Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
What Cyber Leaders Can Expect in 2024: Predictions on API Protection, AI Threats, Cyber Talent Gap, and Budget Plans
By Jeremy Ventura, Field CISO,
ThreatX
As we look back at cybersecurity over the
past year, there are several key areas organizations should consider
revising to improve their cyber strategy going into 2024. In turn, many
business leaders should reassess and reevaluate their company goals and
priorities to ensure they align with an overall security strategy.
With API attacks and data breaches projected
to significantly increase in the next year, most cannot afford to deprioritize
their security posture. Organizations will have to ensure they plan their 2024
budget to accommodate the growing need for robust cybersecurity and consider integrating
risk quantification metrics that will accurately reflect cyber risk outcomes.
Organizations will start taking API security
more seriously in 2024
Over the last five years, we've witnessed
major brands like Peloton, T-Mobile, and 23andMe experience API-based attacks.
For most organizations, however, API security is not among their top
priorities. Knowing that API abuses and related data breaches will nearly double in 2024, API
security is becoming more of a priority. The current API security market is
complex, with many different vendors focusing on various aspects of API
protection. Next year, we'll likely see more consolidation of tools, and as the
market and economy shift, mergers are likely to occur.
Hot take: AI-driven security incidents won't
be as prevalent as one may assume
Over the course of 2023, generative AI has
taken the world by storm. However, in the last couple of months, the hype has
gone down quite a bit, and while AI will still have influence in 2024, we're
only scratching the surface. While AI will help make malware or phishing emails
seem more legitimate, for example, and may even increase misinformation by
creating more deep fakes of individuals and public figures, security teams
should instead prioritize the influx of attacks. This includes supply chain
attacks and ransomware attacks targeting "weaker" organizations, which will only
increase in volume and sophistication over the next year.
The cybersecurity workforce is a looming
crisis for CISOs
As we venture into 2024, cybersecurity is one
of the fastest-growing professional fields, and yet employers are struggling to
find workers to fill open positions. CISOs face a formidable challenge: the
widening gap in the cybersecurity workforce. The cyber domain is currently
experiencing a scarcity, a trend that experts fear will intensify with more
companies grappling to retain and recruit talent. A collaborative effort is
required to repair the current decline, and CISOs should turn toward innovative
services infused with AI as a potential lifeline. This shift isn't just a
fear-based tactic but a wake-up call for CISOs to explore new avenues to
reinvigorate cybersecurity-related education and training in the face of a
diminishing workforce pool.
Decoding the future of cybersecurity with
next-gen KPIs
Cyber-related incidents are estimated to reach around 33 billion account breaches by the end of 2023 - meaning in
2024 security professionals must redefine their arsenal of metrics or risk
falling behind. Beyond the routine incident counts and response times, a
paradigm shift will occur -- adopting operational-level metrics. Organizations
will seek to predict and demonstrate the true efficacy of their security
strategies and will find that integrating innovative risk quantification
metrics can translate into better tangible outcomes in revenue, budget
allocation, and, most crucially, cyber resilience. Security professionals will
begin assessing the impact of cyber threats on budgets and adopting health
score systems reminiscent of credit reports.
While
the threat of API security breaches and ransomware attacks are not
expected to die down anytime soon, and the full impact of generative AI on the
cybersecurity landscape is still being determined, security leaders can do
these key things heading in 2024 to prepare. That includes prioritizing API
protection, preparing for the inevitable influx of AI-related attacks,
exploring AI to help improve cybersecurity-related education to attract
talent, and revising metrics to address the impact of cyber threats on budgets.
##
ABOUT THE AUTHOR
Jeremy Ventura is a cybersecurity
professional, specializing in advising organizations on information security
best practices. He has years of experience in vulnerability management, email
security, incident response and security center operations. At ThreatX, he is
responsible for the development and presentation of thought leadership across
all areas of cybersecurity. Ventura is an industry leader that can regularly be
seen in media, blog posts, podcasts and at speaking events. Previously, Ventura
has worked at Gong, Mimecast, Tenable and IBM, among other security
organizations. Ventura holds a Master's Degree in Cybersecurity and Homeland
Security.