served and sacrificed for our country’s freedom and safety. Are you a Veteran or know a Veteran looking to enter the cybersecurity workforce? With over 570,000 open cybersecurity positions across the U.S., veterans and those transitioning out of the military possess the knowledge, skills, and abilities needed to be successful in cyber. Explore the Cybersecurity for Veterans page which includes a variety of tools and resources to help Veterans begin/advance their career in cybersecurity.
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.