Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Bolstering security in 2024 means prioritizing people
By Amanda Fennell, CISO & CIO at Prove
Evolving cybersecurity incidents, attacks on major brands that
made headlines, and growing risks to businesses owned the security spotlight in
2023. Going into 2024, many organizations will shift their processes and
technologies to protect themselves, their data, and their customers. One key
area of focus should be people - ensuring that all employees are aligned on
security protocols and hygiene, giving a greater voice to IT teams, and
addressing the ongoing cyber talent gap.
Aligning on enterprise-wide vulnerabilities
Over the past few years, the shift to virtual work and life
created new opportunities to exploit digital identities and vulnerable
information. To ensure preparedness in the new year, companies should
re-examine their approach to security to ensure they're bolstering their
defenses proactively and providing a valuable experience for all stakeholders.
Your best hope for accomplishing your technology needs in the year
ahead is one entity: IT. IT is not only a place you go when having a technical
issue, employee onboarding, or troubleshooting something with an application
you use, but should also have a seat at your company's planning table to
deliver more value enterprise-wide by evolving IT from an order taker to a
trusted advisor and partner.
In the event of a breach, IT team leaders must educate their
colleagues on why strong security measures are so valuable for protection. This
starts with being knowledgeable about individual departments' main objectives,
the tools they use, primary processes, and the goals they've set out to
achieve. As the threat landscape evolves, no part of the organization should be
ignored. Understanding department functions can help IT teams identify their
vulnerabilities to promote better protection.
Creating a people-first approach
Shifting a company's security focus to a people-first approach
will be critical to providing positive experiences for customers and employees.
The user experience is often ignored; however, it should guide the holistic
technology process. Approaching technology from a user experience perspective
should be a focus for companies in 2024.
Now more than ever, customers also expect a secure and
user-friendly experience with the brands they use. For example, according to a recent survey, more than half (52
percent) of consumers often find creating an account tedious and use ‘guest
options' to save time. In this case, vulnerabilities are heightened for both
the brand and the customer. Streamlining these processes is critical to ensure
digital identity security, KYC, and better experiences.
2024: The year of rethinking cyber talent
The cybersecurity workforce shortage has reached record levels of approximately 4
million. While the workforce grew by almost 10 percent in the last year,
there's still work to be done. Fostering talent is the smartest line of defense
as it's the most critical avenue for security to proceed.
There simply aren't enough new people to fill all open positions,
let alone the more senior roles. Often, recruiting from the bottom is the best
solution, as entry-level talent can be the best recruiters for other young
professionals. It's incredibly valuable to foster young talent, which will only
provide more value to leadership and IT teams.
In IT specifically, innovation tends to be missed due to the way
IT leaders are currently looking at the talent shortage. Leaders and hiring
managers must look for curious people who have potential, expanding their talent
pool to candidates from a variety of backgrounds. Diversity of thought will not
only benefit those within IT, but also those who consume their products and
services.
It's far more economical to spend time and resources on training
employees than trying to hire from an ever-increasing pool of unicorn talent.
The result: you get people who can specialize in exactly what you need while
also leaving room to promote existing talent into new expansive roles.
People hiring in cyber must always embrace change. Taking a small
risk in training new talent will allow organizations to keep the talent pool
growing faster than formal education can manage. The reality is that IT job
candidates don't necessarily need a college degree or certifications to enter
the field. Leaders should instead look for transferable skills in new hires,
particularly curiosity and excellent communication skills.
Ensuring that your IT teams are fulfilled and the individuals on
their teams have career mobility is critical for addressing the talent gap and
evolving threats in the long term. Hiring departments should always be
recruiting and not make assumptions based on someone's prior titles, as it does
not define their potential and capabilities.
By focusing more on people, organizations will be more prepared to
address 2024's cybersecurity landscape head-on. Leaders should ensure that they
have the most robust protection in place for employees, prioritize the security
and experiences of customers, and do their part in finding solutions to the
evolving lack of talent in the space. Doing so will help companies get on a
better trajectory in 2024 and beyond.
##
ABOUT THE AUTHOR
Amanda Fennell is the CISO & CIO at Prove. She has
over two decades of security industry experience. She believes strongly that
everyone has a cyber warrior in them waiting to be unleashed. A resident of New
Orleans, she recently graduated from the Auguste Escoffier School of Arts and
is working towards her second master's degree in library science & archiving.
She also serves as an Adjunct Professor at Tulane University in cybersecurity.
Previous employers include Relativity, Symantec, Dell SecureWorks, Booz Allen
Hamilton, Zurich Insurance Group, and Guidance Software.