Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Leaders Share Insights on The Year Ahead for the Cybersecurity Industry
By Jon
Check, Executive Director of Cyber Protection Solutions, Raytheon, an RTX Business
Following a year of rapid
progressions and technological advances unseen in previous years, there is a
persistent calling for the cybersecurity industry and its professionals to
uplevel in operational and cultural aspects across the board. As we head into
2024, organizations will need to be equipped with the knowledge and awareness
essential to respond to this calling and properly keep up with the
ever-evolving threat landscape.
At Raytheon, an RTX Business,
we are doing our share to proactively prepare for the year ahead by being on
high alert for the practices and organizational dynamics that are being adopted
and implemented as the industry continues to change. Looking ahead, three team
members from different departments and roles at Raytheon shared their thoughts
on what we can expect to see across the industry in 2024, covering topics from
security culture within organizations and quantum computing, to gen-AI and
software supply chain attacks:
Nick Carroll, Cyber Incident Response Manager
Cybersecurity awareness will need to be implemented within
organizational cultures
As we head into 2024, organizations will be challenged to strengthen
their defenses faster than cyber
threats are evolving. This ‘come from behind' rush to keep pace with
attackers often leads to the harmful practice of organizations skipping the
foundational basics of cyber defense and failing to establish a general sense
of cyber awareness within the business. Without a solid security culture at the
foundation, security tools, such as expensive firewalls or endpoint detection
and response (EDR), will ultimately become ineffective. If organizations
haven't already, they must begin to build cybersecurity awareness among
employees and third-party partners, while also determining the best path for
how to integrate security into the organization's culture and operations. Once
these steps are taken, organizations will have a solid organizational footing
that will position them for success in their cyber defense initiatives in the
long run.
+++
Dr. Torsten Staab, Principal Technical Fellow
The progression of quantum computing and generative AI will increase
With the rapid progression of quantum computing and associated
cybersecurity risks, we can expect to see a heightened focus on
quantum-resistant cryptography, also referred to as post-quantum cryptography
(PQC). PQC algorithms are designed to ensure that cryptographic systems can
withstand quantum attacks. With the National Institute of Standards and
Technology's (NIST) much-anticipated standardization of its first round of PQC
algorithms in early 2024, we can also expect to see more organizations starting
to develop their quantum security strategies. As a result, associated concepts
such as crypto agility will also gain more attention over the next few years.
Crypto agility refers to an information security system's ability to quickly
adopt an alternative to its original encryption method or protocol without
requiring a significant change to the system, its infrastructure, or connected
systems, services, or applications. The next generation of IT/OT solutions must
be crypto-agile to enable a successful transition from today's classical
encryption to tomorrow's post-quantum cryptography. Being crypto-agile is also
important because nobody can provide a 100% guarantee that their encryption
algorithm, including NIST's new PQC algorithms, is unbreakable.
In 2024, we can also expect to hear and see much more about the
Generative AI-fueled (GenAI) cybersecurity arms race. For example, players on
both sides (i.e., defensive and offensive cyber) are rapidly adopting and
integrating fine-tuned Large Language Model-enabled (LLM) tools in an effort to
better attack and defend systems. GenAI-powered capabilities such as automated
code generation, reverse engineering, and document exploitation will reach
previously unthinkable levels of sophistication and speed. Organizations
unwilling to invest in and adopt these next-generation GenAI tools will fall
behind and potentially be at a much higher risk of getting compromised.
Emerging GenAI-related security risks such as data leakage, model poisoning, or
system hallucinations will also get more attention in 2024 as organizations try
to weigh the pros and cons and figure out which GenAI security guardrails and
usage policies to put in place.
+++
Amy Foy,
Executive Director, Contracts & Supply Chain
There
will be a push for intercommunication across organizations and vendors
As software supply chain attacks increase,
there will be a push for more intercommunication among stakeholders across the
public and private sectors when drafting policies and requirements to bolster
cybersecurity measures. The best practice to ensure intercommunication among
stakeholders is having an integrated Contracts and Supply Chain organization.
This is where one single organization has responsibility for both the contract
and supplier piece, which is critical in ensuring a clear understanding of requirements
and keeping open lines of communication across all stakeholders. It is also
essential to have the connection from the customer to the prime to the supply
base. Key to this connection is not only the flowdown of requirements but also
the flow up of communication. This includes understanding and complying with
the requirements and reporting as necessary when there is a potential issue.
With supply chain and contract management constantly evolving, it's imperative
that each organization and vendor understand these requirements and risks, as
well as their roles in complying with them, as threats continue to arise.
+++
While 2024 is right
around the corner, organizations have not missed their window to prepare for
what is ahead for cybersecurity. As the nature of the industry and its external
influences are constantly evolving, there will be endless opportunities for organizations
and professionals to adapt, pivot, and adjust to the changing demands and
challenges we will continue to face as a collective community. The question of
if organizations will be successful in their security efforts in 2024 is not
reliant on what they have done up until this point, but instead, how they
proactively monitor and react to technological developments and innovations
that will only continue to flourish.
##
ABOUT
THE AUTHOR
Jon Check is executive director of cyber protection solutions at
Raytheon, an RTX Business. He leads the team that globally delivers proactive
cybersecurity and next-generation technology to protect customers from
persistent cybersecurity threats. Jon is also a board member and former
chairman of the National Cybersecurity Alliance, a board member of the U.S.
Cyber Games, and an AFCEA DC board member. He holds a Bachelor of Arts in
environmental science from the University of Virginia.