Virtualization Technology News and Information
Article
RSS
Devo 2024 Predictions: Three Cybersecurity Predictions for the Year Ahead

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Three Cybersecurity Predictions for the Year Ahead

By Kayla Williams, CISO, Devo

What cybersecurity challenges lie ahead of us? Even though cybercriminals aim to maintain the element of surprise, certain trends and current conditions can help us see into the future. And if 2023 taught us anything, it's that we should all expect increasingly more sophisticated cyberattacks, regulatory crackdowns, and more ambiguity around the CISO role and our scope of responsibilities. 

That said, here are my three predictions for 2024.

Prediction 1: Bilateral access to sophisticated technologies means greater vigilance will be necessary

This one can't be repeated enough. Bad actors will continue to use AI/ML and other advanced technologies to create sophisticated attack tactics and techniques. They'll use these tools to pull off more and faster attacks, putting increased pressure on security teams and defense systems. The pace of progress is equally fast on both sides -defenders and attackers-and that balance will be tested in the coming year. To come out on top, security teams will have to fight AI-powered attacks by masterfully implementing AI into their security operations. This technology will accelerate mundane tasks and increase accuracy, freeing up time for the security team to pay more attention to higher-level security tasks.

In addition to thwarting external AI-powered threats, security leaders must also worry about internal threats, especially as AI adoption increases to help achieve corporate goals. Most employees fundamentally don't understand the technology and put too much or inappropriate data (e.g., personally identifiable information) into it, raising data leakage concerns. Furthermore, some employees use AI applications without obtaining the proper approval, resulting in a lack of security and privacy controls. When this happens, incidents may be challenging to detect, leading to increased risk to customers, corporate data, and company brands. CISOs must put together AI action plans to ensure employees know what is and isn't acceptable use of AI.

Prediction 2: Organizations will need to prioritize getting back to security basics

While AI-powered cyberattacks are of grave concern, they can also introduce a less obvious danger: Distraction. The threat landscape continues to shift under CISOs' feet, causing many to lose sight of their security foundations. 2024 is the year to get back on track. A rock-solid inventory of all assets and devices is the core of any good security program. Without this, you'll forever be catching up and playing whack-a-mole.

CISOs should also ask themselves, "Are we doing everything we can to manage vulnerabilities in both our devices and our applications? Do we have the right controls in place to properly regulate access management? Have we tested our data recovery and backup plans? Do we even have full visibility into our environment?" If the answer to any of these questions is, "Our policies and procedures fall short," it's important to fix it before tackling any additional projects. It's easy to get caught up in the hype of a new, shiny solution. But the truth is that getting compromised is almost inevitable without the basics in place.

Prediction 3: As CISOs' jobs get tougher, they will need a new perspective and approach

Given the challenges we've outlined so far, it's no surprise that the role of CISO is getting harder. In addition to an onslaught of escalating security threats and conflicting priorities, the legal and regulatory stakes are also higher. The new SEC cybersecurity disclosure requirements have many CISOs concerned they'll be liable if an attack occurs. As we've seen this year with the conviction of Uber's former CISO and the charges against the SolarWinds CISO, these fears have merit-and they must prepare themselves for this. CISOs can't just be technical experts anymore. Their skillset must be more well-rounded in enterprise risk management, requiring a deeper understanding of the laws and regulations in the jurisdictions and industries where their companies operate. They must also tie compliance tightly to corporate objectives. It will also require CISOs to (more often) form alliances with other executives who will have to play a bigger role in cybersecurity as it increasingly becomes a board-level issue.

Preparing for what's next

Cybersecurity has never been easy, and it grows more complex and difficult as the attack surface grows and as attackers conceive innovative new ways to breach corporate networks. CISOs and the rest of the security team have their work cut out for them, but the right tools and mindset will stand them in good stead in the year to come.

##

ABOUT THE AUTHOR

Kayla Williams 

Kayla Williams is the CISO at Devo, a cloud-native logging and security analytics platform with a $2B valuation. 

She is an analytical and results-driven professional with experience in management of cybersecurity incidents, compliance management, corporate risks, information security, project and program management, and organizational controls surrounding many different aspects of business. Kayla also is accomplished in the development of key methods for organizations to strengthen productivity, enhance operational performance, and improve financial and operational controls. Prior to this role, Kayla was the director of GRC at LogMeIn, a $1b global SaaS company, and the senior risk manager for Computershare US, a global financial services company, where she was responsible for supporting the development, implementation, and monitoring of operational, financial, compliance, and IT risk. Additionally, she worked directly with executive management to identify, assess, and establish mitigation strategies for any risk that arose from inadequate or failed processes, people, systems, or external events, while maintaining a balance between risk mitigation and operational efficiency. This enabled executive management to make informed decisions about the risk posture of the organization and dedicate resources to key areas to minimize critical and high risk to business operations.  

Kayla currently resides in Boston, Massachusetts and Alfreton, Derbyshire, UK. 

Published Tuesday, January 02, 2024 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2024>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910