eWEEK content and product recommendations are editorially independent. We may earn revenue when you click links to our partners. Learn more.
I spoke with Theresa Lanowitz, Chief Evangelist at LevelBlue, about the new report on cybersecurity trends, including statistics on DDoS attacks, changes in security budgets, and the role of generative AI.
The report makes clear that today's businesses value innovation, regardless of the challenges it brings. “As innovation advances, as we get more of a dynamic computing concept and new technologies like IoT, edge computing and 5G are introduced, the risks are only going to increase,” Lanowitz said. “And organizations are telling us that the risks are increasing. Innovation increases risk because everything is new.”
However, she explained that despite companies being unsure how to protect their infrastructure in the face of these changes, 74% of survey participants said the benefits of innovation outweigh the risks.
Lanowitz said the innovation “gives us better supply chain visibility, improves business outcomes and increases our overall bottom line. It enables us to engage with cybersecurity teams earlier in the project lifecycle. So all of these benefits outweigh the risks that the innovation brings.”
View the full interview Select highlights from the interview below.
Interview highlights: Teresa Lanowitz discusses key trends in cybersecurity
This interview took place at the recent RSA conference in San Francisco. The comments below have been edited for length and clarity.
Introducing LevelBlue
Lanowitz was well known for many years as the director of cybersecurity evangelism for AT&T Business, which changed its name just before we spoke.
“Level Blue may be a new name for some of you watching this. We announced at RSA that LevelBlue is a partnership between AT&T and WillJam Ventures. What LevelBlue offers is a strategic extension of our team to help protect business intelligence through our consulting services, help predict security investments through our managed security services, reduce risk through our LevelBlue threat intelligence team, and truly foster innovation.”
“And the fourth element we're doing at Level Blue is the thought leadership research that I'm going to talk about today.”
Increasing budgets and underfunding of security measures
The LevelBlue report predicts that security spending will increase 11% from 2023 to 2024. This significant increase is good news, Lanowitz said.
“But there’s a downside to that, because we now know there are external catalysts that allow us to put more money into cybersecurity. Any breach would mean more funding for cybersecurity. These external events will lead to even more funding being put into cybersecurity.
“And what we found, which is really interesting considering that as an industry we've been working on solving this problem for the last few decades, is that despite the argument that cybersecurity is now a business requirement, we found that cybersecurity remains isolated, underfunded, very siloed and not part of the strategic business conversation.”
Cybersecurity and Generative AI
LevelBlue's report asked participants how they are using AI from a cybersecurity perspective, including generative AI, machine learning and deep learning.
- “We're taking this slowly,” said 61 percent of respondents, Lanowitz explained, “We want to make sure we're doing it right.”
- 35% said they use artificial intelligence in some form: “Let's think about some basic uses of artificial intelligence.”
- 21% said they are working on “more predictive” deep learning.
- 15% said they are using generative AI, and she noted that generative AI could potentially be deployed in other parts of the business as well.
DDoS preparedness is still lacking: Business collaboration is essential
According to the report, ransomware was the most common type of attack, “but it was closely followed by social engineering attacks such as email compromise, phishing, credential theft and account takeover.”
“That's a really interesting statistic. We surveyed seven different verticals, and when we asked them how prepared they were to remediate these different attack types, every vertical said they were not prepared to remediate against DDoS attacks or nation-state attacks.”
The best strategy for improving security is to improve alignment within the business, explains Lanowitz: “The more that cybersecurity teams can align their goals with the business and align their budgets, the better the results will be from a cyber resilience perspective.”
“But it has to start from the top down. Executive management has to understand the benefits of cyber resilience. The governance team has to understand that this is something we have to do. All stakeholders have to be involved.”
