Cyber security will become ‘data-driven’
Cyber security resilience can sometimes be overlooked during digital transformation processes. This will change in 2024, as a greater awareness of the need for operational resilience will require directors to more comprehensively report the adequacy of their operational governance processes to regulators. As a consequence, data-driven security information systems better suited to volatile threat environments, will rise in popularity. In the next 12 months directors will recognise the ability of digital cyber management techniques to provide more reliable information, more quickly, to guide their security decisions.
AI poses as many risks as it does benefits
The almost unparalleled adoption of AI marked one of the biggest tech trends in 2023. But as the popularity of the technology grows, so too will the potential for it to be used for other purposes. In 2024 we can expect threat actors to train malicious AI engines and build code to complement their nefarious intent. Organisations will need to adapt to defend against the added threat of AI-enabled adversaries. Reviewing cyber governance policies and controls, and assessing their adequacy, will be critical to avoid falling victim to these AI-enhanced attacks.
Operational resilience will become a boardroom mantra in 2024
Operational resilience requirements in the finance sector are becoming increasingly similar across governments, and we expect these requirements will quickly broaden to other critical infrastructure sectors. Regulators are already reinforcing cyber security as a business issue; and cyber, like other types of operational risks, which can sit outside the immediate control of an organisation, will become a specific element of expanded operational governance requirements.
In turn, this will mean that while organisational leadership can certainly delegate these specialist tasks, they can no longer deflect responsibility for their effective operation and oversight. Directors will need to maintain a steady line of sight across operational risk governance, especially cyber security. Directors must identify the important business services they provide. They must ensure the adequate protection of the systems, processes, resources and 3rd parties that go together to deliver those services to customers. We expect to see a more top-down focus on cyber security.
New technologies will shift the demands for skills and help to alleviate the cyber security skills shortage
Skill shortages in cyber security have frustrated many organisations’ security efforts for a number of years. However, a growing shift to digital innovation and automation in security processes themselves should provide some relief. The adoption of data-driven solutions and automated, evidence-based reporting should allow less skilled technicians to enter the market – effectively interpreting, responding to and managing large parts of the cyber security process. This will, in turn, enable existing security professionals to address more pressing needs, attending to the outliers – such as exceptional data and high-level analytical problems – that we will always face.
Huntsman Security has published a full whitepaper that includes more detail on the four predictions above. The paper, complete with other predictions, can be downloaded, here.