Trends driving cyber security in 2024 – ComputerWeekly.com

akarb – Fotolia
Asking the question about how much IT security is enough is about as useful as enquiring about the length of a piece of string. The answer is, “it depends”. What is certain, however, is that the threat landscape is changing. Artificial intelligence (AI) offers risks and opportunities, and the wars in the Middle East and Ukraine have increased the likelihood that critical national infrastructure and major enterprises in the West will be targeted.
Steven Sim Kok Leong, chair of the executive committee at the Operational Technology Cybersecurity Information Sharing and Analysis Center, expects to see the extent of ransomware attacks, data breaches and fraud continue to rise. He points to the World Economic Forum’s Global risks report 2024, which predicts that cyber insecurity, as well as misinformation and disinformation, will be the top and fourth risks, respectively, for the next two years.
Looking at the evolving threat landscape of 2024, Sim Kok Leong says: “The attack surface gets ever more complex with the increased adoption of cloud, AI – thanks to generative AI [GenAI], the IoT [internet of things] and connectivity. Hackers are already attacking concentrations of common software and services to leverage their returns on investment.”
In January, the Department for Science, Innovation and Technology (DSIT) published a draft code of conduct to help enterprises manage cyber security. Designed in partnership with industry directors, cyber and governance experts, and the National Cyber Security Centre (NCSC), the code includes measures that ensure companies have detailed plans in place to respond to and recover from any potential cyber incidents. The response plan should be tested regularly to ensure it’s as robust as possible, with a formal system for reporting incidents also in place.
The measures include ensuring software is developed and maintained securely, with risks better managed and communicated throughout supply chains. The government is working with industry to develop these proposals further, from developing a code of practice for software suppliers, which will form the crux of this proposed package, to cyber security training for professionals.
Steven Sim Kok Leong, chair of the executive committee at the Operational Technology Cybersecurity Information Sharing and Analysis Center, believes that in 2024, chief information security officers (CISOs) will focus on how they can better secure the enterprise.
“CISOs will extend oversight not only into vendor environments, but also development/test environments, as hackers leverage weaker entry points of the enterprise. Strengthening resilience will increasingly be a core part of the entire enterprise security strategy,” he says.
Some of the areas Sim Kok Leong believes CISOs will look at in 2024 are:  
Source: Steven Sim Kok Leong, Operational Technology Cybersecurity Information Sharing and Analysis Center

While multinational corporations have the resources to at least make an effort to level the playing field with hackers, Sim Kok Leong warns that small and medium-sized enterprises (SMEs), and individuals, are struggling where resources and expertise are scarce, and with budget and manpower cuts made at every economic downturn. 
Looking at skills, Harshini Carey, senior manager at Turnkey Consulting, notes that the continued shortage of skilled personnel and experts to safeguard companies from cyber threats remains a prevalent global concern. For instance, 50% of businesses have a basic cyber security skills gap in the UK, while 33% have an advanced skills gap.
There are a number of reasons for the ongoing lack of defenders. Carey points out that the highly stressful nature of cyber security roles has caused many professionals to leave the sector. Last year, Gartner reported that stress was behind nearly half of cyber security leaders planning to change jobs by 2025, with half of that number saying they would exit the security industry permanently.
“As well as heightening the skills shortage, stress makes cyber security professionals less effective at their role,” she adds. A 2023 report looking at the implications of stress found that 65% of CISOs in the US and UK felt stress compromised their ability to protect their organisation.
Sim Kok Leong expects that 2024 will see a greater focus on CISO liability, insurance and unionisation. “The cases of Uber and SolarWinds have triggered the question of CISO liability,” he says.
When there is a major cyber security issue, Sim Kok Leong says the CISO’s due diligence is brought into question. As a consequence, he expects CISOs will demand better remuneration and/or job security insurance.
“CISOs caught in structural conflict and security theatrics will have second thoughts about downplaying bad reporting,” he adds. “CISOs will also increasingly seek out peers to rely on their CISO networks as sources of strength, support, insights and intelligence.”
Sim Kok Leong recommends that company board members and CISOs ensure they clarify accountability and responsibility. “Increasingly, a focus on board accountability and cyber security has been highlighted and elaborated through revised SEC [Securities and Exchange Commission] rules. The boards, in turn, will demand independent assurance and visibility of risk/security metrics as scrutiny on resilience and third-party risks rises with more publicised breaches,” he says.
In his experience, the CISO is increasingly being given cyber security accountability, beyond just responsibility. This means CISOs will need greater empowerment to make cyber decisions.
Beyond the risks IT security chiefs have experienced previously, there are also the growing threats and opportunities posed by artificial intelligence.
Turnkey’s Carey notes that AI is rapidly becoming more sophisticated, so traditional cyber security techniques such as antivirus software, firewalls and anti-malware engines are no longer sufficient to protect against threats produced by machine learning-powered attacks.  
The spectrum of AI-enabled threats includes deep fake social engineering attempts orchestrated using malware injections that can be quickly adopted into the IT landscape.
Carey warns that these attacks take many forms. For instance, perpetrators posing as trusted individuals might trick someone into clicking on an email link that reveals sensitive information, installs malware on their network or executes the first stage of an advanced persistent threat (APT). Text messages and voice calls can also be used to generate the attack, as can search engine optimisation (SEO) manipulation that directs people to the hacker’s website and steals sensitive data when they interact with it. 
The result will be an escalation of social engineering assaults, manipulating users into granting unauthorised access to organisational systems. She says such attacks are also extremely difficult to detect due to their intelligence and sophistication.
AI is both a threat and an opportunity. Cyber criminals are likely to piggyback on geopolitical tension to target major organisations and critical national infrastructure. Analyst firm Forrester has predicted that as a result of the increased focus on GenAI, in 2024 it’s likely that there will be at least three data breaches publicly blamed on AI-generated code.
But IT security providers are ramping up their defences with AI-infused tools. The integration of AI into cyber security tools is growing rapidly. The market for AI in cyber security is projected to grow to $38.2bn by 2026.
Federico Charosky, CEO and founder of Quorum Cyber, believes those tasked with defending these organisations will have an unparalleled opportunity to harness AI for good, faster than attackers harness it for evil.
“Fairly massive compute power is needed to run AI, and that is well controlled by supply chain issues and hyperscalers that should be able to qualify their customers,” he says.
Well-designed business processes help organizations achieve their goals faster, but they require planning and effort. Follow …
The processes that form the backbone of modern business operations require continuous improvement to stay effective and efficient…
California has proposed AI regulation as the U.S. works to develop AI standards by bringing together companies such as Apple, …
Google said Tuesday that state-backed Iranian actors targeted the U.S. and Israel consistently in the years prior to the start of…
Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to …
Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to …
Cisco has launched a SaaS product for applying policy controls to AI model-bound data and an Nvidia partnership to bolster Cisco …
Network engineers increasingly need to align their duties with security, such as implementing continuous monitoring, deploying …
ZTNA has grown in popularity as a method to enable remote access and mitigate security risks, but businesses can also use ZTNA to…
Databases use data serialization languages, like XML and YAML, to transfer data between applications. XML and YAML have different…
The rise in digital information is causing a shortage in data center storage space. Containerized data centers can be for …
Astera Labs is using the CXL interface in its now longer Smart Cable Module to spread out energy consumption while enabling GPU …
AI’s effectiveness is limited by data quality. Building strong data management and governance programs are crucial to handling …
Pipelines and platforms capable of managing volume and combining information from disparate sources in real time are key to the …
The data observability specialist’s new generative AI-powered capabilities are designed to help experts be more efficient as well…
All Rights Reserved, Copyright 2000 – 2024, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *