Virtualization Technology News and Information
Article
RSS
Balbix 2024 Predictions: Predictions Impacting CISOs the Most in 2024

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Predictions Impacting CISOs the Most in 2024

By Gaurav Banga, Founder and CEO of Balbix

2023 was a pivotal year for cybersecurity with the introduction of new requirements by the SEC, continued economic uncertainty forcing lower budgets, and the advent of AI-powered cyber attacks. With cybersecurity becoming an increasingly important concern, 61% of CISOs feel they faced unreasonable job expectations and 60% report feeling burnout in 2023, according to data from Proofpoint.

The role of the CISO has never been more complex and high-risk than right now. It is my prediction that 2024 will present two major cybersecurity challenges for CISOs that will continue to drive stress points to all-time highs.

1.  Confusion around SEC compliance will create a rigid landscape for CISOs

As the SEC's cybersecurity rules are set to go into effect starting in December 2023, there is great uncertainty as to how the rules will be enforced and who is responsible for determining the materiality of cyber risk for assets, applications, and incidents.

To better manage this new regulatory landscape, CISOs will increasingly look towards specialized third-party vendors and service providers for assistance. This will include, implementing automated and comprehensive vulnerability assessments, constant predictive prioritization of flaws and vulnerabilities, and real-time cyber risk quantification.

The SEC's recent charge against SolarWinds and its CISO for "fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities" is a glimpse into how the SEC may react to non-compliance. This early precedent has sent shockwaves through the CISO community and their reactions provide a glimpse into how the industry will respond to potential future charges. 

Lastly, close collaboration between CISOs, the CEO, legal counsel, and third-party vendors will be critical for organizations to make sure reports are filed correctly in order to avoid penalties, or worse, from the SEC. 

2.  AI will haunt the day-to-day life of the CISO

In addition to overseeing complicated, high-risk regulatory compliance, CISOs in 2024 will have to contend with escalating AI-powered cyber threats. These threats may include the proliferation of deepfakes created to spread misinformation, advanced malware duplication, and indecipherable phishing techniques. Phishing was the most common type of initial attack vector in 2023, and in 2024 this technique will likely be AI-powered. 

Even more, generative AI's ability to quickly duplicate existing information online stands to upend the way we approach intellectual property (IP). There are two sides to the risks of AI for IP. On the one hand, AI creates a huge exposure risk through its constant scraping of data that exists already online. For example, if your developer team uses AI to review a unique line of code, that code could end up in a different organization's product. On the other hand, your developer team could use code generated from AI to unknowingly embed a different organization's IP. This is particularly a concern for those who hold trade secrets and are concerned about their IP-protected data showing up in AI training models, which is one of the widest reported IP risks, according to Deloitte.

Left to their own devices, CISOs are forced to navigate the complex IP landscape as it continues to be impacted by AI. Without strict regulations, CISOs are left to wait for regulators to catch up with the impact of rapidly evolving technologies. This leaves the door open for bad actors to infiltrate critical systems with adversarial AI-based techniques.

Adversarial AI used by bad actors can often circumvent static defenses and human analysts - even more so when 59% of teams are short-staffed or on the brink of burnout. The only way to beat AI used by bad actors is to empower your teams to use AI; AI itself is the best tool to defend against AI threats. By using AI proactively, CISOs can significantly limit cybersecurity breaches, lower overall incident response times, and prevent high-cost damages from AI-based cyber attacks. To achieve this, CISOs must have an AI strategy. CISOs must empower their teams to incorporate AI-based techniques into their tech stack. Right now, only 6% of organizations have dedicated teams to evaluate AI risk mitigation, according to KPMG.

CISOs in 2024 will face the twin challenge of ensuring SEC compliance and defending escalating AI-powered threats. This challenge requires proactive planning, defense upgrades, and cross-collaboration with teams on all fronts to successfully navigate these issues.

While the challenge is demanding, addressing these emerging threats also presents a unique opportunity for CISOs to step into a critical leadership role that puts cybersecurity at the forefront of organizational decision-making. Investing now in capabilities and partnerships will help reduce your organization's cyber risk and ensure every potential attack vector is secure into 2024 and beyond.

##

ABOUT THE AUTHOR

Gaurav Banga 

Gaurav Banga is the Founder and CEO of Balbix (https://www.balbix.com/), and serves on the boards of several companies. Before Balbix, Gaurav was the Co-founder & CEO of Bromium and led the company from inception for over 5 years. Earlier in his career, he served in various executive roles at Phoenix Technologies and Intellisync Corporation, and was Co-founder and CEO of PDAapps, acquired by Intellisync in 2005. Dr. Banga started his industry career at NetApp. Gaurav has a PhD in CS from Rice University, and a B.Tech. in CS from IIT Delhi. He is a prolific inventor with over 50 patents.

Published Wednesday, November 29, 2023 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2023>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789