In anticipation of the 2024 predictions season, Ev Kontsevoy, CEO & co-founder at Teleport, shares his insights, foreseeing shifts in security team roles amid rising identity-based attacks, the adoption of secretless access to combat human error-induced breaches, an increase in M&A activity to consolidate cybersecurity tools, and the growing regulatory pressure on the software industry.
Ev Kontsevoy, CEO & co-founder at Teleport.
Engineering and security teams will partner to protect infrastructure from growing identity attacks
Historically, companies' approach to security was very IT-centric with dedicated security teams – like those responsible for network security – working to ensure the organization was secure. However, with the dissolution of the corporate perimeter, the increasing complexity of cloud computing, and a cybersecurity talent shortage, the role of security teams will change.
In 2024, with identity attacks on the rise, we’ll see the role of security teams shifting to those of consultants and auditors, with engineering teams responsible for choosing vendors and implementing security protocols. Cybersecurity teams will be responsible for policy and ensuring that workflows and systems meet security requirements.
Increasing frequency and cost of breaches as a result of human error will force organizations to adopt secretless access
2023 was a year defined by human error in costly security breaches –– according to Verizon’s 2023 Data Breach Investigations Report, the human element features in 74% of all breaches. Mistakes such as privilege misuse, accidental data exposure, and falling victim to social engineering attacks stem from various human factors, and the critical consequences of the compromise of secrets. This has resulted in organizations embracing biometric hardware and identity verification, but attackers are no longer solely fixated on stealing passwords. They are actively seeking a range of secrets embedded within an organization's infrastructure, including browser cookies, private keys, API keys and session tokens. To keep up with the pace of threats, organizations will recognize they must move to fully secretless authentication in 2024 to secure the wider spectrum of sensitive access points still vulnerable to threats. As organizations look to eliminate their reliance on static secrets altogether, widespread adoption of secretless access in the coming year will create immunity to human error and significantly hamper how threat actors operate.
We will see more M&A activity that consolidates tool sprawl
The uptick in M&A activity within the cyber sector in 2023 (Palo Alto Networks acquiring Dig Security and Talon, Crowdstrike buying Bionic, Thoma Bravo’s merger of Forgerock and Ping Identity, etc.) is a compelling trend that will continue into 2024. This surge, although driven by the down market, addresses the fragmentation of cybersecurity solutions. Managing all of these tools, and overseeing the sheer volume of software can be extremely overwhelming for today’s CISO. This complexity can lead to significant error, overlapping functions, integration issues and increased operational overhead. To address these pressing needs for customers to eliminate these challenges, we’ll see more vendors in 2024 make strategic M&A moves to broaden their platforms.
The industry will see more regulatory pressure
So much of the world is now controlled by or through software. As a result, world-renowned cryptographic experts like Bruce Schneier have advocated for increased regulation, even going as far as to say we need to start regulating software the same way we do air space. While there is no silver bullet, and I don’t recommend we regulate all software like this, there are certainly critical software systems comparable to airplanes in terms of potential damage. It’s no coincidence that Gartner predicts that 45% of CISOs will expand their remit beyond cybersecurity, due to increasing regulatory pressure and attack surface expansion. Expect this trend to begin in the new year and quickly snowball over the next five years.
Comments