Virtualization Technology News and Information
Article
RSS
Raytheon 2024 Predictions: Leaders Share Insights on The Year Ahead for the Cybersecurity Industry

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Leaders Share Insights on The Year Ahead for the Cybersecurity Industry

By Jon Check, Executive Director of Cyber Protection Solutions, Raytheon, an RTX Business

Following a year of rapid progressions and technological advances unseen in previous years, there is a persistent calling for the cybersecurity industry and its professionals to uplevel in operational and cultural aspects across the board. As we head into 2024, organizations will need to be equipped with the knowledge and awareness essential to respond to this calling and properly keep up with the ever-evolving threat landscape.

At Raytheon, an RTX Business, we are doing our share to proactively prepare for the year ahead by being on high alert for the practices and organizational dynamics that are being adopted and implemented as the industry continues to change. Looking ahead, three team members from different departments and roles at Raytheon shared their thoughts on what we can expect to see across the industry in 2024, covering topics from security culture within organizations and quantum computing, to gen-AI and software supply chain attacks:

Nick Carroll, Cyber Incident Response Manager

Cybersecurity awareness will need to be implemented within organizational cultures

As we head into 2024, organizations will be challenged to strengthen their defenses faster than cyber

threats are evolving. This ‘come from behind' rush to keep pace with attackers often leads to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business. Without a solid security culture at the foundation, security tools, such as expensive firewalls or endpoint detection and response (EDR), will ultimately become ineffective. If organizations haven't already, they must begin to build cybersecurity awareness among employees and third-party partners, while also determining the best path for how to integrate security into the organization's culture and operations. Once these steps are taken, organizations will have a solid organizational footing that will position them for success in their cyber defense initiatives in the long run.

+++

Dr. Torsten Staab, Principal Technical Fellow

The progression of quantum computing and generative AI will increase

With the rapid progression of quantum computing and associated cybersecurity risks, we can expect to see a heightened focus on quantum-resistant cryptography, also referred to as post-quantum cryptography (PQC). PQC algorithms are designed to ensure that cryptographic systems can withstand quantum attacks. With the National Institute of Standards and Technology's (NIST) much-anticipated standardization of its first round of PQC algorithms in early 2024, we can also expect to see more organizations starting to develop their quantum security strategies. As a result, associated concepts such as crypto agility will also gain more attention over the next few years. Crypto agility refers to an information security system's ability to quickly adopt an alternative to its original encryption method or protocol without requiring a significant change to the system, its infrastructure, or connected systems, services, or applications. The next generation of IT/OT solutions must be crypto-agile to enable a successful transition from today's classical encryption to tomorrow's post-quantum cryptography. Being crypto-agile is also important because nobody can provide a 100% guarantee that their encryption algorithm, including NIST's new PQC algorithms, is unbreakable.

In 2024, we can also expect to hear and see much more about the Generative AI-fueled (GenAI) cybersecurity arms race. For example, players on both sides (i.e., defensive and offensive cyber) are rapidly adopting and integrating fine-tuned Large Language Model-enabled (LLM) tools in an effort to better attack and defend systems. GenAI-powered capabilities such as automated code generation, reverse engineering, and document exploitation will reach previously unthinkable levels of sophistication and speed. Organizations unwilling to invest in and adopt these next-generation GenAI tools will fall behind and potentially be at a much higher risk of getting compromised. Emerging GenAI-related security risks such as data leakage, model poisoning, or system hallucinations will also get more attention in 2024 as organizations try to weigh the pros and cons and figure out which GenAI security guardrails and usage policies to put in place.

+++

Amy Foy, Executive Director, Contracts & Supply Chain

There will be a push for intercommunication across organizations and vendors

As software supply chain attacks increase, there will be a push for more intercommunication among stakeholders across the public and private sectors when drafting policies and requirements to bolster cybersecurity measures. The best practice to ensure intercommunication among stakeholders is having an integrated Contracts and Supply Chain organization. This is where one single organization has responsibility for both the contract and supplier piece, which is critical in ensuring a clear understanding of requirements and keeping open lines of communication across all stakeholders. It is also essential to have the connection from the customer to the prime to the supply base. Key to this connection is not only the flowdown of requirements but also the flow up of communication. This includes understanding and complying with the requirements and reporting as necessary when there is a potential issue. With supply chain and contract management constantly evolving, it's imperative that each organization and vendor understand these requirements and risks, as well as their roles in complying with them, as threats continue to arise.

+++

While 2024 is right around the corner, organizations have not missed their window to prepare for what is ahead for cybersecurity. As the nature of the industry and its external influences are constantly evolving, there will be endless opportunities for organizations and professionals to adapt, pivot, and adjust to the changing demands and challenges we will continue to face as a collective community. The question of if organizations will be successful in their security efforts in 2024 is not reliant on what they have done up until this point, but instead, how they proactively monitor and react to technological developments and innovations that will only continue to flourish.

##

ABOUT THE AUTHOR

Jon Check 

Jon Check is executive director of cyber protection solutions at Raytheon, an RTX Business. He leads the team that globally delivers proactive cybersecurity and next-generation technology to protect customers from persistent cybersecurity threats. Jon is also a board member and former chairman of the National Cybersecurity Alliance, a board member of the U.S. Cyber Games, and an AFCEA DC board member. He holds a Bachelor of Arts in environmental science from the University of Virginia.

Published Friday, December 29, 2023 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2023>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456