Over 2023, we've seen what I like to call the 'verticalisation of cybersecurity' taking effect, in that cybersecurity has finally taken centre stage in business discussions. If you see event agendas, for example, it is now featured as a key business conference topic at any industry event – whether it is a healthcare fest or a mining conference.
As discussed in my predictions last year, cybersecurity's impact on business is now recognised across all industries. It has become both a business concern and a disruptive force and has consequently become an integral part of organisations' business agendas.
This trend will be even more pronounced in the coming year. To navigate the evolving landscape, we must understand the industry-specific nuances of cyber and risk management. The focus is increasingly shifting from a horizontal approach to a vertical one, where cybersecurity is at the core of every industry discussion.
As we delve deeper into this trend, where cybersecurity becomes a pivotal aspect of every industry discussion, it's essential to acknowledge that while strides are being made in the right direction, the language and approach used to sustain these conversations fundamentally still require some refinement. The key point to recognise is that achieving buy-in and engagement from business leaders remains critical to this transition.
We can expect some key challenges and opportunities in 2024 that will continue to keep organisations on their toes.
Here are my three predictions for 2024.
1. The rise of cascading supply chain attacks
We have witnessed more and more cyber breaches this year that share a similar profile – risks are coming from outside of organisations' operations, and they are actually sitting somewhere nearby.
For instance, banks' risk exposure could derive from the law firms they are associated with. Depending on how many subcontractors are involved within the same supply chain, the risk can also extend to two to three levels down. Organisations need to, therefore, assess their immediate (tier zero) partners who have direct access to their system. Still, then they also need to understand the access levels of their partners' subcontractors and so forth. And this high level of complexity creates this cascading impact.
As digital transformation accelerates, this issue will only continue to gain traction, making it easier for attackers to gain access through connected and trusted partners. Understanding who connects with whom will be critical.
2. AI – friend or foe?
AI has remained a prominent topic in mainstream discussions for quite some time, often viewed as a productivity tool. However, in the context of cybersecurity, both offensively and defensively, whilst it has been at the centre of every discussion over the last year, we find ourselves grappling with a critical question: how do we effectively harness AI within products, or is it a necessary phase of frustration we need to go through before its value comes to the forefront?
While new technology use cases are leading, the security is lagging behind. We must proactively secure these emerging use cases as they will play a fundamental role in the AI-driven future. Much like the effect we have seen in identity security with the rapid adoption of the cloud, its acceleration has left an often overlooked gap. Similarly, we are seeing a time lag between the pace of AI and security - we don't know where risk profiles really sit and how they come up as cyberattacks. To address this, we must leverage the positive aspects of AI to cover these security holes, swiftly predicting and identifying vulnerabilities in user behaviour so we can prevent or detect deviations from normal patterns.
Cyber criminals' adoption, or rather exploitation, of AI, is only set to accelerate and become more mainstream. As an industry, we need to ensure we stay a step ahead and our defences evolve alongside these threats.
3. The shift to vendor consolidation will intensify the fight for superiority
More organisations now have the mandate to do more with what they have already invested in. And more vendors are starting to build more solutions within the same platform.
We believe there is opportunity for organisations to re-evaluate their core product features and streamline their technology stacks based on what's critical.
Vendor consolidation will be a key trend in 2024. The fight for platform superiority will only intensify, influencing both partners and customers in their investment decisions. Organisations have recognised the importance of reducing the multitude of vendor solutions they are implementing to enhance productivity and reduce costs as they are no longer manageable. Essentially, this shift reflects a productivity-focused conversation within organisations: how can we effectively address security issues in a productive way that's easy to implement at a cost we can absorb? This consideration applies to enterprises of all sizes, and we will see all vendors rally to establish their leadership.