Virtualization Technology News and Information
ThreatX 2024 Predictions: What Cyber Leaders Can Expect in 2024 - Predictions on API Protection, AI Threats, Cyber Talent Gap, and Budget Plans


Industry executives and experts share their predictions for 2024.  Read them in this 16th annual series exclusive.

What Cyber Leaders Can Expect in 2024: Predictions on API Protection, AI Threats, Cyber Talent Gap, and Budget Plans

By Jeremy Ventura, Field CISO, ThreatX

As we look back at cybersecurity over the past year, there are several key areas organizations should consider revising to improve their cyber strategy going into 2024. In turn, many business leaders should reassess and reevaluate their company goals and priorities to ensure they align with an overall security strategy.

With API attacks and data breaches projected to significantly increase in the next year, most cannot afford to deprioritize their security posture. Organizations will have to ensure they plan their 2024 budget to accommodate the growing need for robust cybersecurity and consider integrating risk quantification metrics that will accurately reflect cyber risk outcomes.   

Organizations will start taking API security more seriously in 2024  

Over the last five years, we've witnessed major brands like Peloton, T-Mobile, and 23andMe experience API-based attacks. For most organizations, however, API security is not among their top priorities. Knowing that API abuses and related data breaches will nearly double in 2024, API security is becoming more of a priority. The current API security market is complex, with many different vendors focusing on various aspects of API protection. Next year, we'll likely see more consolidation of tools, and as the market and economy shift, mergers are likely to occur.   

Hot take: AI-driven security incidents won't be as prevalent as one may assume  

Over the course of 2023, generative AI has taken the world by storm. However, in the last couple of months, the hype has gone down quite a bit, and while AI will still have influence in 2024, we're only scratching the surface. While AI will help make malware or phishing emails seem more legitimate, for example, and may even increase misinformation by creating more deep fakes of individuals and public figures, security teams should instead prioritize the influx of attacks. This includes supply chain attacks and ransomware attacks targeting "weaker" organizations, which will only increase in volume and sophistication over the next year.   

The cybersecurity workforce is a looming crisis for CISOs   

As we venture into 2024, cybersecurity is one of the fastest-growing professional fields, and yet employers are struggling to find workers to fill open positions. CISOs face a formidable challenge: the widening gap in the cybersecurity workforce. The cyber domain is currently experiencing a scarcity, a trend that experts fear will intensify with more companies grappling to retain and recruit talent. A collaborative effort is required to repair the current decline, and CISOs should turn toward innovative services infused with AI as a potential lifeline. This shift isn't just a fear-based tactic but a wake-up call for CISOs to explore new avenues to reinvigorate cybersecurity-related education and training in the face of a diminishing workforce pool.   

Decoding the future of cybersecurity with next-gen KPIs   

Cyber-related incidents are estimated to reach around 33 billion account breaches by the end of 2023 - meaning in 2024 security professionals must redefine their arsenal of metrics or risk falling behind. Beyond the routine incident counts and response times, a paradigm shift will occur -- adopting operational-level metrics. Organizations will seek to predict and demonstrate the true efficacy of their security strategies and will find that integrating innovative risk quantification metrics can translate into better tangible outcomes in revenue, budget allocation, and, most crucially, cyber resilience. Security professionals will begin assessing the impact of cyber threats on budgets and adopting health score systems reminiscent of credit reports.   

While the threat of API security breaches and ransomware attacks are not expected to die down anytime soon, and the full impact of generative AI on the cybersecurity landscape is still being determined, security leaders can do these key things heading in 2024 to prepare. That includes prioritizing API protection, preparing for the inevitable influx of AI-related attacks, exploring AI to help improve cybersecurity-related education to attract talent, and revising metrics to address the impact of cyber threats on budgets.  



Jeremy Ventura 

Jeremy Ventura is a cybersecurity professional, specializing in advising organizations on information security best practices. He has years of experience in vulnerability management, email security, incident response and security center operations. At ThreatX, he is responsible for the development and presentation of thought leadership across all areas of cybersecurity. Ventura is an industry leader that can regularly be seen in media, blog posts, podcasts and at speaking events. Previously, Ventura has worked at Gong, Mimecast, Tenable and IBM, among other security organizations. Ventura holds a Master's Degree in Cybersecurity and Homeland Security.

Published Friday, November 24, 2023 8:00 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2023>