I spoke with Theresa Lanowitz, Chief Evangelist at LevelBlue, about a new report on cybersecurity trends, including statistics about DDoS attacks, changes to security budgets, and the role of generative AI.
The report reveals that today’s companies value innovation regardless of the challenges it poses. “As we innovate more, as we start to bring on more of this concept of dynamic computing, bringing in new technology such as IoT, edge computing, and 5G, that just increases the risk,” Lanowitz said. “And organizations are saying, yes, the risk is increasing. Innovation brings increased risk because it’s all new.”
Yet, she explained, even though companies aren’t sure about how to secure their infrastructure in the face of these changes, 74% of survey participants said the benefit of innovation outweighs the risk.
The innovation, Lanowitz said, “gives us better visibility into our supply chain. It delivers better business outcomes, it increases our overall revenues. It gives us a way to collaborate with cybersecurity teams earlier in the lifecycle of a project. So all of these benefits outweigh the risk that is brought in through innovation.”
Watch the full interview or jump to select interview highlights below.
Interview Highlights: Theresa Lanowitz on Key Cybersecurity Trends
This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity.
Introducing LevelBlue
Lanowitz has long been well known as the Head of Cybersecurity Evangelism at AT&T Business. Just before we spoke, the company underwent a name change:
“Level Blue might be a new name to some of the people out there watching this. What we announced here at RSA was that LevelBlue is an alliance between AT&T and WillJam Ventures. And what LevelBlue offers is a strategic extension of your team, and we do that through our consulting services to help you protect your business intelligence. We do that with our managed security services to help you predict your security investments. And we do that with our LevelBlue threat intelligence teams to help you mitigate risk and really foster innovation.
“And the fourth component of what we do here at Level Blue is the thought leadership research that we’re going to talk about today.”
Increased Budgets vs. Underfunded Security Efforts
The LevelBlue report found that between 2023 and 2024, security spending increased 11%. This significant increase is good news, Lanowitz said.
“However, there’s a downside to that because what we found is that there are these external triggers that say, yes, you can have more funding for cybersecurity. So if there’s a breach, you get more funding for cybersecurity. There are all of these external events to trigger more money released for cybersecurity.
“And what we found out, and this is fascinating because as an industry, we’ve been trying to solve this problem for the past couple of decades: for all the discussion that cybersecurity is now a business requirement, we found out that cybersecurity is still isolated, underfunded, very much a silo, and it’s not part of the strategic business conversations.”
Cybersecurity and Generative AI
The LevelBlue report asked participants how they are using AI from a cybersecurity perspective, including generative AI, machine learning, and deep learning:
- 61% said, “We are bringing this on slowly,” Lanowitz explained. “We want to make sure we’re doing the right thing with this.”
- 35% said they’re using some form of artificial intelligence. “So think about the very basic uses of artificial intelligence.”
- 21% said they’re engaging with deep learning, “which is more predictive.”
- 15% said they’re using generative AI. Additionally, she noted, generative AI may be deployed in other parts of the business.
Still Unprepared for DDoS: The Need for Business Alignment
The report found that the number one attack type was ransomware. “But then these social engineering types of attacks – email compromise, phishing, stolen credentials, account takeover – come very, very close behind.
“And here’s a really interesting stat. We surveyed seven different industry verticals. We asked them how prepared they felt to remediate these different attack types. Every vertical said they are not prepared to remediate against a DDoS attack or a nation state attack.”
The best strategy for improved security, Lanowitz explained, is better alignment within the business. “The more that cybersecurity team can align their goals with the business and align their budgets as well, the better off we’re going to be from a cyber resilience perspective.
“But it has to start at the top down. The executives have to understand the benefit of cyber resilience. The governance teams have to understand that yes, this is something we need to do. We need to bring in all of the stakeholders.”