91% of Security Leaders Believe AI Set to Outpace Security Teams, Bugcrowd Report Finds
91% of Security Leaders Believe AI Set to Outpace Security Teams, Bugcrowd Report Finds
"Inside the Mind of a CISO" report uncovers CISO perceptions on AI threats, ethical hacking, and the expertise needed to address the cyber skills gap
“CISO思维剖析”报告揭示了首席信息安全官对于人工智能威胁、道德黑客和解决网络安全技能间隙要求的认知。
SAN FRANCISCO, June 27, 2024 /PRNewswire/ -- Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, released its "Inside the Mind of a CISO" report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO.
加州旧金山,2024年6月27日/美通社/-- Bugcrowd是唯一的多方位众包网络安全平台,发布了他们的“CISO思维剖析”报告。该报告调查了来自全球的数百个安全领导者,揭示了他们对人工智能威胁的认知、他们的重点和不断变化的作用以及针对首席信息安全官的常见误解。
Money & Hiring
货币和招聘
Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers' long-term privacy or security to save money. This is explained in part by the fact that 40% believed that less than 1 in 3 companies truly understood their risk of being breached. Speaking of money, nearly 9 in 10 (87%) reported that they were currently hiring security staff and 56% stated that their security team was currently understaffed. And despite some common misconceptions around not needing a college degree, respondents reported that only 6% of cybersecurity leaders don't have a college degree and over 80% have a degree specifically in cybersecurity.
调查发现三分之一的受访者(33%)认为至少一半的公司愿意为了节省成本牺牲客户的长期隐私或安全。这在某种程度上可以解释,因为40%的人认为不到三分之一的公司真正了解它们被攻破的风险。就货币而言,近九成(87%)的人报告说他们正在招聘安全人员,而56%的人表示他们的安全团队目前缺乏人手。尽管有一些关于无需大学学位的常见误解,但受访者报告说只有6%的网络安全领导者不具备大学学位,超过80%的人拥有专门的网络安全学位。
AI
人工智能
Despite plans to hire, 70% reported that they planned to reduce the security team headcount within the next 5 years due to the adoption of AI technologies. Over 90% believe that AI already performs better than security professionals, or at least will in the near future. AI isn't only seen as a benefit however, over half (58%) believe that the risks of AI are worse than its potential benefits.
尽管有招聘计划,70%的人报告说他们打算在未来5年内由于采用人工智能技术而减少安全团队人数。 90%以上的人认为人工智能已经比安全专业人员表现得更好,或者至少在不久的将来会。人工智能不仅被视为一种好处,超过一半的人(58%)认为人工智能的风险比潜在好处更糟糕。
CISO Perspectives on Ethical Hacking
首席信息安全官对道德黑客的看法
Due to concerns around the malicious use of AI by attackers, 70% of security leaders turned towards using crowdsourced security for testing their AI defenses. In fact, more than 7 in 10 (73%) of security leaders view ethical hacking in a favorable light and 75% of them actually have experience with it themselves. With modern day threats being more evasive and adaptive than they've ever been – 89% believe there are more threats and they are more serious – it's imperative that crowdsourced security be the center of an organization's cybersecurity strategy.
由于担心攻击者恶意使用人工智能,70%的安全领导者转向使用众包安全测试其人工智能防御能力。实际上,超过7成(73%)的安全领导者对道德黑客持有积极看法,其中75%的人也有此类经验。由于现代威胁比以往任何时候都更具隐秘性和适应性,89%的被调查者认为威胁更多且更严重。因此,众包安全必须成为组织网络安全策略的核心。
"The CISO role is evolving. Given the current risk landscape and the need to prioritize security over resilience, the CISO has more responsibility than ever before," Nick McKenzie, CISO at Bugcrowd. "Bridging the gap between CISOs and the collective ingenuity of hackers is key to shielding organizations from the increasing onslaught of AI threats and attacks."
“CISO的角色正在演变。鉴于当前的风险环境和优先考虑安全而非恢复力的需求,CISO的责任比以往任何时候都更大,” Bugcrowd首席信息安全官尼克·麦肯齐说。 “弥合CISO和黑客集体智慧之间的差距对于保护组织免受人工智能威胁和攻击日益加剧至关重要。”
As the cybersecurity landscape continues to evolve, professionals and organizations must remain ready to adapt to the latest trends and emerging technologies such as AI and the implementation of crowdsourced cybersecurity. The Bugcrowd Platform connects organizations with trusted hackers to proactively defend their assets against sophisticated threat actors. In this way, CISOs can unleash the collective ingenuity of the hacking community to better uncover and mitigate risks across applications, systems, and infrastructure.
随着网络安全态势不断演变,专业人员和组织必须准备好适应最新趋势和新兴技术,如人工智能和众包网络安全。 Bugcrowd平台将组织与信任黑客联系起来,以预防性地保护他们的资产免受复杂的威胁行动者攻击。因此,CISO可以释放黑客社区的集体智慧,以更好地了解和降低应用、系统和基础设施中的风险。
Access the full report
获取完整报告
This report analyzed 209 survey responses from security leaders across the globe, including North America, South America, Europe, Asia, Australia, and Africa – all fully employed at organizations of varying sizes. It defines "security leaders" as anyone with one of the following titles—CISO, CIO, CTO, Head of Security, or VP of Security.
本报告分析了全球各地的209位安全领导者的调查反应,包括北美、南美、欧洲、亚洲、澳大利亚和非洲各地的组织中的完全就业人员。它将“安全领袖”定义为以下任一职务的任何人—CISO、CIO、CTO、安全负责人或安全副总裁。
The full report dissects the top priorities of CISOs, addresses the most common misconceptions, uncovers their perceptions on the threat landscape and provides a closer look at what an "Offensive Security CISO" looks like and how hackers and security leaders can join forces. To access all the rich insights and data excavated from the team, click the link here.
完整报告详细说明了CISO的首要任务,解决最常见的误解,揭示他们对威胁态势的看法,并更加详细地了解了“攻击性安全CISO”的外貌以及黑客和安全领导者如何联手。要了解从该团队抽取的所有丰富的见解和数据,单击此处的链接.
To download a copy of the Inside the Platform: Bugcrowd's Vulnerability Trends Report, which shows the types of vulnerability submissions that are on the rise today according to global hackers, click here.
要下载Inside the Platform:Bugcrowd漏洞趋势报告的副本,该报告展示了全球黑客,点击这里.
To learn more about how the Bugcrowd Platform can help CISOs protect their organizations from cyber risk, visit the link here.
请访问此处的链接以了解Bugcrowd平台如何帮助CISO保护他们的组织免受网络风险。访问此处的链接
About Bugcrowd
关于Bugcrowd
We are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.
我们是Bugcrowd。自2012年以来,我们一直致力于通过将客户的集体智慧和专业知识与我们的专利数据和人工智能驱动的安全知识平台中信任的精英黑客联合起来,使组织重新掌控并保持领先地位,以对抗威胁行动者。我们的黑客网络通过带来多样化的专业知识来发现隐藏的弱点,迅速适应不断进化的威胁,甚至对抗零日攻击。我们的数据和人工智能驱动的Platform的CrowdMatch技术具有无与伦比的可扩展性和适应性,可以为您的独特战斗找到完美的人才。我们正在创造一种新的现代众包安全时代,它赶超了威胁行动者。
Unleash the ingenuity of the hacker community with Bugcrowd, visit . Read our blog.
通过Bugcrowd释放黑客社区的智慧,访问。(阅读我们的博客。)
"Bugcrowd", "CrowdMatch" and "Security Knowledge Platform" are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
“Bugcrowd”、“CrowdMatch”和“Security Knowledge Platform”是Bugcrowd Inc.及其子公司的商标。这里提及的所有其他商标、商号、服务标志和标志均属其各自公司的财产。
Contact
Nathaniel Hawthorne
Lumina Communications for Bugcrowd
[email protected]
[email protected]
联系人
纳撒尼尔·霍桑
Bugcrowd的Lumina Communications
[email protected]
[email protected]
SOURCE Bugcrowd
来源Bugcrowd