Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Three Cybersecurity Predictions for the Year Ahead
By Kayla Williams, CISO, Devo
What cybersecurity challenges lie ahead of us?
Even though cybercriminals aim to maintain the element of surprise, certain
trends and current conditions can help us see into the future. And if 2023
taught us anything, it's that we should all expect increasingly more
sophisticated cyberattacks, regulatory crackdowns, and more ambiguity around
the CISO role and our scope of responsibilities.
That said, here are my three predictions for
2024.
Prediction 1: Bilateral access to sophisticated technologies means
greater vigilance will be necessary
This one can't be repeated enough. Bad actors
will continue to use AI/ML and other advanced technologies to create
sophisticated attack tactics and techniques. They'll use these tools to pull
off more and faster attacks, putting increased pressure on security teams and
defense systems. The pace of progress is equally fast on both sides -defenders
and attackers-and that balance will be tested in the coming year. To come out
on top, security teams will have to fight AI-powered attacks by masterfully
implementing AI into their security operations. This technology will accelerate
mundane tasks and increase accuracy, freeing up time for the security team to
pay more attention to higher-level security tasks.
In addition to thwarting external AI-powered
threats, security leaders must also worry about internal threats, especially as
AI adoption increases to help achieve corporate goals. Most employees
fundamentally don't understand the technology and put too much or inappropriate
data (e.g., personally identifiable information) into it, raising data leakage
concerns. Furthermore, some employees use AI applications without obtaining the
proper approval, resulting in a lack of security and privacy controls. When this
happens, incidents may be challenging to detect, leading to increased risk to
customers, corporate data, and company brands. CISOs must put together AI
action plans to ensure employees know what is and isn't acceptable use of AI.
Prediction 2: Organizations will need to prioritize getting back to
security basics
While AI-powered cyberattacks are of grave
concern, they can also introduce a less obvious danger: Distraction. The threat
landscape continues to shift under CISOs' feet, causing many to lose sight of
their security foundations. 2024 is the year to get back on track. A rock-solid
inventory of all assets and devices is the core of any good security program.
Without this, you'll forever be catching up and playing whack-a-mole.
CISOs should also ask themselves, "Are we
doing everything we can to manage vulnerabilities in both our devices and our
applications? Do we have the right controls in place to properly regulate
access management? Have we tested our data recovery and backup plans? Do we
even have full visibility into our environment?" If the answer to any of these
questions is, "Our policies and procedures fall short," it's important to fix
it before tackling any additional projects. It's easy to get caught up in the
hype of a new, shiny solution. But the truth is that getting compromised is
almost inevitable without the basics in place.
Prediction 3: As CISOs' jobs get tougher, they will need a new
perspective and approach
Given the challenges we've outlined so far,
it's no surprise that the role of CISO is getting harder. In addition to an
onslaught of escalating security threats and conflicting priorities, the legal
and regulatory stakes are also higher. The new SEC cybersecurity disclosure
requirements have many CISOs concerned they'll be liable if an attack occurs.
As we've seen this year with the conviction of Uber's former CISO and the
charges against the SolarWinds CISO, these fears have merit-and they must
prepare themselves for this. CISOs can't just be technical experts anymore.
Their skillset must be more well-rounded in enterprise risk management,
requiring a deeper understanding of the laws and regulations in the
jurisdictions and industries where their companies operate. They must also tie
compliance tightly to corporate objectives. It will also require CISOs to (more
often) form alliances with other executives who will have to play a bigger role
in cybersecurity as it increasingly becomes a board-level issue.
Preparing for what's next
Cybersecurity has never been easy, and it
grows more complex and difficult as the attack surface grows and as attackers
conceive innovative new ways to breach corporate networks. CISOs and the rest
of the security team have their work cut out for them, but the right tools and
mindset will stand them in good stead in the year to come.
##
ABOUT THE AUTHOR
Kayla Williams is the CISO at Devo, a
cloud-native logging and security analytics platform with a $2B valuation.
She is an analytical and results-driven
professional with experience in management of cybersecurity incidents,
compliance management, corporate risks, information security, project and
program management, and organizational controls surrounding many different
aspects of business. Kayla also is accomplished in the development of key
methods for organizations to strengthen productivity, enhance operational
performance, and improve financial and operational controls. Prior to this
role, Kayla was the director of GRC at LogMeIn, a $1b global SaaS company, and
the senior risk manager for Computershare US, a global financial services
company, where she was responsible for supporting the development,
implementation, and monitoring of operational, financial, compliance, and IT
risk. Additionally, she worked directly with executive management to identify,
assess, and establish mitigation strategies for any risk that arose from
inadequate or failed processes, people, systems, or external events, while
maintaining a balance between risk mitigation and operational efficiency. This
enabled executive management to make informed decisions about the risk posture
of the organization and dedicate resources to key areas to minimize critical
and high risk to business operations.
Kayla currently resides in Boston,
Massachusetts and Alfreton, Derbyshire, UK.