As we approach 2024, cybersecurity experts from Devo offer a glimpse into the future, highlighting key predictions ranging from the evolving role of CISOs in response to new regulations to the growing threat of AI-powered attacks and the importance of reinforcing security fundamentals and securing the rapidly advancing field of artificial intelligence.
Kayla Williams, CISO, Devo
With new regulations proliferating, CISOs will have to take a new approach to the role
CISOs’ jobs are getting harder. Many are grappling with an onslaught of security threats, and now the legal and regulatory stakes are higher. The new SEC cybersecurity disclosure requirements have many CISOs concerned they’ll be left with the liability when an attack occurs. As we’ve seen with the charges against the SolarWinds CISO, these fears have merit— and we need to prepare ourselves for this. CISOs can’t just be technical experts anymore. Their skillset must be more well-rounded in enterprise risk management, requiring a deeper understanding of the laws and regulations in the jurisdictions and industries where their companies operate. They must also tie compliance tightly to corporate objectives. It’s also going to require CISOs to (more often) form alliances with other executives who will have to play a bigger role as cybersecurity becomes a board-level issue.
More sophisticated technologies mean more sophisticated new threats
This one may be a no-brainer, but it must be said again and again. Bad actors will use AI/ML and other advanced technologies to create sophisticated attack tactics and techniques. They’ll use these tools to pull off more and faster attacks, putting increased pressure on security teams and defense systems. The pace of progress is equally fast on both sides–defenders and attackers–and that balance will continually be tested in the coming year.
Getting back to security basics takes precedence
Ransomware attacks grow more sophisticated. Data leakage concerns are rising. And the ramifications of a breach are stiffening. The ground continues to shift under CISOs’ feet, causing many to lose sight of their security foundations. 2024 is the year to get back on track. A rock-solid inventory of all assets and devices is the core of any good security program. Without this, you’ll forever be catching up and playing whack-a-mole. CISOs should also ask themselves, “Are we doing everything we can to continuously manage vulnerabilities in both our devices and applications, do we have the right controls in place to properly regulate access management, have we tested our data recovery and backup plans, and do we even have full visibility into our environment?” If the answer to any of these questions is, “our policies and procedures fall short,” it’s important to fix it before tackling any additional projects. It’s easy to get caught up in the hype of a new, shiny solution. But the truth is that without the basics in place, you have a one-way ticket to compromise.
Dr. Chaz Lever, Senior Director, Security Research, Devo
Rapid AI adoption will require a new reckoning for security professionals
It’s been a year since ChatGPT hit the scene, and since its debut, we’ve seen a massive proliferation in AI tools. To say it’s shaken up how organizations approach work would be an understatement. However, as organizations rush to adopt AI, many lack a fundamental understanding of how to implement the right security controls for it. In 2024, security teams biggest challenge will be properly securing the AI tools and technologies their organizations have already onboarded. We’ve already seen attacks against GenAI models such as model inversion, data poisoning, and prompt injection; and as the industry adopts more AI tools, AI attack surfaces across these novel applications will expand. This will pose a couple challenges: refining the ways AI is used to help improve efficiency and threat detection while grappling with the new vulnerabilities these tools introduce. Add in the fact that bad actors are also using these tools to help automate development and execution of new threats, and you’ve created an environment ripe for new security incidents. Just like any new technology, companies will need to balance security, convenience, and innovation as they adopt AI and ensure they understand the potential repercussions of it.