Image: © Skórzewiak/Stock.adobe.com
From using AI to ‘fight fire with fire’ to the rising popularity of the sovereign cloud, here are the top cybersecurity trends for 2024, according to TCS’ Tim Kelley.
There is no doubt that cybersecurity is one of the hottest topics in the tech world right now. As we close the door on one of the most tumultuous years of the threat landscape, the tech world braces itself for what trends awaits it this year. Just recently, a report released by Aon stated that cyberattacks and data breaches are two of the top risks facing Irish businesses. With this in mind, what are the biggest cybersecurity trends for 2024 and how should businesses prepare their strategies accordingly?
To find out, we spoke to expert Tim Kelley, who is the strategic head of Tata Consultancy Services’ (TCS) threat management centres in the UK, Ireland and Europe. Kelley has more than 30 years of experience in cybersecurity and is an active member of Cyber Ireland, a national cybersecurity cluster with representatives from industry, academia and government. Here are some of his cybersecurity observations and predictions for this year.
Generative AI on opposing sides
With AI holding the top spot for tech topic of 2023 as it continues to impact almost every industry in some capacity, its effect on cybersecurity shouldn’t be a surprise to anyone. Kelley highlights the various ways that threat actors have been using the innovative tech to carry out malicious attacks, such as deepfake tech and self-evolving malware. Kelley says that to counter these attacks and “fight fire with fire”, businesses must use AI-driven cybersecurity.
“This technology has the potential to transform the industry by improving enterprise posture through automated hardening of configurations and compliance, overcoming microsegmentation challenges, fine-tuning least privilege access, enhancing reporting and more,” he says.
Kelley highlights two methods that companies should consider in order to boost their cyber resilience: cyber insurance and real-time threat dashboards.
“Currently, leaders in cybersecurity understand the need to prepare for generative AI threats and opportunity – with insurance becoming less of a choice and more of a necessity,” explains Kelley. “As a core precautionary method, a centralised visibility dashboard is a tool we expect many companies to invest in as it can plan, track and react to attacks while giving insights into real-time cyber risks.”
Some of the ways that Kelley expects AI and machine learning to help protect data across hybrid cloud environments include “identifying shadow data, monitoring data access, encrypting data in transit and at rest, and alerting security teams about potential data breaches”.
“As enterprises embark on this journey, they should prioritise employee education on the secure use of AI tools, ensure security of data transmitted to and from AI tools, have stringent access control and monitoring, and continuously harden models to mitigate potential security vulnerabilities.”
Cyber leaders will take the executive spotlight
With the unprecedented rise in cyberattacks and breaches recently, Kelley believes that cybersecurity will become a bigger focus at the executive level across enterprises.
“With increased executive accountability and heavy fines for violations, boards will focus on cybersecurity regularly and could take actions like creating a dedicated cybersecurity committee, engaging with external advisors and requesting regular reports from chief information security officers (CISOs).”
According to Kelley, the role of cyber leaders such as CISOs will be evolve from a “technocrat mindset” to a larger presence in strategic decisions of the business and “driving cybersecurity-enabled competitive advantage”.
“Now, these leaders increasingly report to the board and have more autonomy to make investment decisions,” he says. “Boards will have a dedicated cyber committee and specific C-suite cyber performance metrics, while also requiring companies to mandate cybersecurity education and training programmes as further ways to mitigate cybersecurity risks and integrate cybersecurity best practices into any company-wide strategy.”
The rise of the sovereign cloud
Another concept that Kelley believes will grow in popularity is the ‘sovereign cloud’, which he says will be adopted by more companies due to the rise in data sovereignty laws and initiatives. By utilising the sovereign cloud, Kelley states that companies will be able to safeguard valuable data and systems from unauthorised foreign access on a country or local level.
“Data privacy regulations and the geopolitical landscape are constantly changing, and these affect the control and flow of data.
“The stringent stance taken by countries against privacy violations with huge fines being levied on enterprises makes data sovereignty a key imperative. By adopting a sovereign cloud solution, organisations can reduce the risk of data breaches, espionage, sabotage, while enhancing trust with investors, customers and regulators.”
Vendor strategies will change
Kelley advises that enterprises with business models involving digital ecosystems – meaning a complex networks of businesses, individuals and various systems and stakeholders that use technology to interact – should consider expanding threat assessments to include “integrated supply chains while consolidating vendors” due to the increasing sophistication of these ecosystems.
“As cybersecurity threats emerge and evolve, organisations often respond by adding more security products and partners, but this can ultimately work against their security goals,” he explains. “To solve this, many organisations are considering opting for vendor consolidation so that security posture can also be improved.
“The rationalisation of the cybersecurity vendor portfolio is urgently needed to provide the security team with an efficient platform to manage risks effectively across the broad threat landscape.”
Alternative solutions to the cyber talent gap
One cannot address current cybersecurity trends without mentioning the severe issue of the ongoing cyber talent shortage. According to a recent estimate by the European Union Agency for Cybersecurity (ENISA), the current cyber workforce shortage stands at approximately 300,000, a gap that ENISA claims cannot be filled with the current number of graduates.
Kelley suggests that companies need to tackle this issue through alternative methods, such as hiring in-house specialists to boost internal teams or outsourcing cybersecurity work to large external resource companies (ie consulting firms and cloud providers) to reduce costs and risks.
“If hiring is not imminently possible, administrators should opt for a managed services provider,” says Kelley. “The partner can then implement and operate a unified security platform using automated and streamlining processes to strengthen defences against advanced threats, while providing complete visibility into the security posture of the enterprise.
“We believe that consistency paired with automation will help organisations optimise their cybersecurity operations and overcome human resource limitations.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
