6 expert tips from cybersecurity leaders to consider in 2024
Reflecting on the past, it's evident that the cyber threat landscape in 2024 will bear a striking resemblance to that of last year. However, there will be a focus on enhanced efficiency, reducing costs and taking advantages of opportunities. With artificial intelligence (AI) and cloud technologies dominating cybersecurity, companies will continue to witness devastating cyber-attacks, believe experts. So, what can security leaders do to confront these challenges head-on and ensure a more stable 2024? Here are some tips from industry experts to help cybersecurity teams stay resilient in the face of these threats.
Closing the cybersecurity Talent gap
“As digitisation continues to spread across the country at a rapid pace, the demand for skilled cybersecurity professionals is on the rise. Organisations are seeking ways to protect themselves from an ever-evolving and complex threat landscape. At the technology level, organisations can take proactive measures and utilise advanced security solutions like Extended Detection and Response (XDR) to strengthen their security, meet regulatory requirements, and foster a culture of cyber resilience. By implementing an advocacy program, where security advocates monitor employees' progress in various security training initiatives and share success stories, organisations can personalise the training experience and empower individuals with valuable knowledge that benefits the entire company. Additionally, it is crucial for companies to prioritise employee cybersecurity training and awareness programs to build a workforce that is conscious of security. Well-informed employees can act as the first line of defense against cyber threats, reducing the likelihood of successful attacks. —Samir Kumar Mishra, Director, Security Business, Cisco India & SAARC
CISOs to adapt or perish
“In the past, the primary role of a security professional was focused on technical expertise. However, in today's world, the top priority for a CISO is to establish strong relationships with the board and collaborate with peers. The success of business continuity and operational efficiency greatly depends on these relationships, so it is essential to prioritise investment in training to develop and nurture these skills. Additionally, security cannot be solely entrusted to the CISO anymore. With the rapid evolution of technology, business, and the threat landscape, security has become an integral part of every aspect of a company's operations. Therefore, CISOs need to effectively communicate the complexities to the board and leadership. Although it may be challenging, it is also an exciting time for CISOs to move forward and continue their growth." —Mignona Cote, Chief Security Officer, NetApp
Keeping ransomware, supply chain attacks at bay
“Looking ahead to 2024, we can expect the threat landscape to mirror that of 2023, albeit with greater efficiency and opportunistic twists. The driving force behind cybercriminals remains unchanged — their pursuit of money. Ransom and extortion will continue to be their preferred methods to gain infamy and wealth. Furthermore, as companies increasingly adopt “as-a-service” models, the frequency of ransomware and supply chain attacks will rise. Despite the growing prevalence of multifactor authentication, attackers will still rely on malicious proxies like evilginx and social engineering to manipulate end-users and IT support staff into granting them access. The successes of groups like LAPSU$ and Scattered Spider, who made headlines in 2022 and 2023 by infiltrating major brands, will undoubtedly inspire others to follow suit.” —Chester Wisniewski, Global Field CTO, Sophos
Evaluating security risks of generative AI, LLMs
“The topic that's currently dominating discussions is the emergence of generative AI and large language models (LLMs). We are standing at the brink of a paradigm shift; this mirrors the magnitude of the shift to cloud computing. This shift toward generative AI in cybersecurity echoes the lessons learned during the cloud adoption phase. It became evident that traditional methods and risk assessments, designed for on-premise environments, didn't seamlessly translate into cloud-centric infrastructures. Similarly, with the advent of generative AI, it's crucial to evaluate the security implications. We need to consider how these intelligent algorithms are trained, establish trust in their responses, and ensure they haven't been manipulated by threat actors.” —Omer Singer, Head of Cybersecurity Strategy at Snowflake
Raising greater awareness on Deepfakes
“As the sophistication of deepfake technology continues to advance, India is anticipated to witness a surge in deepfake-related cyber attacks in 2024. These attacks will target individuals, businesses, and even government institutions, aiming to spread misinformation, manipulate public opinion, and disrupt critical infrastructure. The financial repercussions of these attacks could be severe, potentially leading to reputational damage, loss of investor confidence, and even economic instability. To combat this growing threat, Indian organisations must invest in deepfake detection and mitigation technologies, raise awareness among their employees about the dangers of deepfakes, and develop robust cybersecurity strategies that can withstand these sophisticated attacks.” —Rohan Vaidya, regional director, India and SAARC, CyberArk
The AI-powered cyber defense boom
“The key to an organisation's cyber resilience lies in its ability to keep its business operations going. And achieving this resilience is only possible with modern data management and data security capabilities. In today's rapidly evolving world, where AI and machine learning technologies are changing the rules, organisations need to embrace transformational capabilities like AI-powered anomaly detection. This enables them to spot potential attackers in their systems before they can cause any damage. Moreover, AI and ML-based data classification can help organisations uncover and identify sensitive data, both prior to and during an attack. Implementing AI-powered data access controls and utilising an AI data insights platform are also crucial. These capabilities are vital because cybercriminals themselves will likely use AI and ML to amplify their attacks. As we approach 2024, organisations should seriously consider how AI and ML can bolster their cyber resilience and data security." —Sathish Murthy, Director of Systems Engineering, ASEAN, India, Cohesity