In 2024, the cybersecurity sector will face a variety of challenges and changes, including talent shortages, an increasing enterprise attack surface, the rising impact of cyber insurance, and the growing influence of artificial intelligence.
These trends will largely drive cybersecurity strategies in the coming year.
Below are cybersecurity predictions for 2024 from executives at Quest Software and One Identity:
• Cloud infrastructure + cost benefits will persuade previous holdouts on cloud migration.
By Heath Thompson, President and General Manager at Quest Software
In 2024, organizations that haven’t yet migrated workloads to the cloud will do it from an infrastructure-first approach vs a SaaS-based one. The path of least resistance (and most ROI) for budget-pressured organizations who have been procrastinating on cloud migration will be able to score quick victories by choosing an IaaS service that helps them reduce infrastructure and maintenance costs. Not every cloud solution can be solved by a SaaS model – and even the early adopters will recalibrate their cloud strategies to ensure their approach is helping them meet their specific needs around streamlining infrastructure (IaaS), optimizing application development (PaaS) or accessing ready-made software (SaaS). As more organizations question and refit their cloud data management strategies, IaaS will probably provide them with the most bang for their buck in 2024.
• Configuring a Secure Future: How to Bridge the Skills Gap in Cybersecurity
By John Hernandez, President & GM, Quest Software
As we look ahead to 2024, it’s clear that the cybersecurity landscape is undergoing a profound transformation, driven by a significant shortage of cybersecurity talent and the retirement of professionals well-versed in “legacy” technologies like Active Directory – both of which create a concerning lack of visibility into IT environments and could lead to easily exploited vulnerabilities. With this increasing risk, CISOs, tech leaders and recruiters will finally be motivated to take more drastic action to bridge the skills gap in the cybersecurity sector, investing in enhanced training programs and implementing cutting-edge tools that provide better visibility and make it easier for security professionals to manage and rectify misconfigurations promptly. The future of cybersecurity hinges on our ability to upskill our workforce and equip them with the knowledge and tools needed to protect our digital assets effectively. However, It’s not just the responsibility of organizations and cybersecurity professionals; software vendors must also play a crucial role in alleviating the security skills gap. By proactively addressing security concerns at the source of their supply chain and strengthening the jobs pipeline, software vendors and enterprises alike can mitigate this risk and close the gaps.
• M&A IT Integrations Will Primarily Be Driven by Security Threats And Compliance Requirements
By Sergey Medved, VP of Product, Quest Software
In 2024, economic uncertainty will continue to slow the pace of M&A, therefore also slowing the pace of IT integrations for older M&A deals. The full integration and consolidation of key cloud and security technologies will hinge on the ability of employees from various organizations to collaborate seamlessly. Organizations may be tempted by the state of the economy to be cautious and delay the final stages of integration. However, if an organization experiences a security breach, fails an audit, or falls out of regulatory compliance, this will accelerate the consolidation process and may escalate to other reputational or financial issues. Ultimately, the need for enhanced security and compliance will take precedence over economic uncertainties and after a trough in activity, will lead to a sustained push for IT integration.
• The ballooning enterprise attack surface will cause an uptick in identity-based cyber incidents
By Mark Logan, CEO, One Identity
In 2024, the expanding enterprise attack surface won’t just continue to make traditional security obsolete, but give threat actors access to the PII and identities they need to infiltrate organizations. They’ll continue to find easy, fast and lucrative outcomes through targeting identities, which is much easier than trying to squeeze hardened endpoints. Identity sprawl – compounded by the hybrid workforce, disorganized cloud migrations and a cyber skills gap – is only exacerbating the problem. A new unified approach will be required to truly secure identities and reduce the size of the enterprise threat landscape, and CISOs will need to convince their boards of the value of this kind of approach or risk additional damages from opportunistic breaches.
• Cyber insurance will become auditor-in-chief of cyber best practices thanks to new capabilities
By Larry Chinski, Global VP, One Identity
In 2024, cyber insurers will continue to look even more closely at organisations’ security posture, becoming a new, tech-enabled auditor powered by actuarial science and automation to truly separate prepared organizations from high-risk ones. Many businesses recognize they need a cyber insurance policy but are faced with high premiums or unable to get it because they don’t meet basic cyber hygiene requirements (such as a lack of a zero-trust strategy or privileged access management tools). Thanks to the rising authority of the cyber insurer, more CISOs will be able to make the business case to rapidly deploy new guardrails to lower their cyber insurance premiums and get the coverage they need.