It isn’t easy to peek into the future, especially of late. In fact, it’s challenging enough to keep up with what’s happening right now, what with AI chatbots becoming our job interviewers, lab-grown meat promising cruelty-free steak, the renaming of Twitter — and who knows what else. Nonetheless, we asked a few security and technology experts to give us their best guesses as to which way the winds are starting to blow in 2024.
Some posit that the same challenges we’re experiencing now, from ransomware to talent shortages, will persist. Others anticipate that you just can’t foresee what’s to come, and so being able to respond and remediate quickly when some new threat surfaces is crucial.
Life in 2024 will be an interesting puzzle: understanding and overcoming the challenges we already face, while also reacting quickly to the curveballs that will inevitably hurtle our way. Some experts share some predictions and a few tips on how to best prepare for what’s next.
Resilience? It ain’t optional.
You're going to need to be able to cope with new threats that you have no knowledge of right now. And you're not going to be able to predict with complete accuracy how the environment is going to be changing. Even if you have a well-developed risk picture to inform decisions, one way of thinking about that is that it is still just a highly educated guess.
So you need to be very flexible and highly capable. Nirvana, from a defensive perspective, is to be able to say, “We've just protected ourselves against [this new thing]. We didn’t know anything about it in advance, but we worked that out after we'd stopped it from happening.” That's where you really want to go. — Joe Fogarty, Head of the Cyber Resilience Centre, UK
Resilience really is front and center. Your services should be resilient not just in the face of cyberattacks, but it should also be resilient to an earthquake or a big surge in customers. If you make a service really resilient, it should be more resilient to cyberattack. — Dave Marshall, Head of Cyber Security Operations, Home Office, UK
AI WON’T become table stakes in business — yet
Some organizations will implement and use LLMs for non-critical or supplementary services, but this year won’t be make-or-break for companies to use new AI services for business-critical processes. Instead, this year will see organisations understand the value of ML and AI to make better decisions on where to use it. This will mean an increase in statistical analysis and some less heavy-weight ML capabilities for domain-specific outcomes that aid existing processes. — Shaun Cooney, Field CTO & Strategic Advisor - Technology & Innovation, Splunk
However, the use of AI and machine learning for both cyberattacks and cybersecurity is on the rise. This cat-and-mouse game between attackers and defenders is expected to intensify. — Matt Swann, Strategic Advisor, Splunk & former CTO, Nubank, Booking.com
Or, AI will find its footing in observability applications and will soon become a requirement
As AI makes meaningful impacts in the enterprise, AI will underpin mission-critical, customer-facing workloads, and as they scale, enterprises will care more and more about making sure they are securely up and running. Observability in AI will help organizations identify, detect and respond to disruptions more quickly in AI powered digital services. — Cory Minton, Field CTO, Splunk & CEO, BigDataBeard.com
IoT, supply chain, endpoint — security challenges will increase
As the Internet of Things (IoT) continues to grow, concerns about the security of IoT devices and the potential for large-scale attacks leveraging these devices will remain a significant issue.
Meanwhile, high-profile supply chain attacks like the SolarWinds incident highlighted the vulnerability of software supply chains. These attacks are expected to prompt increased scrutiny and efforts to secure the software supply chain.
And with the shift to remote work accelerated by the COVID-19 pandemic, securing remote endpoints and ensuring the integrity of remote access solutions are top priorities. — Matt Swann
Cyber risk will take center stage at board meetings
Cyber will continue to be top of mind for the board of directors. As measuring and quantifying the risk of cyber attacks becomes even more sophisticated and complex, we can expect to see more board-level cybersecurity committees formed for increased oversight, visibility and quantification across organizations. These newly formed committees will also be tasked with aligning to future data privacy and security regulations, legislation and mandates as they continue to evolve. — LaLisha Hurt, Industry Advisor (Public Sector, Federal Government), Splunk & former CISO
Data privacy will take center stage
We’re going to see a significant investment in privacy-related technologies. The European Union has GDPR, but within the U.S., each state has independent privacy regulations — and some don't have cybersecurity regulations at all. So we’ll seeprivacy take a front seat, and security's gonna be a byproduct of increased privacy regulation. — Leonard Wall, Deputy CISO, Clayton
Governments worldwide are expected to introduce or update regulations related to data privacy and cybersecurity, impacting how organizations handle and protect data. — Matt Swann
Regulations and future legislation will become drivers for significant change. Regulations will see national organizations consider data sovereignty seriously, multi-national organizations will launch significant change programmes to consider the impact of legislation on their data strategies, IT and security operations. — Shaun Cooney
Ransomware will be more disruptive (and information sharing needs to be more active)
Ransomware will evolve to become killware and disrupt more lives. And in terms of its impact, it’ll be less about the money and affect more aspects of our lives. There’s more that needs to be done to enhance information sharing in general, beyond ransomware alone, and ensure that there’s more than just talk. A lot of information sharing for ransomware happens when you sit in a conference room and talk about the topic, but your department and organization will benefit so much more if the learning and testing happen in something much closer to a real-life situation. Let’s say you show up unannounced and say something like, “Hey, your system’s gone down. What do you do?” This real-time, functional type of testing mirrors actual scenarios and makes your teams that much more prepared. — Shefali Mookencherry, Chief Information Security and Privacy Officer for the University of Illinois, Chicago
Ransomware is a growing threat, with more sophisticated attacks targeting organizations of all sizes. It’ll continue evolving and becoming even more lucrative for cybercriminals. — Matt Swann
Adoption of “zero trust” will accelerate
Organizations are increasingly adopting a “zero trust” approach to security, where trust is never assumed, and strict access controls are enforced, even within a network. — Matt Swann
Organizations will accelerate adoption with a specific focus on strategy, approach and, in simplest terms,; least privilege access across all data layers. — LaLisha Hurt
Keep a top tech shop to keep top talent
“It’s going to be very competitive to retain talent in this professional landscape. Organizations need strong technology shops to attract strong talent, offer unique opportunities, and keep their people. It’s going to require more than just salary to recruit and, more importantly, retain talented professionals.”
— Zack Schwartz, Chief Information and Technology Officer, Events DC
Building a diverse and ‘smart’ cyber workforce will move from mantra to action and become a big part of the overall cyber strategy going forward. The Great Resignation across cybersecurity will continue; however, organizations will rethink and implement creative recruiting, hiring, retention and training practices that will extend beyond traditional approaches in order to create a more diverse and inclusive workforce that aligns with future business and mission needs.
— LaLisha Hurt
Hybrid computing will not just mean hybrid cloud, but hybrid architectures
It won’t only be about what cloud, but about what computational architecture you’ve optimized your software to execute on. As quantum computing comes more meaningfully online and GPUs get taxed for all the AI workloads, look for a new set of abstraction layers and hybrid development patterns to emerge.
— Cory Minton
Debt will force organizations to reconsider their digital strategies
Start with the amount of tech debt in organizations across all sectors and industries, driven by the need to innovate and deliver fast. The tradeoff, speed over quality, has resulted in fragile and vulnerable software and systems. A growing debt, combined with increasing interest rates, have surpassed many organizations’ repayment ability, with much more to follow. The debt collector is not only knocking — they’re already inside.
— Jaana Nyfjord, Field CTO & Strategic Advisor, Technology & Innovation (EMEA)
The move to the cloud will be challenged
Organizations will make hosting decisions that are more strategic and considered. Rather than assuming that all workloads will move to the cloud, organizations will likely start making decisions based on cost, speed, environmental, energy access and data movement concerns. This will be further accelerated by access to custom and purpose-built chip availability this year. Cloud workloads will continue to grow, but slower.
— Shaun Cooney
But will things actually change?
I don't think things will be that different next year. I don't think there's going to be a massive change in the way cyberattacks are carried out because those conducting the cyberattacks, whether that's criminals or nation states, have a business model that’s working pretty well. So why would they change what they’re doing? There’s a lot of pressure on organizations to strengthen their cyber defense, but that’s been the case for the entire time I've been in the civil service. So I think it will remain boringly quite similar.
— Dave Marshall
My prediction is that you're going to continue to see the same thing. The threats and the problems that we had 20 years ago are the same as they are today. They might be in a different order, we might call them something slightly different, but they're all the same. And they're the same because they're all based on people. People and culture don't change that much over a 20-year period. The challenges that people are raising with AI or the skill shortage are cyclical problems. We've had them all before.
— Randy Herold, Chief Information Security Officer & Chief Privacy Officer, ManpowerGroup
Come back in December to read more expert predictions for 2024 and beyond.
