press release
SAN FRANCISCO, April 30, 2024 /PRNewswire-PRWeb/ — cobalt, a Pentest as a Service (PtaaS) pioneer and leading provider of offensive security solutions, today announced its 6th Annual State of Penetration Testing Report. In addition to taking a deep dive into penetration testing trends, this year's report reveals industries that are grappling with both how to use and protect from AI, despite significant resource and staffing constraints. Did.
Penetration testing plays a key role in addressing this challenge, providing organizations with the ability to perform more frequent security tests on critical assets, extended environments, and the proliferation of cloud applications. As part of the report, Cobalt analyzed 4,068 penetration tests and found a 21% year-over-year increase in discoveries per penetration testing effort, consistent with an increase in common vulnerabilities and exposures (CVEs). (From Cobalt State of Pentesting Report 2022) record. In addition, the median time to remediate vulnerabilities also increased compared to the previous year, the study found.
In addition to penetration testing analysis, the report also includes a survey of more than 900 cybersecurity professionals in the US and UK. This study delves into how cyber professionals are balancing in-house staffing, collaboration with external partners, and the push-pull of AI. Tools, threats, and challenges executives face in leading change. Some of the most important findings include:
-
Challenges in the eye of the AI storm: This study highlights the push-pull relationship between cybersecurity teams and AI. The majority (86%) say their teams are implementing AI-powered tools, while 7 in 10 respondents also mentioned the rise in threats posed by AI. doing. This is consistent with the growth Cobalt has experienced in its business. Throughout 2023, Cobalt performed an increasing number of penetration tests on AI systems, primarily software products that incorporate AI-enabled chatbots to improve the user experience. The most common vulnerabilities discovered included prompt injection (including jailbreaking), model denial of service, and prompt leakage (leaking sensitive information). Despite increased investment, many teams (59%) still worry they are lagging behind the threat of AI.
-
Labor shortages move from worrisome to material risk: This report highlights the industry's large-scale layoffs and uncertainty that plagued 2023, and the hangover effects of layoffs remain at threat level It captures the reality that. Thirty-one percent of respondents said their organization had made staff cuts in the past six months, and one-third of them said their organization faced greater cyber risks due to retirements. I agree that there is. Most worryingly, there is no sign that staffing levels will recover significantly. Nearly a third of respondents said they had a hiring freeze, and 29% expected further job cuts this year. Looking at the data, we see that Cobalt has seen a 39% year-over-year increase in the overall volume of high-severity findings. This has led many companies to consider how they can leverage partnerships and vendors to strengthen their security measures, with 59% agreeing to increase their penetration testing in 2024.
-
Pressure on executives: As attacks increase, executives increasingly position themselves at the top of the food chain of responsibility and accountability. It's clear that respondents feel this pressure. Executives are 31% more likely than non-executives to say their industry environment impacts their mental health, and they are less likely to say it impacts their physical health. 51% more expensive. Like their staff, they cite the challenge of balancing talent shortages and budget constraints against both growing and emerging threats. Of all the groups surveyed, they are the most concerned about AI adoption (33% higher than non-executive respondents). Despite these challenges, executive leadership has proven to be critical to cybersecurity, with 23% indicating that executive leadership is more important than budget in preventing attacks. I am.
“With cybersecurity teams understaffed and strained and concerns growing about the potential for AI to enhance cyberattacks, penetration testing is critical as a preventive measure,” said Caroline Wong, chief strategy officer at Cobalt. Gender is key.” “Our data reinforces the actions we must take as an industry to prioritize talent acquisition, pay attention to AI integration, and leverage penetration testing to protect against evolving threats.”
Chris Manton-Jones, CEO of Cobalt, said: “Today's businesses not only face digital threats, but also the personal toll these challenges have on their executives. As leaders, it is important to understand that cybersecurity is not just about protecting digital assets. This is also about ensuring the safety of the entire organization, including ourselves. This is where Cobalt can help by bridging the gap with security expertise and providing scalable offensive security testing across the entire attack surface. We bring experts to your team and take your security program to the next level. ”
Cobalt will be discussing this report during RSA at booth #4324 at the Moscone North Expo.visit https://www.cobalt.io/ Learn how Cobalt can help your organization and download the full version 2024 State of Penetration Testing Report.
About cobalt
Cobalt combines talent and technology with speed, scalability, and resiliency. Our award-winning Pentest as a Service (PtaaS) model enables organizations to adapt to evolving attack surfaces and agile software development lifecycles. Thousands of customers and hundreds of partners rely on Cobalt's state-of-the-art SaaS platform and exclusive community of over 400 trusted security experts to protect their applications, networks, and devices. Masu. We provide security testing that supports business drivers, maximizes internal resources, and creates stronger security programs so your organization can operate fearlessly and innovate safely.
