Devo
Technology announced
the results of a commissioned study conducted by Wakefield Research, an
independent research firm, revealing that IT security professionals are turning
to unauthorized artificial intelligence (AI) tools likely due to
dissatisfaction with their organization's adoption of automation in their
security operation centers (SOCs).
The research illustrates how adopting cybersecurity
automation drives positive business outcomes, including solving staffing
shortages and mitigating cyberattacks. According to the survey, organizations
are continuing to invest in cybersecurity automation in 2023, even amid
economic turbulence.
"As
organizations look for long-term solutions to keep pace with increasingly
complex cyberattacks, they need technologies that will automate time-consuming,
repetitive tasks so security teams have the bandwidth to focus on the threats
that matter most," said Marc van Zadelhoff, Chief Executive Officer, Devo.
"This report confirms what we're already hearing from Devo customers: adopting
automation in the SOC results in happier analysts, boosted business results, and
more secure organizations."
Security professionals are going rogue and using AI
tools without official sign-off
According to the study, security pros suspect their
organization would stop them from using unauthorized AI tools-but that's not
stopping them.
- Nearly all IT security pros (96%) admit to
someone at their organization using AI tools not provided by their
company-including 80% who cop to using such tools themselves.
- Most security professionals (97%) believe
their organizations are able to identify their use of unauthorized AI
tools, and more than 3 in 4 (78%) suspect their organization would put a
stop to it if discovered.
Nearly all security pros are unhappy with their
organization's adoption of automation in the SOC
Organizations are failing to adopt automation
effectively, forcing security pros to turn to rogue AI tools to keep up with
workloads.
- 96% of security professionals are not fully
satisfied with their organization's use of automation in the SOC.
- Reasons for dissatisfaction with SOC automation
varied from technological concerns such as the limited scalability and
flexibility of the available solutions (42%) to financial ones such as the
high costs associated with implementation and maintenance (39%). But for
many, concerns go back to people: 34% cite a lack of internal expertise
and resources to manage the solution as a reason they are not satisfied.
- Respondents indicated that they would opt
for unauthorized tools due to the better user interface (47%), more
specialized capabilities (46%), and allow for more efficient work (44%).
Investing in cybersecurity automation pays off
Security teams will prioritize investments in
cybersecurity automation in 2023 to solve organizational challenges, despite
economic turbulence and widespread organizational cost-cutting.
- 80% of security professionals predict an
increase in cybersecurity automation investments in the coming year,
including 55% who predict an increase of more than 5%.
- 100% of security professionals reported
positive business impacts as a result of using automation in
cybersecurity, citing increased efficiency (70%) and financial gains (65%)
as primary benefits.
Automation fills widening talent gaps
Adopting automation in the SOC helps organizations combat
security staffing shortages in a variety of ways.
- 100% of respondents agreed that automation
would be helpful to fill staffing gaps in their team.
- Incident analysis (54%), landscape analysis
of applications and data sources (54%), and threat detection and response
(53%) were the most common ways respondents said automation could make up
for staffing shortages.
To view the survey findings, download here.