Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
2024 Cybersecurity Predictions: How will the market and CISO role evolve next year?
By Paul Paget, CEO of Black Kite
As the cybersecurity landscape continues to
evolve and attackers become more sophisticated, we can expect market changes in
the upcoming year. According to a report, the cost of cybercrime is predicted to
hit $8 trillion by the end of 2023 and will grow to $10.5 trillion by 2025,
proving the urgency for business leaders to prioritize effective security
strategies.
In 2024, it will no longer be acceptable to
use older tactics that are now outdated, or partial monitoring to combat risk,
instead organizations will look to more modern solutions to safeguard data and
protect stakeholders. The CISO role will also shift to a more strategic role in
the coming year as a result of increasing risk, the quickly changing threat
landscape and new legislation and regulations. Here are four trends we can
expect to see next year.
Third
parties will be considered part of an enterprise ecosystem for security teams
who historically focused on only enterprise-controlled IT resources
In recent years, third-party vulnerabilities
went unreported because it was not a requirement, so it was out of sight and
out of mind until a breach happened. And since typically, these outside vendors
were not being monitored closely for security, insurance companies could avoid
paying claims in the event of a ransomware attack.
It has now been proven that third-party
suppliers add significant security risk to organizations and their
stakeholders, and in the coming year, CIOs and CISOs will become more vigilant
in monitoring their vendors for security risks to their organizations. The
discipline of continuous monitoring will be extended to manufacturers,
suppliers, distributors and contractors beyond IT to supply chain and other
organizations that support the business. This will keep organizations abreast
of any weaknesses and high-profile vulnerabilities that could impact their
businesses and systems, which could indirectly impact their own customers and
stakeholders. And will ensure CISOs adhere to new regulations, like the new SEC
cybersecurity guidance, as needed.
Point-in-time
cybersecurity questionnaire-based assessments will become obsolete
As a result of innovation and more automated
assessment solutions, point-in-time security questionnaires as evidence of good
cyber hygiene, will become obsolete in the coming year. There was a time when periodic risk
assessments were the norm because it was the only solution available. However,
with innovation and more sophisticated technology in the industry, this tactic
is unacceptable for effective security monitoring. The pace of change within
modern digital environments requires continuous monitoring - any amount of time
between assessments leaves critical gaps, cost time and resources while
dramatically increasing risk. Moving forward, questionnaires and artifacts will
merely be used as proof points for attestation purposes, but no longer a key
part of a robust third party risk program.
More
CISOs will become strategic and risk-focused in 2024
Over the past few years, we have started to
see a trend towards CISOs being in a more strategic role within organizations,
but it has proven to be harder than expected. Traditionally, they have acted
more operationally, dealing with multiple incidents at a time, which has caused
them to be more reactive in their roles. While they are striving to be more
strategic, it sometimes isn't possible with all the fires they need to put out
during a typical day or week.
As the average cost of a data breach globally
reached an all-time high of $4.45 million in 2023,
security is more important than ever. CISOs taking on more strategic roles
better position companies to protect their businesses and combat growing cyber
threats that arise. In 2024, we will see that CISOs will prioritize balancing
strategy (including risk) and operations, in order to have a more effective
security approach. More CISOs will separate from the operational role to do so
(or leave their organizations to gain that responsibility). Whether it's the
ability to speak to the board, join a board, properly research and vet new
technologies, or spending more time planning, next year, they will devote more
effort to risk and strategy in order to further establish their role as
business leaders of organizations - and not just technical leads.
Risk will continue to evolve and grow,
however, in order for companies to be successful at managing it, their
priorities and tactics will need to evolve and become more modern. Security
will be a bigger priority for business in the coming year and safeguarding
organizations will require CISO leadership to play a more prominent role within
the c-suite in order to be most effective. These trends will strengthen
security strategies and put companies in the best position to combat risk in
the coming year and beyond.
##
ABOUT THE AUTHOR
Shortly after joining in 2019, Paul became
the CEO of Black Kite, driving the growth strategy of the company and brand
from its early stage into the number one recommended company in the security
ratings space. Prior to Black Kite, Paul was Chief Executive Officer of
PwnieExpress where he transformed the company into the world's first SaaS IoT
threat detection player. Other past positions include being the Chief Executive
Officer of Savant Protection (now part of Digital Guardian) and Core Security
Technologies. Paul has also served in executive leadership roles with Baltimore
Technologies, GTE (now Verizon) and CyberTrust. Paul holds a B.A. from Bowdoin
College.