CISOs and security leaders who persistently track the evolution of artificial intelligence may gain a competitive advantage. Generative AI will continue to increase in sophistication, and adversaries will use complex tactics to conduct AI-powered attacks on organizations. These attacks may include automated malware or deepfakes. In turn, cybersecurity professionals will leverage AI-driven measures to detect and respond to threats in proactive ways that result in stronger effectiveness.
Ryan Spelman, Managing Director of Cyber Risk at K logix comments, “Everyone in cyber understands the pressure to prepare for both sides of AI – how attackers plan to use it and how their teams should integrate it into their security programs. There are some impactful emerging capabilities of AI that could identify and thwart vulnerabilities including anomaly detection in cybersecurity tools, endpoint detection and response tools, and natural language processing. To better prepare we recommend organizations set and meet internal benchmarks around their approach to AI, policies and procedures should be established with respect to AI, and investment considerations when evaluating AI solutions must be in place.”
2. Sophisticated phishing attacks will continue, more investments in employee training
Employees will remain constant targets, continuing to emphasize the need for internal training programs around cyber education and awareness. The 2023 Phishing Report revealed a 47.2% surge in phishing attacks last year, and this trend is expected to continue. Boards and corporate executives are becoming more educated and aware, as direct financial loss from successful phishing attacks increased by 76% in 2022 according to the 2023 State of the Phish Report.
The market for cybersecurity awareness and training is greatly expanding, with an anticipated doubling in value by 2026, going from $5.6 billion to over $10 billion (Cybersecurity Ventures). The annual Verizon Data Breach Investigations Report (DBIR) found that 74% of data breaches involved a human element, with phishing (a.k.a. social engineering) being one of the most prevalent attack vectors.
3. Changing regulations will persistent, but with opportunities for competitive advantages
In the United States, regulations from governing bodies such as the SEC will continue to make updates and in turn greatly influence cybersecurity programs. For example, the new SEC Cybersecurity ruling focuses on risk management strategy, cyber threat governance, and disclosure of material cybersecurity incidents. The idea is that transparency and awareness will increase, thereby protecting the interests of investors, companies, and markets alike.
Although staying uptodate requires a lot of work, according to Gartner, by 2024 less than 10% of organizations will have successfully weaponized privacy as a competitive advantage. Having a privacy program that is strongly aligned with cybersecurity not only helps build trust with customers and partners, but it enables a proactive approach to cyber.
4. Cyber to receive increased representation in boardrooms
In 2024, it will be more important than ever for CISOs to be strongly aligned with their executive counterparts, mainly boardroom members. According to K logix CISO trends, only 62% of CISOs believe their boardrooms are adequately educated about cybersecurity.
Cybersecurity was in the news more in 2023 than any other year, making it an unavoidable topic. CISOs had opportunities to continue to educate their boards on the importance of a proactive, strategic approach to cybersecurity. According to a forecast by Gartner, by 2026 about 70% of corporate boards will have incorporated at least one individual with specialized knowledge and proficiency in cyber.
Kevin West, CEO of K logix comments, “The increased relevance of cybersecurity has enabled CISOs to become strategic leaders among their business counterparts. While many are still working on achieving this position, 2024 will give them more opportunities to solidify cyber’s role within an organization. I encourage CISOs to ensure that executives understand why a strong and strategic cybersecurity program enhances trust with customer, employees and partners, and enables efficiency while reducing overall risk.”
5. Threat detection and monitoring to reign top priority and focus area
Searchlight Cyber March 2023 report found that 93% of CISOs are concerned with dark web threats, but 21% of CISOs have no threat intelligence capability at all. While most security teams report that have some threat intel built into their tools, 2024 will be the year for CISOs to use threat intel data effectively and ensure it is operationalized.
Sydney Solomon, a threat intel expert at K logix states, “Effective cyber threat intelligence is timely, accurate, and provides information relevant to an organization’s specific goals and industry. With an understanding of adversaries’ targets, resources, and capabilities organizations can make strategic decisions that seek to stay one step ahead of the threats. Threat informed defense will be key in 2024 to support proactive remediation of gaps, implement stronger defenses, and make smarter decisions about how to invest resources.”