It’s been another year full of incident. But 2024 has plenty in store for IT and business leaders. As organizations continue to adapt to economic, political and business uncertainty, the value of effective data protection will never be so obvious. Regulatory and technological change promises to make it another challenging year for industry professionals.
So what might they expect? Here are five suggestions:
- AI will continue to power both attack and defense
There’s good and bad news for network and data defenders next year. On the plus side, the AI revolution will start to have a positive impact on their ability to mitigate business risk. Think AI assistants to help security operations teams more rapidly analyze and respond to emerging threats—plugging chronic skills shortages. Or AI systems that help to automatically and continuously discover and classify all enterprise data, prior to applying strong protection to it.
However, on the other side, the bad guys will also step up their use of AI. Legitimate accounts with generative AI (GenAI) tools will be hijacked so that threat actors can use the technology to supercharge phishing and fraud campaigns. New malicious tools in the mould of WormGPT and FraudGPT will also emerge. As enterprise threats mount, the need for watertight data security policies and controls will only grow.
- Organizations will need to consolidate onto security platforms
The modern, digital operations that customers demand to power seamless user experiences come at a cost. That cost is complexity – the arch enemy of security. As cloud native digital environments invite risk, stretched security teams will struggle with a surfeit of controls. The average organization had 76 such tools in 2022. The number could be even greater today.
This will drive a renewed push for simplicity by CISOs in 2024. That means consolidating onto fewer security platforms that can handle multiple functions. In the data protection sphere, it could be platforms capable not just of protecting data but also continuously discovering and classifying it prior to applying encryption or tokenization, in line with policy.
- The regulatory landscape will become more complex and fractured
The patchwork of data protection regulations covering the globe will continue to grow in 2024. We’ll have the EU AI Act, the NIS 2 regulation and the Cyber Resilience Act all likely coming into force over the course of the year. In the US, new SEC rules around breach reporting and transparency will force boards to take cyber more seriously. At the same time another Schrems challenge to EU-US (and UK-US) data transfer agreements is likely.
Amid this continuous turmoil, compliance teams must keep a level head. Strong data protection across the board is beginning to look like a smart move to mitigate risk and minimize the compliance burden.
- The attack surface will expand as digital transformation continues
As organizations struggle with macroeconomic and business uncertainty, some will be forced to cut back spending. Others will pivot to digital investments in a bid to become more efficient and create the seamless experiences customers are increasingly demanding. Unfortunately, at the same time, such digital investments will increase the corporate attack surface, opening up new opportunities for threat actors.
Smart organizations will layer up cyber-defenses in response, combining protective measures and best practices like patching, with strong risk-based authentication and detection and response. A data-centric approach will be critical to managing the growing risk of compromise across an expanded attack surface.
- Boards will increasingly view cybersecurity as an enabler
As important as data-centric security is for mitigating risk, it can also be a driver of sustainable business growth. Boards looking to drive competitive advantage in 2024 will consider how a keener focus on security can help them do so. It could bolster compliance efforts, opening doors to new markets and protect digital transformation initiatives vital to long-term growth, as well as winning over end customers and business partners.
In a year where customer loyalty will be increasingly hard-won and easily lost, security-centric organizations will find themselves in the driving seat.
