Eight Cybersecurity Trends to Navigate in 2024
Mon 29 Jan 2024
As the digital world continues to expand, the cybersecurity landscape is set to navigate a complex web of challenges and innovations in 2024.
The confluence of advanced artificial intelligence (AI) tools, increasingly sophisticated social engineering tactics, and the looming uncertainties of global events and election years, are reshaping the cybersecurity battleground.
Experts at the forefront of cybersecurity research and strategy highlight the critical need for organisations, governments, and individuals to stay ahead of these evolving threats.
These insights from global leaders in cybersecurity underscore the importance of understanding and adapting to the dynamic trends that will define the cybersecurity landscape in the coming year.
1. Cybersecurity Workforce and Skills Development
In 2024, the cybersecurity sector is expected to confront substantial challenges in workforce and skills development, influenced by a combination of increasing demand, emerging training initiatives, and the profound impact of AI on the field.
The Intensifying Cybersecurity Skills Shortage
The cybersecurity skills gap is escalating, with Jamal Elmellas, Chief Operating Officer at Focus-on-Security, highlighting a cumulative shortfall of 11,200 professionals annually in the UK. This shortage is deepening, as evidenced by a 30% increase in demand for cyber roles and a 10% growth in employment over 2022.
The widening gap necessitates innovative recruitment strategies to tap into new talent pools and address the growing demand for skilled cybersecurity professionals. Businesses must reassess their recruitment strategies to tap into a broader talent pool and tackle this intensifying gap.
“The skills gap, alongside AI, will be the most hotly discussed debate in 2024. There simply isn’t enough cyber expertise to go around. Pursuing a move to cyber safety, training, investment, and an understanding of the problem at hand will have to be diligently considered and acted upon in 2024. The CISO must lead this charge, but an understanding and the backing of the rest of the C-suite has never been more imperative.” said Brendan Kotze, CDO of Performanta.
AI in Bridging Cyber Skills Gap
AI is increasingly recognised as a vital tool in cybersecurity. A survey by Integrity360 found that 73% of respondents view AI as crucial for security operations and incident response. This technology is expected to automate tasks, but also open the door for sophisticated cyberattacks.
James Hinton from Integrity360 highlights the evolving role of AI in cybersecurity. AI’s ability to triage data quickly can free up highly skilled security professionals for higher-value tasks. Yet, there is also a caution against overreliance on AI, especially for developers who might not have strong security skills. The use of AI/ML coding tools could potentially lead to a rise in security vulnerabilities if not managed correctly.
Pieter Danhieux, CEO at Secure Code Warrior, notes the rising demand for AI/ML coding tools. While these tools assist developers, there is a risk of increased security vulnerabilities, particularly when used by less skilled developers. The need for security-skilled developers capable of safely leveraging AI technology is therefore growing.
“Security is a team sport. By working together as a cohesive team, sharing knowledge, and staying ahead of technological advancements, we can create a digital ecosystem that is not just resilient but also trustworthy.
“The war against cyber threats is ongoing, and victory lies in our collective effort to outpace, outsmart, and outmanoeuvre those who seek to undermine our digital security,” said Tom Gorup, Vice President Security Services at Edgio.
Crackdown on AI in Recruitment
In 2024, there is an expected shift towards more intuitive forms of filtering using natural language processing (NLP) associated with Generative AI, enabling recruiters to identify candidates with the right aptitude, if not the qualifications.
The widespread use of AI-driven systems, as reported by Harvard Business School, with 58% of UK businesses using Application Tracking Systems (ATS) and Recruitment Management Systems (RMS) to filter candidates, is indicative of this trend.
The recruitment landscape is also undergoing significant changes, with a crackdown on AI in recruitment processes. Jamal Elmellas points out the potentially problematic nature of AI-driven ATS and RMS. AI’s role in recruitment is under scrutiny, with concerns over its contribution to a hidden workforce and potential biases
Rise of Low-Cost/Free Training Schemes
To counter this talent crunch, the industry is witnessing a surge in low-cost or free training schemes. Organisations like ISC2 are offering a million free entry-level certification courses, with similar initiatives emerging in the US. The rise of online courses provides a low-cost, viable alternative for upskilling and attracting individuals to high-demand cybersecurity roles.
Senior Executives Facing Burnout
However, the challenges do not end there. Senior executives in the field are experiencing high levels of stress and burnout, leading to a brain drain at the top levels. This exodus, potentially exacerbated by inflation and economic factors, could destabilise security teams and hinder security projects.
Gartner’s prediction that 50% of cybersecurity leaders will change jobs and 25% will leave the field by 2025 reflects the significant impact of these challenges.
Christian Have, CTO at Logpoint, echoes the sentiment regarding the strain on board-level executives. With new regulations like NIS2 coming into effect and increasing personal culpability for breaches, the pressure on senior executives is more intense than ever. This underscores the importance of proactive cyber risk management and digital defences.
Increased Cybersecurity Budgets
Organisations are set to increase their cybersecurity budgets in response to these challenges. The need to compete for scarce talent and invest in AI and automation technologies is driving this growth. As roles evolve with AI integration, a consolidation of responsibilities within cybersecurity professions is anticipated.
However, the era of ‘free money’ is ending, leading to increased budget pressures. Businesses are likely to focus on efficiency and cost-effective IT systems. There will be a push towards fundamental security measures, like strengthening identity stacks, and a more critical examination of suppliers for financial stability and risk management.
“Organisations will have to make tough decisions about their investments, and many will seek to reduce overall costs with more efficient IT systems and processes. Rather than investing in shiny new tools, we will see CISOs go back to the basics such as underpinning the identity stack,” said Dan Lattimer, Area VP at Semperis.
2. Evolving Cyber Threats and Attack Methods
As we move into 2024, the cybersecurity world braces for an array of sophisticated threats and evolving attack methods. The landscape is set to be shaped by the following key trends.
“It is evident that, in 2024, cybersecurity remains a top priority globally. The cyber threat landscape is a chameleon, constantly evolving and demanding continuous vigilance.
“Adapting to these emerging risks is no longer a luxury and organisations need to develop and implement proactive cybersecurity strategies to safeguard their valuable digital assets in the years to come,” said Matt Bruun, VP of Northern Europe at Delinea.
Ransomware-as-a-Service (RaaS) Evolution
In 2024, RaaS is anticipated to undergo a significant transformation, evolving from a fringe criminal activity into a well-organised, enterprise-level threat.
As Tom McVey from Menlo Security observes: “AI could be very capable of enhancing the Internet as a threat to businesses … We have already seen the popularity of the as-a-service model with Ransomware-as-a-Service (RaaS). If it reduces the cost of entry for creating Internet-based malware sites, I am expecting a big rise there.”
This shift indicates a professionalisation of cybercrime, with RaaS operators developing sophisticated software and services akin to legitimate business structures, complete with specialised departments and defined career paths. This development represents a new era in cybercrime, where the operational scale and complexity of criminal gangs mirror those of major corporations. The only thing they will not do in 2024 is pay taxes.
Martin Riley, Director of Managed Security Services at Bridewell, said: “To strengthen their security posture at a time of great change, organisations must avoid dependence on technology as the sole answer. They must acquire greater visibility and threat intelligence.”
The Rise of Sophisticated Malware
The emergence of AI-powered malware represents a significant leap in the sophistication of cyber threats.
Tom Gorup from Edgio warns that while AI technology lowers the barrier of entry for professionals, it also does the same for cybercriminals. This dual-use nature of AI in cybersecurity creates a complex landscape where businesses must be prepared to counteract rapidly evolving threats.
Advanced malware variants, capable of learning and adapting to specific environments, are making detection increasingly challenging. AI is enabling the development of polymorphic malware that can mutate with each infection, raising the bar for cybersecurity defences.
James Hinton from Integrity360 added: “Technology is making it significantly more difficult for threats such as malware to bypass detections.
“Where AI is becoming increasingly good at learning what is normal for specific environments, malware now needs to be tailored to meet the specific rules in individual environments to even stand a chance of bypassing detection. In this sense, while the threats will grow, defences will also advance with AI,” he said.
Heightened Risks for Energy Sector
The energy sector, particularly the renewable energy segment, is expected to face an unprecedented level of cyber threat in 2024. This sector’s critical role in national economies and its sensitivity to price fluctuations make it a prime target for politically motivated cyberattacks.
The International Energy Agency’s warning about the heightened risk to energy systems underscores the urgent need for robust cybersecurity measures in this domain. As geopolitical tensions continue to influence cybercrime, the energy sector must brace for a turbulent year, with green energy technologies likely becoming hotspots for cyber threats.
Persistent Threats to the Supply Chain
As we progress into 2024, supply chain cybersecurity emerges as a critical concern, underscored by the increasing sophistication of cyberattacks targeting these networks. The complexity of securing supply chains end-to-end presents unique challenges, as they often involve multiple, interdependent entities.
Supply chain attacks have been a constant source of alarm and are poised to continue posing significant problems. Criminals have become adept at navigating through suppliers’ systems to reach their ultimate targets, exploiting the interconnected nature of these networks. The inherent complexity in securing every link in the supply chain makes it a persistent vulnerability for many organisations.
Christian Have emphasises the mounting pressure on supply chains from both customers and regulators. The aftermath of high-profile incidents like the SolarWinds attack and the evolving landscape of data protection regulations, such as NIS2, are set to increase compliance requirements. These factors, combined with budget constraints and a shortage of skilled professionals, create a challenging environment, particularly for mid-sized businesses that may lack adequate defences against sophisticated threats.
In response to these challenges, Dan Lattimer notes that organisations are likely to consolidate suppliers to reduce supply chain risks and improve operational efficiency. This consolidation might lead to a deeper examination of the financial stability of suppliers, potentially impacting the software industry landscape.
Josh Wood from Netacea highlights the importance of transparency in software supply chains. The adoption of Software Bills of Materials (SBOMs) is expected to increase significantly in 2024. SBOMs provide an essential ‘ingredients list’ for software, enabling organisations to better inventory components and monitor for vulnerabilities.
This trend is being driven by government policies, such as the recent U.S. Executive Order on cybersecurity, and is gaining momentum globally, with the European Union’s proposed Cyber Resilience Act mandating similar transparency measures.
Organisations will need to adapt by enhancing their risk assessment capabilities, embracing transparency tools like SBOMs, and aligning with evolving regulatory requirements. This multi-faceted approach is essential to mitigate the risks posed by increasingly sophisticated cyberattacks targeting the supply chain. The proactive involvement of all stakeholders in the supply chain, from suppliers to end-users, will be key in building a more resilient cyber ecosystem.
Rising Insider Threats Through Employee Bribery
The cybersecurity landscape also faces a growing internal threat – the bribery of employees by ransomware groups.
Zach Fleming, Head of Red Teaming at Integrity360, sheds light on this alarming trend. With the improvement of external perimeter controls, ransomware groups are shifting tactics, focusing on the human element within organisations.
“I think that’s going to increase, particularly in the current economic environment,” said Fleming.
Employees, particularly those disillusioned or facing financial pressures, are being targeted and bribed to provide access to sensitive systems and information.
Such insider threats are becoming increasingly difficult to detect, as they often involve seemingly innocent actions, like clicking on a link. The low risk and high reward nature of this involvement make it an attractive proposition for employees, thereby posing a significant threat to organisational security.
“If they are successful in extorting the company, they will pay that employee up to 70% of whatever the extortion amount was. And now, for an extra 10% fee, they will start washing the money through legitimate shell companies,” added Fleming.
The Evolution of DDoS Attacks
Distributed Denial of Service (DDoS) attacks are anticipated to grow in both frequency and sophistication, as noted by Dan Teichman, Director at Ribbon Communications.
“Unfortunately, in 2024 there will be no stopping the continued growth in Distributed Denial of Service attacks and the increasing sophistication of these attacks,” said Teichman.
These attacks are evolving from single-vector to multi-vector assaults, employing various protocols simultaneously to increase their effectiveness. This evolution complicates the mitigation and identification processes, presenting a complex challenge for businesses.
The advancement in the techniques of these attacks is partly driven by attackers leveraging cloud resources, making these assaults more powerful and harder to counteract.
Companies must also brace for ransomware tactics that go beyond data encryption to include data exfiltration and ransom demands, adding a layer of complexity to the cybersecurity defences.
Ticket Scalping from a Cybersecurity Perspective
The practice of ticket scalping has seen a notable resurgence, as highlighted by Cyril Noel-Tagoe, Principal Security Researcher at Netacea.
“In 2024, ticket scalping will expand from just being conducted by niche subcommunities operating behind closed doors,” said Noel-Tagoe.
Post-pandemic, the focus of scalping activities has shifted due to the saturation in markets like consumer electronics. Ticket scalping, particularly when facilitated by advanced bot technologies, poses a unique cybersecurity challenge.
As scalping activities expand beyond niche subcommunities, the interest in these practices is growing, driven by the high-profit potential. However, this trend is expected to peak and eventually decline as both public and private sectors intensify their efforts to combat this problem through enhanced legislation, enforcement, and technical controls.
Coordinated Disinformation and Deepfake Campaigns
Ian Thornton-Trump, CISO at Cyjax, emphasises the escalating sophistication of disinformation campaigns, particularly in the context of geopolitical conflicts. The use of propaganda, aligned with cyberattacks on critical infrastructure and military operations, is expected to increase.
“Propaganda has always been a tool of war, it’s just faster and more sophisticated today—at least in its dissemination. With increasing tensions between some nation-states, I foresee some very volatile situations with cyber-attacks being part of regional conflicts, both hot and cold,” said Thornton-Trump.
AI tools are set to amplify the potency of these campaigns, especially targeting vulnerable populations with highly convincing disinformation.
The threat posed by deepfakes is evolving rapidly. Cyril Noel-Tagoe highlights the transition of deepfakes from being primarily a tool for disinformation to a significant threat to organisational identity and access controls.
In 2024, threat actors are expected to use deepfake technology to impersonate company executives or customers, thereby facilitating fraud, data breaches, or unauthorised access. This emerging threat challenges traditional security measures and calls for innovative solutions to verify identities accurately.
James Hinton from Integrity360 notes the growing concern about cybercriminals using deepfakes and other AI-generated tools for malicious purposes. In August 2023, Integrity360 found that more than two thirds (68%) are worried about cybercriminals’ use of deepfakes in targeting organisations.
These are not things that could happen, but something that is happening. In June 2023, a mother in the US became the victim of a targeted deepfake kidnapping scam where AI was used to impersonate her daughter’s voice in an attempt to extort funds.
However, AI also presents significant opportunities for enhancing security operations. The integration of AI and Generative AI platforms into security tools will enable faster processing of data, improving incident response times. AI’s ability to learn what’s normal for specific environments will make it a valuable asset in detecting and preventing sophisticated cyber threats, including those involving deepfakes and other AI-generated attacks.
Josh Wood, a Threat Researcher at Netacea, points out an emerging trend where cybercriminals repurpose botnets traditionally used for activities like cryptocurrency mining to train AI models. The computational power of these botnets can be leveraged to develop AI tools, including deepfakes and spear-phishing content, making such attacks more economically viable and potentially more effective.
Convergence of Cyber and Fraud Intelligence
Business logic attacks, especially those automated at scale using bots, can be relentless and highly impactful. These attacks are typically the precursor to, or the vehicle by which fraud is perpetrated. Attacks like these cost the average business over £66.9 million ($85 million) in 2022 alone.
Cyril Noel-Tagoe also notes the increasing necessity for collaboration between cybersecurity and fraud prevention teams. As cyber-enabled fraud becomes more prevalent, fusion centres where professionals from both fields can share intelligence and correlate data sources will become critical. This collaboration will enable a more comprehensive approach to tackling the sophisticated tactics and techniques employed by fraudsters.
3. AI and Emerging Technologies in Cybersecurity
The integration of artificial intelligence (AI) into the cybersecurity landscape is transforming the nature of cyber threats and defences, as noted by Tom McVey, a senior solutions architect at Menlo Security. McVey points out that while the Internet remains a fundamental source of risk for businesses, the advent of AI could significantly escalate these threats.
However, the role of AI in cybersecurity is not solely malevolent. McVey also highlights the potential of AI in detecting and mitigating threats.
As the Internet increasingly becomes inundated with sophisticated cyberattacks, AI can play a crucial role in identifying and neutralising these threats.
The development of AI-driven tools that can discern whether a web page is generated by humans or AI could become a powerful weapon in the cybersecurity arsenal. This technology could be pivotal in combating the types of threats that leverage advanced language models and other AI techniques.
McVey likens the current state of the Internet to the early days of the ‘Wild West’, where lack of regulation and structure led to a chaotic environment. The same analogy applies to the current cyber threat landscape, with AI-driven attacks becoming increasingly sophisticated and harder to detect.
Using AI to bring structure and enhanced defence mechanisms will be crucial in safeguarding against these emerging threats.
“The rise of AI has created a new battlefront for cybersecurity professionals. 2024 will see further innovation in this area on both sides of the battle; attackers will try to use it to their advantage while it offers a whole host of possible avenues for organisations in defending their assets,” said Brendan Kotze.
Basic Vulnerabilities Exploited by AI
Guido Grillenmeier from Semperis points out that attackers continue to exploit basic vulnerabilities, now aided by AI.
“The core weak spots used by attackers haven’t changed over the years and are still being exploited successfully,” said Grillenmeier.
The sophistication of phishing campaigns, powered by AI, poses new challenges even for users with high security awareness. Upcoming releases like Windows Server 2025 aim to strengthen identity security in response to these evolving threats.
“Attackers’ initial entry methods are evolving though, with AI allowing cybercriminals to create ever more sophisticated and convincing phishing campaigns that play tricks with users’ emotions. Even users with a high level of security awareness can now get caught out by such incredibly well-engineered phishing attempts,” added Grillenmeier.
Generative AI’s Role in Cybersecurity
The implications of Generative AI in cybersecurity are brought to the fore by James Hinton from Integrity360. While Generative AI’s potential to create convincing deepfakes represents a significant threat, its power in bolstering cybersecurity is equally notable.
AI’s capacity to rapidly process vast amounts of data can revolutionise threat detection and response. However, this technological advancement also brings challenges, as cybercriminals can exploit AI to create sophisticated attacks, blurring the lines between reality and deception.
AI Driving Zero-Day Attacks
This year also brings attention to the role of AI in escalating zero-day attacks. Cyber attackers are increasingly harnessing AI to scan for vulnerabilities, particularly in open-source products, leading to a surge in zero-day exploits.
Josh Lemos, the CISO of GitLab, expects attacks focused on ungoverned open source ecosystems to accelerate in 2024.
“We have already seen how attackers have learned to seed open-source repositories with malicious Python packages that have names that closely resemble popular legitimate packages,” said Lemos.
Given the reliance of software developers on these packages, this kind of attack is likely to persist — and to result in serious vulnerabilities — for the foreseeable future.
“Since over 90% of the world’s software is built on top of open source code and open source languages, this will have broad implications. As a partial solution, I expect to see more companies and teams using AI to assess the risk of open source packages,” added Lemos.
Even though the attackers may have less low-hanging fruit, they continue to get creative, and with the ability to scan source code with AI, these threats will only increase further.
However, on the defensive front, AI is being deployed to nearly automate the process of identifying and fixing these vulnerabilities. This development signals a new phase in cybersecurity where AI-driven solutions are becoming indispensable in staying ahead of cyber threats.
Reality Check for AI Claims
Ian Thornton-Trump cautions against the overstatement of AI’s capabilities. While AI, particularly large language models, will become more prevalent and bring efficiencies in various fields, their limitations and real impact will become more apparent.
Thornton-Trump emphasises that despite AI’s potential to augment cyber defences, human analysts remain crucial for providing context and insight that AI alone cannot offer.
He also points out that AI cannot address all aspects of cybersecurity, such as dealing with obsolete technologies or infrastructure, also known as technological debt.
Botnets for GPU Farming in AI
Josh Wood from Netacea raises an alarm about the innovative use of botnets.
Traditionally harnessed for tasks like cryptocurrency mining, these networks are being transformed into AI ‘GPU farms’. This development enables cybercriminals to leverage the robust computational power of GPUs to train sophisticated AI models.
These botnets are no longer just tools for financial gain, but have evolved into engines powering advanced AI-driven cyberattacks. The shift is a game-changer, enabling attackers to craft more targeted and nuanced threats, ranging from deepfakes to spear-phishing attacks.
Harnessing AI Against Cyber Threats
Suhaib Zaheer, SVP of Managed Hosting at DigitalOcean and GM of Cloudways, highlights the pivotal role of AI in bolstering cybersecurity, especially for small and medium-sized businesses (SMBs) in 2024.
“Next year, businesses will be expected to prioritise AI to strengthen their security strategies and respond to increasingly sophisticated cybersecurity threats,” said Zaheer.
In the coming year, businesses, particularly SMBs, are expected to increasingly prioritise AI in their security strategies. This shift is driven by the need to combat sophisticated cybersecurity threats that can have severe repercussions on an organisation’s reputation and financial health.
SMBs, often operating with limited resources, find themselves particularly vulnerable to cyber threats.
The continuation of hybrid and remote work models presents additional security challenges for SMBs. These work arrangements expand the attack surface, exposing businesses to a broader range of potential cyber threats. In this context, AI-driven solutions become essential for maintaining robust security postures.
Zaheer suggests that AI can play a critical role in automating key cybersecurity tasks that are resource-intensive yet crucial for maintaining security. These include:
- Automating website updates: Ensuring that websites are regularly updated to patch vulnerabilities and defend against new threats.
- Securing data backups: Leveraging AI to manage data backups efficiently, ensuring that they are secure and up-to-date.
- Comprehensive security enhancements: Implementing AI-driven tools for overall security improvements, including advanced threat detection and response systems.
- Anomaly detection: One of the most significant advantages of AI in cybersecurity is its ability to analyse large volumes of data to identify and flag anomalies quickly. This capability allows cybersecurity teams to rapidly respond to potential threats, significantly reducing response times and mitigating risks.
Quantum Computing and Cybersecurity
Maurice Uenuma from Blancco raises concerns about the intersection of AI and quantum computing and its implications for cybersecurity.
With the theoretical possibility that quantum computing could decrypt currently encrypted data, enterprises are increasingly aware of the need to rethink their data security strategies.
In 2024, more organisations are expected to plan for post-quantum computing scenarios, developing new security capabilities that remain effective in a rapidly changing technological landscape.
4. Regulating the AI Threat
Pieter Danhieux, Co-founder and CEO of Secure Code Warrior, highlights the lag in regulatory response to the rapid adoption of AI in cybersecurity. He suggests that it is only a matter of time before governments announce regulations around AI use, especially considering the global movement towards more stringent cybersecurity guidelines.
Danhieux also points out the challenges in AI’s application to coding practices, specifically its difficulty in understanding contextual security, which is a vital aspect of developing secure software.
Joey Stanford, VP of Privacy & Security at Platform.sh, discusses the difficulties in keeping up with AI advancements in terms of security.
The broad use of AI is outpacing our collective understanding and the establishment of necessary guardrails, leading to skewed AI models that could pose security risks.
Stanford predicts that AI will be increasingly used in cybersecurity attacks due to its ability to constantly run, learn, and find new vulnerabilities. The challenge for companies will be to prevent breaches, particularly those involving sophisticated AI-generated phishing emails and deepfakes.
Michael Armer, Chief Security Officer at RingCentral, sheds light on the rapidly evolving landscape of AI governance in the realm of cybersecurity. As AI adoption accelerates across various sectors, organisations face the challenge of harnessing its potential while mitigating associated risks.
Armer emphasises the intense pressure companies face to adopt AI technologies as a means of staying competitive. This rush is fueled by the need for differentiation and innovation in a market where AI capabilities are increasingly becoming a benchmark for efficiency and advancement. However, this rapid adoption brings with it the need for careful oversight to prevent potential misuses or unintended consequences of AI technologies.
The goal of AI governance is to strike a balance between harnessing the innovative potential of AI and maintaining control over its deployment. As AI technologies become more integrated into cybersecurity and other business operations, the need for robust governance structures becomes paramount. These structures will play a critical role in guiding organisations on how to utilise AI responsibly, ethically, and effectively.
In response to these challenges, Armer predicts a significant shift towards AI governance in the coming year. This shift entails the development of institutional and legal structures that provide a framework for the responsible and ethical use of AI. The focus will be on establishing controls around AI adoption, ensuring that its deployment aligns with organisational values, legal requirements, and ethical standards.
Nation States and AI Model Poisoning
Matthew Gracey-McMinn of Netacea delves into the geopolitical implications of AI in cybersecurity. He predicts that nation states will not only partake in AI development but may also engage in covert AI model poisoning.
This tactic could involve tweaking AI models to output misleading information, effectively turning AI into a tool for misinformation or strategic manipulation. The rising concern is that AI model poisoning could become a new frontier in cyber warfare, used by nations to gain geopolitical advantages.
AI Legislation in the U.S.
The integration and regulation of artificial intelligence (AI), particularly Generative AI and large language models (LLMs), present a complex challenge for legislators.
Developing a working knowledge about AI, understanding the range of available options, and reaching a consensus to enact laws is a time-consuming and intricate process. Legislators must grapple with the rapidly evolving nature of AI technologies, balancing innovation with ethical and security considerations.
In response to the rising prominence and public interest in Generative AI, President Biden’s Executive Order on Safe, Secure, and Trustworthy AI plays a crucial role.
This order represents an important step towards establishing guidelines and principles for the safe and responsible use of AI. It aims to leverage the resources and influence of various Executive branch departments, such as Homeland Security, Defence, Energy, and Commerce, to enhance AI safety and security.
The Government’s broad purchasing power and its ability to influence markets are critical tools in driving the development and adoption of safety and security controls in AI.
By setting standards and requirements for AI technologies in government procurement processes, the Executive branch can significantly impact how AI is developed and deployed across different sectors.
5. Organisational Culture and Strategy in Cybersecurity
The landscape of cybersecurity is witnessing a pivotal shift from viewing security as a mere cost centre to recognising it as a vital driver of business success. This shift in perspective is reshaping organisational culture and strategy at all levels.
Cybersecurity Stands as a Top Organisational Priority
Organisations are prioritising cybersecurity more than ever before. This prioritisation is reflected in increased budget allocations, strategic investments in advanced security technologies, and the integration of cybersecurity considerations into business planning and decision-making processes. Companies are recognising that effective cybersecurity is fundamental to their success and are making it a core component of their operational and strategic plans.
A report by Softcat reveals a significant trend: for the second consecutive year, cybersecurity is the top priority for organisations. This consistent focus underscores the heightened awareness among businesses about the importance of cybersecurity in the face of rapid technological advancements and evolving threats. Kieron Newsham, Softcat’s Chief Technologist for Cybersecurity, stresses the importance of resilience, advising organisations to be wary of how new technologies can increase threats.
Security as a Business Driver
Traditionally perceived as a cost centre, cybersecurity is increasingly being recognised for its role in driving business value. In an age where digital threats can significantly impact a company’s bottom line and reputation, investing in robust cybersecurity measures is no longer just a defensive move. It is a strategic imperative that supports business continuity, trust, and competitive advantage. This shift in mindset underlines the importance of cybersecurity in the overall business strategy, emphasising the need for proactive risk management and resilience planning.
Michael Armer, CSO at RingCentral, highlights a crucial transition in organisational thinking. Businesses are increasingly perceiving cybersecurity not just as a domain separate from their core operations, but as a strategic driver integral to their success. This shift represents a broader recognition of the role of cybersecurity in safeguarding not only digital assets but also the company’s overall business interests.
As Armer puts it, ‘security is now part of the flow of business’, a transformation that signifies the growing interdependence between cybersecurity and business strategy.
Cultivating a Security-First Mindset
Creating a security-first culture within organisations has become non-negotiable. This approach involves integrating cybersecurity considerations into every aspect of the business from the ground up. It is about making security a core value and part of the everyday conversation. This involves ensuring that every employee, not just the IT team, is aware of and engaged in protecting the organisation’s digital assets. Such a culture empowers employees to take responsibility for security, fostering a more vigilant and responsive environment.
Tom Gorup, Vice President of Security Services at Edgio, emphasises the necessity of building a security-first culture within organisations. In an era where cyber threats are becoming increasingly sophisticated, embedding security into every facet of the company is critical. This approach moves beyond the traditional top-down perspective, encouraging a more inclusive, bottom-up strategy where security becomes a shared responsibility across all levels of the organisation.
Gorup said security must be part of company culture, not an afterthought’, underlining the need for a comprehensive and integrated approach to cybersecurity.
The Growing Burden on Business Leaders and Boards
As cyber threats grow in complexity and severity, board-level executives face unprecedented pressure. They are tasked with navigating a landscape filled with relentless cyber threats, budgetary constraints, and increasing regulatory demands. In this high-stakes environment, boards are grappling with crucial decisions about resource allocation, strategic partnerships, and the very survival of their businesses in the face of potential cyberattacks.
Business leaders are increasingly focusing on cybersecurity, recognising it as a critical element of organisational risk. This heightened attention is a response to the growing understanding that cybersecurity is not just an IT issue, but a broad business concern that impacts all areas of operation. Leaders are now more involved in developing and overseeing cybersecurity strategies, ensuring that they align with the organisation’s overall goals and risk appetite.
Simon Hodgkinson, former BP CISO and now a Strategic Adviser at Semperis, and Christian Have, CTO at Logpoint, draw attention to the increasing pressure on business leaders and board members. They are now facing a landscape where cyber threats, regulatory demands, and economic uncertainties converge, creating a challenging environment for decision-making. The rise in cyber incidents and evolving regulations such as NIS2 is making cybersecurity a top agenda item in boardrooms, with leaders recognising its critical impact on enterprise risk and operational resilience.
Collective Cybersecurity Effort
The battle against cyber threats is increasingly seen as a collective effort that requires collaboration and knowledge sharing within and across organisations. This collective approach extends beyond the boundaries of individual companies, encompassing industry-wide initiatives, public-private partnerships, and global efforts to enhance cybersecurity resilience. By working together, sharing insights, and pooling resources, the global community can build a more secure and trustworthy digital ecosystem.
Echoing the sentiment of collaborative effort, Tom Gorup views cybersecurity as a team sport. He advocates for a united approach in combating cyber threats, emphasising the importance of knowledge sharing and cooperation across different sectors. This collective effort is essential in creating a resilient and trustworthy digital ecosystem capable of withstanding the challenges posed by evolving cyber threats.
Continuous Threat Exposure Management
Continuous Threat Exposure Management (CTEM) is emerging as a key strategy in the proactive management of cyber risks. This approach involves constantly monitoring and assessing the threat landscape, identifying vulnerabilities, and implementing measures to mitigate risks. By embracing CTEM, organisations can shift from a reactive to a proactive stance, staying ahead of potential threats and reducing their exposure to cyber incidents.
Brian Martin, Director of Product Management at Integrity360, points out the growing prominence of CTEM as a proactive strategy in managing cyber risks. This approach extends beyond traditional vulnerability management to encompass a more holistic view of the organisation’s cyber posture. The emphasis is on a continuous process of identifying, assessing, and addressing key vulnerabilities across the entire digital landscape. Martin predicts that CTEM will not only become mainstream but will also lead to the convergence of various security tools into more comprehensive solutions.
6. Data Privacy and Management
The landscape of data privacy and management is witnessing a pivotal evolution. Emerging technologies, tightening regulations, and a heightened focus on sustainability are driving significant changes in how organisations approach data management and privacy.
Data Privacy as a Forefront Concern
Data privacy is increasingly becoming a central concern for both B2B and B2C businesses, as highlighted by Joey Stanford.
“The way we deal with data is changing. Consumers are more concerned about privacy than ever before. It’s important to remember that those who make B2B buying decisions are consumers too, and their thinking as a consumer will bleed into their other role,meaning data privacy will become part of B2B criteria,” said Stanford.
Consumer awareness around privacy issues is influencing B2B decision-making, fostering a greater emphasis on trust and data protection. Companies are now more inclined to adopt stringent data privacy practices like GDPR, not just for compliance but also as a strategic advantage for global expansion. This shift underscores the intertwining of data privacy with customer trust and retention.
“There is a dawning realisation that data privacy and trust are closely interlinked, and that trust helps businesses gain and retain customers. We can expect to see a greater emphasis on trust from both B2B and B2C businesses next year,” added Stanford.
AI-Enhanced Data Encryption and Management
The integration of AI and encryption in data management is transforming how businesses protect and handle data. AI’s role in automating and enhancing data classification, anomaly detection, and encryption protocols is becoming increasingly crucial. This integration aids businesses in efficiently managing large data volumes while ensuring robust data security and privacy.
Jon Fielding, Managing Director at EMEA Apricorn, highlights the significant role of AI in data management. As the volume of data escalates, particularly with cloud storage’s ‘store everything’ mindset, AI’s role in automating data classification becomes crucial.
AI algorithms are aiding businesses in distinguishing between relevant, valuable, or risky data, which is instrumental in refining data retention strategies. This AI-driven approach not only conserves costs by reducing unwarranted data storage space but also enhances data compression efficiency. Crucially, encrypting sensitive data on secure storage devices safeguards against data breaches, emphasising the synergy between AI and encryption in fortifying data security.
“Data storage has certainly increased in size and speed from a hardware perspective, and we’ve seen an increase in cloud storage, but the biggest change is around the data itself. Not only is the amount of data being stored ramping up but cloud-based storage has encouraged a ‘store everything’ mindset,” said Fielding.
Efforts to Reduce and Manage Data Volumes
As we head into 2024, the focus on data management is shifting towards reducing and efficiently handling burgeoning data volumes. Mark Molyneux, EMEA CTO at Cohesity, underscores the urgency of this shift. He points out that the rapid growth of data, partly due to the proliferation of AI and cloud technologies, has led to a situation where many organisations are overwhelmed with data, much of which remains unutilised or unknown.
Molyneux advocates for a ‘data diet’ approach, emphasising the need for organisations to consolidate their data on common platforms. This consolidation would not only make data management more efficient but also enable the application of techniques like deduplication and compression to significantly reduce data volumes.
Furthermore, Molyneux stresses the importance of using AI to index and classify data based on its relevance and value to the company. This strategy entails making informed decisions about what data to retain and what to discard, thus enabling organisations to streamline their data infrastructure and focus on data that truly matters.
Sustainable and Efficient Data Management
Mary Clark, CMO at Brivo, highlights the changing landscape of access control tech stacks and how this evolution plays a crucial role in sustainable and efficient data management. The push towards centralisation, where multiple security systems and applications are managed through a single platform, is not only enhancing efficiency but also breaking down data silos.
Clark points out that this trend towards integration and centralisation is accompanied by increased utilisation of APIs, particularly in cloud-based platforms. This approach enables organisations to leverage their data more effectively, making informed decisions and optimising operations.
APIs have become essential for enabling seamless communication between different components and services. However, their significance also makes them a prominent target for cyber criminals.
“Throughout 2023, there was a notable increase in security breaches related to APIs, as cyber attackers capitalised on vulnerabilities in API endpoints to gain unauthorised access to sensitive data and systems.
“Consequently, ensuring the security of APIs became a paramount concern for organisations, with regular testing, monitoring, and stringent access controls,” said Matt Bruun.
As organisations adapt to these changes, the role of security integrators becomes more vital. Integrators are urged to deepen their understanding of their ecosystem and the implications of a centralised data management system. Embracing these changes is not only inevitable but also beneficial, as it aligns with the broader trend of making data management more streamlined and efficient.
Balancing Privacy and Security
The balance between privacy and security is set to become a critical issue in 2024, as outlined by Matthew Gracey-McMinn. With technological advancements, especially in anonymising data, the conflict between maintaining privacy and ensuring security is intensifying.
Companies are faced with the challenge of navigating this delicate balance as attackers exploit privacy-enhancing technologies to conduct fraudulent activities. For instance, the anonymisation of internet traffic by major tech companies can inadvertently aid cybercriminals in masking their activities. This scenario creates a complex environment where companies must find innovative ways to distinguish between legitimate users and potential threats, without infringing on privacy.
The emergence of this ‘small arms race’ between privacy advocates and security professionals underscores the need for new strategies and solutions that effectively address both privacy rights and cybersecurity concerns.
Evolving Role of the SEC in Cybersecurity
The role of the Securities and Exchange Commission (SEC) in cybersecurity is expected to undergo significant changes in 2024. Gracey-McMinn highlights the shift in the cybersecurity landscape, influenced by the evolving tactics of cybercriminals and the legal implications for companies and individuals.
Gracey-McMinn notes that companies are increasingly vulnerable to extortion attempts by cybercriminals who threaten to report breaches to regulatory bodies. This new tactic is anticipated to become more prevalent in 2024, potentially leading to additional legal charges in cyber-attacks. The changing dynamics in cybercrime underscore the need for organisations to remain vigilant and proactive in their cybersecurity efforts.
Furthermore, the SEC’s role is predicted to expand, encompassing a broader range of compliance failings and data breaches. This expansion reflects a growing recognition of the intricacies and consequences of cybersecurity incidents, emphasising the need for clarity in legal responsibilities and repercussions. As such, organisations may need to adapt to these changes, ensuring compliance and adopting a more transparent approach to cybersecurity and data breach reporting.
Software Bills of Materials Gaining Importance
The significance of Software Bills of Materials (SBOMs) is set to increase in 2024, as pointed out by Joey Stanford and Josh Wood. With recent security incidents highlighting the vulnerabilities in software components, the need for transparency in software composition has never been more crucial.
SBOMs, acting as an ‘ingredients list’ for software, are instrumental in managing vulnerabilities and risks associated with software dependencies. The anticipated rise in the adoption of SBOMs is driven by government policies and a growing awareness of their importance in cybersecurity. This trend signifies a shift towards greater transparency and accountability in software development and deployment.
Globally, momentum is certainly growing for supply chain transparency regulations. The EU’s proposed Cyber Resilience Act would require manufacturers to identify all components in digital products by using an SBOM. This proposed legislation shows the EU’s leadership in cybersecurity regulation and could influence policies in other regions.
Emergence of AI Bills of Materials
Alongside SBOMs, the emergence of AI Bills of Materials (AIBOMs) is expected in 2024. As AI systems become increasingly integrated into various applications, the need for AIBOMs becomes apparent. These documents will provide crucial information about an AI model’s data, architecture, and frameworks, enabling organisations to assess risks and biases associated with AI models.
The development of AIBOMs represents a step towards greater transparency and understanding of AI systems, paralleling the movement towards SBOMs in traditional software. This evolution in AI governance reflects the growing need to address the complexities and potential risks associated with AI technologies.
7. Geopolitical and Societal Influences
The intersection of cybersecurity and politics is becoming increasingly significant. Major political events, such as elections, are often accompanied by heightened cyber activity. In 2024, with a general election scheduled in the UK, there is a heightened awareness of potential cyber threats. Nations like Russia, North Korea, and Iran, as well as various activist hacking groups, each have distinct motivations that could influence their cyber activities.
The UK, having experienced significant data breaches in the past, is expected to bolster cybersecurity measures to safeguard against network intrusions and disruptions during the election process. This proactive stance is essential in ensuring the integrity of political processes in an increasingly digital world.
Geopolitical Tensions in Cyberspace
Geopolitical tensions, a longstanding feature of international relations, are increasingly manifesting in cyberspace, as noted by Simon Hodgkinson. The intersection of traditional geopolitical conflicts with cyber warfare is becoming more pronounced, with nation-states using cyberattacks to supplement ground warfare. This could involve attacks on critical infrastructure or financial systems, especially where economic sanctions limit conventional avenues.
Cyber warfare might also be used to fund activities through ransom attacks or cryptocurrency theft. With significant political events on the horizon in 2024, there’s an expectation of intensified state-sponsored attacks aiming to disrupt elections and sow misinformation.
Ian Thornton-Trump echoes these sentiments, highlighting the evolution of cyber disinformation in conjunction with physical conflicts. The blend of cyberattacks, disinformation campaigns, and conventional warfare is evident in conflicts such as those in Ukraine and the Middle East. With the rise of AI tools, these disinformation campaigns are becoming more sophisticated and targeted, particularly towards vulnerable populations.
Climate Change and IT Resilience
Thornton-Trump also discusses the impact of climate change on IT resilience. As the planet faces significant climatic changes, this has direct implications for IT infrastructure, particularly in terms of system resilience and redundancy. Businesses are expected to adopt more cloud services and expand across multiple regions to mitigate these challenges.
Global climate change not only impacts the physical environment but also exerts economic stress on nations, potentially leading to increased instability, particularly in regions like China, Russia, Iran, and North Korea. Forward-thinking business leaders are, therefore, focusing on enhancing IT resilience to prepare for these climatic and geopolitical changes.
8. Technology Adoption and Infrastructure Changes
Rise of the Digital Nomad
As noted by Jon Fielding, the number of digital nomads is increasing globally. In the US alone, 17.3 million workers identify as digital nomads, and the UK follows this trend closely. More than 25 countries have now launched visa programmes for digital nomads.
The rise of digital nomads reshapes traditional work structures, demanding flexibility in remote working arrangements to accommodate global mobility.
“As employees look to embrace a location-independent and technology-enabled lifestyle, the rise of the digital nomad will reshape traditional work structures as remote working demands extend to the next level to allow them to travel and work anywhere in the internet-connected world,” said Fielding.
A recent survey of IT decision makers from Apricorn found that, of the 70% of those that allowed employees to work remotely, almost a third of respondents said they did not have the tools or processes in place to control the use of the employees own IT equipment, or for those that allowed only corporate devices, they had no way of enforcing their use.
“This merely highlights the risks of remote working, which are only going to be exacerbated as remote workers move beyond just home working and hop countries to do so,” added Fielding.
Remote working poses cybersecurity risks, particularly with the use of personal IT equipment or corporate devices without adequate controls. As digital nomadism grows, organisations must invest in advanced cybersecurity measures like encrypted USB drives and ‘PC on a stick’ approaches to ensure data security across multiple locations.
“As organisations adapt to the rise in the digital nomad, they must proactively invest in advanced cybersecurity measures to ensure the confidentiality, integrity, and availability of corporate data, and mitigate the potential risks associated with working from varying locations,” advised Fielding.
Partial Reverse in Cloud Transition
According to a July 2020 McKinsey Global Survey, executives revealed that COVID-19 had accelerated the digitisation of their customer and supply-chain interactions and of their internal operations by three to four years. That pace of change has led to the widespread adoption of cloud tools and technologies.
From a security perspective, we have seen organisations embracing Cloud-Native Application Protection Platforms (CNAPPs) – a cloud-native security model intended to replace the use of multiple independent tools with one holistic security solution for modern enterprises with cloud-native workloads.
Carl Shallow from Integrity360 discusses a potential partial reversal in cloud adoption. High-profile cloud breaches and cost concerns may lead some organisations to reconsider the full transition to cloud computing. Despite the popularity of CNAPPs, concerns about security and cost-efficiency might drive a shift towards a more balanced approach between cloud and on-premises solutions.
“Where it was thought that there would be a logical and continuous shift away from on-prem to the cloud, this transition is now not as certain as it once was, with concerns having been growing among organisations for several reasons in recent times,” said Shallow.
There have been several high-profile cloud breaches. For example, in June of 2023, automaker Toyota revealed that roughly 260,000 customers’ data was exposed due to a misconfigured cloud environment. The 2023 Thales Cloud Security Study also revealed that 39% of businesses experienced a data breach in their cloud environment in the last year.
It is not just security, but also cost that is a potential challenge. According to Flexera’s State of the Cloud Report 2023, cost is the number one concern with cloud, knocking security off the top spot for the first time in 10 years. Organisations are spending significantly on cloud platforms and supportive security, yet the economic gains that they anticipated are struggling to materialise in many cases.
“The cloud won’t be scrapped. Yet, it is possible that we will see several organisations planning to move a proportion of their key assets back on-prem in 2024 as they seek to ease concerns surrounding both cost and security,” added Shallow.
Access Control Tech Stack Changes
Mary Clark of Brivo highlights the evolving access control technology. Security integrators are increasingly expected to offer integrated platforms that manage various security systems and applications.
“Integrators need to become subject matter experts about their ecosystem and know what a ‘single pane of glass’ means for the network back end – effective API integrations in cloud-based platforms,” said Clark.
The move towards centralised control systems and increased API utilisation reflects a broader trend in enterprise technology, enhancing data management and security.
“It is with enterprises and large enterprises particularly where integrators are in a fantastic position in 2024 to show the beauty of scaled up cloud infrastructure and do more with this, including better leveraging organisational data. In short, access control tech stacks are changing. And that’s to be embraced,” added Clark.
Mid-Market Embraces Managed Detection and Response
Christian Have emphasised that mid-market enterprises will increasingly adopt Managed Detection and Response (MDR) services in 2024.
“These businesses [can] leverage advanced threat detection technologies, skilled cybersecurity experts, and proactive incident response strategies. Using MDR to navigate the threat landscape ensures compliance and fortifies security posture,” said Have.
This adoption is driven by the need for advanced threat detection and response capabilities amidst rising cybersecurity challenges and regulatory pressures.
“This shift towards MDR solutions signifies a fundamental change in how mid-market businesses approach cybersecurity. Entrusting their detection and response to specialised experts enables organisations to safeguard their critical assets and maintain customer trust by demonstrating their commitment to cybersecurity amidst challenging times.
“As a result, the MDR industry will experience significant growth, reflecting the broader shift in organisational priorities: focusing on core business activities while relying on dedicated cybersecurity partners to navigate the intricate and ever-evolving landscape of cyber threats and regulations,” said Have.
Make Cybersecurity Your Resolution
As we look towards the horizon of 2024, the cybersecurity landscape is marked by a blend of challenges and opportunities. The interplay of advanced AI, sophisticated cyber threats, and the critical importance of preparedness underscores the need for a proactive and informed approach.
Embracing innovation, enhancing skills, and fostering collaboration across sectors will be pivotal in fortifying our digital defenses. In this ever-evolving domain, staying ahead of trends and adapting to the dynamic nature of cyber threats will be key to safeguarding the integrity and resilience of our digital world.