In its State of Penetration Testing report, Cobalt reveals industries that are struggling to balance the use of and protection from AI while facing significant resource and staffing constraints.
Penetration testing plays a key role in addressing this challenge, providing organizations with the ability to perform more frequent security tests on critical assets, extended environments, and the proliferation of cloud applications.
Cobalt analyzed 4,068 penetration tests and found a 21% year-over-year increase in discoveries per penetration test, consistent with an increase in common vulnerabilities and exposures (CVE) records. did. In addition, the median time to remediate vulnerabilities also increased compared to the previous year, the study found.
In addition to penetration testing analysis, the report also includes a survey of more than 900 cybersecurity professionals in the US and UK. This study delves into how cyber professionals are balancing in-house staffing, collaboration with external partners, and the push-pull of AI. Tools, threats, and challenges executives face in leading change.
The challenges ahead of the AI storm
This study highlights the push-pull relationship between cybersecurity teams and AI. 86% say their teams are implementing AI-powered tools, and 7 in 10 respondents also mention the rise in threats from AI.
Throughout 2023, Cobalt increased its penetration testing of AI systems, primarily for software products that incorporate AI-enabled chatbots, to improve the user experience. The most common vulnerabilities discovered included prompt injection (including jailbreaking), model denial of service, and prompt leakage (leaking sensitive information). Despite increased investment, 59% of teams still worry they are lagging behind AI threats.
This report captures the reality of the large-scale industry layoffs and uncertainty that plagued 2023, and the hangover effects of layoffs continuing at threatening levels. Thirty-one percent of respondents said their organization had made staff reductions in the past six months, and one-third of them agreed that their organization faces greater cyber risk due to retirements. doing.
With 29% of those affected by layoffs/terminations now saying they want to quit their job, cybersecurity teams believe they will incur further losses if not addressed.
Most worryingly, there is no sign that staffing levels will recover significantly. Nearly a third of respondents said they had a hiring freeze, and 29% expected further job cuts this year. Looking at the data, we see that Cobalt has seen a 39% year-over-year increase in the overall volume of high-severity findings. This has led many companies to consider how they can leverage partnerships and vendors to strengthen their security measures, with 59% agreeing to increase their penetration testing in 2024.
The importance of penetration testing in cybersecurity
As attacks increase, executives increasingly find themselves at the top of the food chain of accountability and responsibility. It's clear that respondents feel this pressure. Executives are 31% more likely than non-executives to say their industry environment impacts their mental health, and they are less likely to say it impacts their physical health. 51% more expensive. Like their staff, they cite the challenge of balancing talent shortages and budget constraints against both growing and emerging threats.
Of all groups surveyed, they are the most concerned about AI adoption (33% higher than non-executive respondents). Despite these challenges, executive leadership has proven to be critical to cybersecurity, with 23% indicating that executive leadership is more important than budget in preventing attacks. I am.
“With cybersecurity teams understaffed and strained and concerns growing about the potential for AI to enhance cyberattacks, penetration testing is important as a preventative measure,” said Caroline Wong, chief strategy officer at Cobalt. is the key.” “Our data reinforces the actions we must take as an industry to prioritize talent acquisition, pay attention to AI integration, and leverage penetration testing to protect against evolving threats.”
“Today's businesses not only face digital threats, but also the personal toll these challenges take on executives,” said Chris Manton-Jones, CEO of Cobalt. “There is,” he said.
“As leaders, it is important to understand that cybersecurity is not just about protecting digital assets, but ensuring the safety of the entire organization, including ourselves,” Manton-Jones concluded. Ta.
Penetration testing is a reliable way to identify both historical and incipient vulnerabilities within applications and systems, and as technology and cybercrime advance in parallel with each other, security teams regularly You need to maintain your penetration testing efforts.
