Just before ChatGPT's first birthday (Nov. 30), a report from Fastly highlights the fact that many organizations view generative AI as a growing cybersecurity threat. Data breaches and data loss (40%), identity-based threats such as malware and phishing (38%), and generative AI (29%) are viewed as the biggest cybersecurity threats over the next 12 months, according to this year's Fastly Global Security Research report, a survey of 1,484 IT decision makers in organizations with more than 500 employees around the world.
Even with generative AI making the list of top three cybersecurity threats over the next 12 months, it was clear from the report that generative AI is viewed as both a positive and negative development. Respondents say generative AI would increase productivity (43%), ensure the business is more protected against cyber threats (42%), and ensure employees are trained in cybersecurity fundamentals (36%). On the negative side, there are fears that generative AI will open new avenues for attack (67%) and put businesses at greater risk of attacks (58%).
Almost half, or 46%, are concerned that their security teams do not have experience with new and emerging technologies and threats such as generative AI. To mitigate these risks, organizations are focused on developing and enforcing a company-wide policy (34%) and training employees to recognize associated risks (34%).
The IT decision makers — two-thirds of them directly make or influence cybersecurity decisions—in the survey seem to anticipate the same kinds of threats that impacted their organizations over the past year will continue to bedevil them over the next 12 months, according to the report. These decision makers filled a variety of roles, including cloud operations, IT management, application architect and security operations analyst.
When respondents were asked about factors driving cybersecurity threats to the business over the past 12 months, they listed an increasingly sophisticated threat landscape (35%), attacks targeting remote workers (33%), lack of internal education around cybersecurity best practices (32%), and emergence of generative AI technologies (32%). The order changed, but the top three factors remained the same when respondents were asked what would drive cybersecurity threats to the business over the next 12 months: increasingly sophisticated threat landscape (37%), emergence of generative AI technology (35%), and cyberattacks targeting remote workers (33%).
There were some differences in perception across industry sectors, such as the fact that respondents in the government sector (40%) were almost twice as likely to cite attacks against remote workers as the main driver of cybersecurity threats over the past year than those in the education sector (22%). When looking ahead to the next 12 months, respondents in transportation (40%) were more concerned about cyber attacks on remote workers than those in government (19%).