CXOToday has engaged in an exclusive interview with Robert Pizzari, VP, Security, Splunk
- Key findings from Splunk’s CISO Report and the common challenges faced by CISOs in implementing generative AI in their cybersecurity stacks.
Splunk’s CISO Report 2023 is based on responses from 350 security leaders globally and we learnt the common challenges faced by CISOs and offer insights on how security leaders can evolve along with the cybersecurity landscape. Here are three significant takeaways:
Organisations prioritise cybersecurity: The role of CISOs is going through significant changes, with security teams collaborating more closely with other business units. In fact, 47% of CISOs now report directly to the CEO, reflecting their growing influence in shaping organisational strategies. Even amidst economic challenges, 93% of CISOs expect increased cybersecurity budgets due to the rise in cyberthreats.
Generative AI adoption: Generative AI is gaining rapid traction in cybersecurity, emphasised by the fact that 86% of CISOs recognise its potential to address skill shortages. According to the study, 35% of CISOs are already using generative AI in security, and an additional 61% plan to implement it in the next year.
CISOs are trying to stay ahead of generative AI: A majority (70%) of CISOs believe that advancements in generative AI will provide more advantages to attackers over defenders, creating an uneven battlefield. To be on par with adversaries as their attacks become more sophisticated, 35% of CISOs are experimenting with generative AI in areas like malware analysis and workflow automation. Automation is a critical strategy for overcoming vulnerability issues, with 93% of CISOs integrating it into cybersecurity workflows to reduce time spent on repetitive tasks.
2. How does generative AI address critical gaps in cyber defence?
Generative AI can work to enhance security teams’ efficiency as well as help them gain better visibility of infrastructure and applications stacks. The technology offers several other benefits:
Task automation: Generative AI automates repetitive and time-consuming security tasks, streamlining operations and improving efficiency.
Data enrichment: The technology, when leveraged rightly, enriches alert data by providing contextual insights and actionable information, making decision-making more efficient.
Proactive response: It empowers cybersecurity teams to respond proactively to emerging threats by providing swift interpretations and actions for alerts.
Security teams are embracing generative AI – with 84% of surveyed respondents intending to harness the technology by developing their own language models and AI-based solutions for cybersecurity. This emphasises the growing recognition of its value in addressing skill gaps and enhancing cybersecurity capabilities while continuing to put humans in the driver seat.
3. The implications for not being agile enough to adapt to emerging technologies in the cybersecurity realm?
In today’s dynamic cybersecurity landscape, the consequences of not promptly embracing emerging technologies can be significant. Bad actors are constantly improving their game, leveraging cutting-edge tools to refine their techniques. Not being prepared enough to counter threats from adversaries can have detrimental effects on operational costs and financial performance. In fact, according to Splunk’s Digital Resilience Report, organisations face an average of 10 days of downtime in a year due to mounting security threats, costing them an average of $87 million from revenue loss.
To stay ahead of adversaries and build digital resilience, organisations can incorporate unified security and observability solutions to create end-to-end visibility on their technology stacks. By enhancing the line of sight of system infrastructure and applications, they can increase the speed of threat detection and response. Moreover, with AI/ML to automate workflows for manual and repetitive tasks, they can increase efficiency to allow security teams to focus on higher-level tasks. Such technologies are essential for maintaining parity with adversaries and building preparedness to absorb shock from increasingly sophisticated attacks.
4. How a unified security and observability platform is crucial to digital resilience, helping teams across the organisation work together to detect, investigate and respond?
A unified security and observability platform is critical to strengthen an organisation’s digital resilience. Swift identification, analysis, and resolution of security incidents are of utmost importance. Splunk’s unified solutions are purpose-built for detection, diagnosis, and enhanced visibility, with the aim of reducing customer downtime and cutting the total cost of ownership for enterprises.
A fine example would be the case of leading international carrier, Singapore Airlines. The award-winning airline needed continuous high service availability across its complex systems to support its digital transformation efforts and improve on their passenger experience. The airline deployed Splunk as their Operational Data Analysis (ODA) platform to help aggregate logs from disparate data sources in real-time. This provided IT staff with a centralised place for data viewing, correlation, analysis and reporting, allowing them to better track application health status and prevent outages. With better visibility into session behaviour, the airline was able to achieve 75% faster issue detection and experienced 90% fewer backend issues.
5. Tell us about Splunk’s innovation in this space (unified solutions).
To keep up with the rapid pace of change, most organisations are now faced with tool and application sprawl across hybrid and multi cloud technology stacks. This complexity makes it challenging for organisations to speedily protect, defend and accelerate innovation. Splunk’s unified security and observability platform enables enterprises to act with agility and build digital resilience. The platform incorporates workflow automation tools to enhance productivity and efficiency for security, ITOps and engineering teams. It also leverages generative AI with Splunk AI Assistant where teams can input queries in plain English to quickly investigate incidents across the technology stack. This delivers faster real-time assistance and provides granular visibility into system infrastructure.
The Splunk platform unifies data, tools, and user experiences across cloud environments, allowing users to operate at scale, conduct rapid investigations, and predict or prevent system outages before they disrupt their businesses and customers. Moreover, the platform’s extensibility enables businesses to go beyond point solutions to build security and observability according to their unique needs and risk tolerances. This further extends the reach and impact of the platform within the enterprise and empowers them with access to the right tools to turn their data into meaningful actions.
