Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Security Success in 2024 Will All Come Back to Data

By Amer Deeba, CEO and Co-Founder of Normalyze

The surge of AI adoption among enterprises has created an influx of data, and alongside the need to address new SEC disclosure requirements, IT leaders face the significant task of protecting what matters most - data. With a 17% increase in cybersecurity breaches over the past year, the need for business protection is more apparent than ever before. But as the spotlight is shone on these data breaches, it begs the questions: Do you know where your most important data is, what is considered "material" and what needs to be disclosed after a data breach? How quickly can you answer these questions to SEC regulators, your Board, and most importantly, to your customer?

As business leaders prepare for 2024, the conversation all comes back to data - where it lives, where it is going, and how to keep it protected.

Data Will Be Critical to Address SEC Regulations

As we know, the new SEC transparency requirements now require public companies to disclose cybersecurity posture annually and cyber incidents within four days after determining an incident was material. This significant policy shift will force businesses to think about security with data at the forefront. In response, enterprises will dedicate both effort and budget to support the SEC's data-first strategy - implementing best practices that assure shareholders that their company's most valuable asset is protected. In 2024, companies will need to discover where their data resides and who can access it, while proactively remediating risks that have the highest monetary impact in the event of a breach. When faced with this dilemma, companies will lean on automation, specifically end-to-end, automated solutions that center on a holistic data security approach.

The recent ALPHV/Black Cat and MeridianLink breach underscores the importance of full organizational visibility into an entire data attack surface, no matter where it resides in the cloud, in SaaS applications, or on premises. In order to answer critical questions with confidence in the event of a breach and lower the probability of a breach, companies need to implement data visibility into cybersecurity program fabric and enact proactive, protective defenses. The risk of exposure/tagging is not novel, but with these new disclosure requirements, securing the target of such attacks - the data - has gone from a good best practice to an absolute necessity. Being proactive means that if a breach does occur, you can respond quickly, answer critical questions, be in compliance with the SEC requirements, and most importantly - respond.

In 2024 we'll see organizations separated by their approach to data security. With these regulations, there is no alternative. Organizations must effectively remediate risks to lucrative sensitive data before breaches occur. Only this will allow organizations to respond decisively and confidently if an incident occurs. By establishing data-first security practices, the company improves its reputation with customers and establishes shareholder trust, especially important given the SEC's prioritization of financial health and mitigation of negative stock market impacts.

To Address the Influx of Data, Security Teams Must Approach Security Like a Team Sport

At the height of AI technology adoption, companies will need to refocus in 2024 on protecting their data as it gets used by machine learning modes and new AI technologies. The challenges that this will bring require the profound depth and efficiencies of AI and automated processes to ensure the protection of sensitive data that resides in cloud and hybrid environments. As demands around data change, organizations will need to invest in their security and cloud ops teams, approaching data security like a team sport, building efficient, shared responsibility models to better protect data. Teams can then regain visibility of all data stores within an enterprise's cloud or on-premises environment and trace possible attack paths, overprovisioned access, and risks that can lead to data exposure. Only by identifying the approach to data, ensuring permissions and privileges, and efficiently implementing AI will companies enable their teams to be successful in 2024.

Collaboration for Disclosure at the Board Level

As companies and cybersecurity teams prepare their teams for the new SEC disclosure requirements, internal teams will have to determine what is considered material and what needs to be disclosed in an 8K filing. Collaboration between cybersecurity, legal, and finance teams will be paramount to ensure the "material" details of a cyber incident are disclosed and the questions surrounding disclosures are answered with confidence, especially when it comes to sensitive data.

Data Protection Continues to Take Center Stage

Putting data protection at the forefront of your business's security strategy builds trust between you and your customers, and taking a proactive approach prioritizing security posture means you'll be able to protect sensitive data on an ongoing basis. Protecting customers will always be a priority across all industries, and as business leaders look to continue driving innovation into 2024, data protection will remain at the center.

##

ABOUT THE AUTHOR

Amer is a senior go-to-market executive with extensive experience in driving both product, marketing and sales go-to-market strategies for enterprise and cloud technologies. In his 17 years tenure at Qualys (NASDAQ: QLYS), Amer led all aspects of marketing, business development, strategic alliances and global enterprise accounts. He also played an instrumental role in taking the company public in 2012.