Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
How Cybersecurity Leaders Can Take a People-First Approach When Navigating the 2024 Threat Landscape
By Gene Fay, CEO of
ThreatX
As we've seen this
year, the cybersecurity landscape is constantly evolving - from attack rates
and sophistication and organizational "readiness" to combat these threats, to the
continued hype around generative AI and navigating global skills gaps. 2024
will be no different; leaders across all industries must proactively prepare to
tackle similar challenges.
Among the most critical
cybersecurity areas for enterprise leaders to pay attention to is ensuring
their security teams are prepared to deal with increasing threats. A
significant component will be recognizing the skills shortage and doing your
part to provide mentorship and training to individuals interested in upskilling
in their careers or entering the field.
Education is another
critical piece of the puzzle, and leaders need to emphasize internal education
around various threats, such as attacks on application programming interfaces
(APIs) and phishing attacks. Ensuring that everyone across the organization has
a strong understanding of these targeted threats will become even more
critical, especially when considering the ways that AI is advancing attack
success rates.
Cybersecurity
leaders will need to embrace entry-level positions and in-house training
Despite popular belief,
the cybersecurity industry is not facing a talent shortage, we are facing a
skills shortage. Hiring teams all want a skilled practitioner to join the
organization, but in reality, this type of person is expensive and rare. Yet,
there is a surplus of people looking to enter the cybersecurity field.
Organizations are getting thousands of
applications for open positions, especially entry-level positions. We're not
seeing a shortage of people, there is a shortage of training and of a
willingness to hire outside of the traditional skill set. In 2024, as the
cybersecurity industry continues to face budgetary constraints, leaders will
ultimately have to hire entry-level people inexpensively and give them the
opportunity to learn. We'll see more corporations and HR departments partnering
to make sure job descriptions truly mean entry level.
The value of APIs is only going to increase, and attackers continue
to take notice
APIs serve as the connection point for
organizations to partner with other organizations, and the value that they
provide is only going to increase in the year ahead. Organizations will
continue to recognize how APIs make it extremely easy to interact with their
technology and their partner's technology. Given this value, we'll also see
attackers increase their attention on API-based attacks. The good news is there
are a handful of companies and tools available in the market to protect APIs,
and budgets to do so will surely increase in 2024.
Organizational "readiness" will be the key
trend in navigating AI-based cybercrime
Going into 2024, AI will continue to allow for
more sophisticated and customized attacks. The reality is that education around
recognizing AI-based threats like phishing is difficult; however,
organizational "readiness" will be a key area of innovation.
While the education piece is one component -
such as the ability to recognize more customized phishing emails that appear to
come from a colleague, vendor, or partner - better endpoint protection is
another factor. Companies can't afford to lose out on reliable tools to scan
emails and links, but there's also a component of "trust equity," and all
organizations should encourage "reward reporting" of suspicious events. Making
security the priority of every individual in the organization will be key.
While we can't know for
sure what 2024 will bring to the cybersecurity landscape, one thing is for
sure: preparing for the inevitable challenges is critical. As we round out
2023, leaders should be proactively planning to ensure they have the right
talent and are providing the necessary education to bolster their teams'
skills. Acquiring the right talent and prioritizing providing the necessary
training and education opportunities will be essential when facing evolving
threats head-on.
##
ABOUT THE AUTHOR
Gene has a lengthy track record as
an executive at technology companies, including COO at White Ops, General
Manager at Resilient Systems (acquired by IBM), and VP of Worldwide Sales and
Global Alliances of Network Intelligence (acquired by EMC and integrated into
RSA). Gene has extensive experience building high-impact teams at early-stage
startups in storage, virtualization, and cybersecurity. He has specific
expertise in go-to-market strategies, marketing, customer success, and channel
development. Gene holds an MBA from Northeastern University, where he guest
lectures on topics such as product management, marketing, and sales.