As John Lennon once said, another year over…and a new one just begun. As we head into 2024, it’s important to reflect on what we’ve seen and where we need to focus in the year ahead.
AI in the cybersphere
Firstly, it’s hard to ignore the explosion of Generative AI. Since ChatGPT launched late last year, it’s hardly been out of the news. Artificial Intelligence as a neutral tool has the potential to be used for good or ill and presents opportunities for defenders and attackers alike. Whether the bad actors are ahead, or the cybersecurity professionals, is up for debate.
Attackers can use AI to scale their attacks, bypass security controls, generate fake content and imitate legitimate users. Meanwhile, defenders can leverage AI’s computational power to predict, analyse, detect, and respond to threats in real-time. AI-driven behavioural analysis will be key for organisations to spot impersonation attacks and inconsistent insider activities, but will require cybersecurity teams to carefully consider privacy and ethical implications when monitoring employee activity.
The power of Edge
At an infrastructure level, I’m excited by the growth in Edge computing and what it enables. Edge networks’ distributed infrastructure offers reduced latency, enhanced resilience against outages, and eliminates the need to transport vast amounts of data to distant data centres. This flexibility allows innovations like AI and internet-connected gadgets to realise their data-hungry dreams. But more devices and data flows also expand the attack surface for cybercriminals to exploit, which we security experts must remain vigilant to. We need to layer controls into Edge infrastructure from the get-go, not bolt them on as an afterthought. We need to monitor risks in real-time, sniff out threats early, and snuff them out swiftly. The exciting possibilities of Edge also dial up the need for cyber savvy. We must mind the gaps to keep the bad guys out, while letting technology reach its potential.
The growing impact of compliance
At a wider business level, compliance with cybersecurity standards remains an annual struggle across sectors. Depending on industry regulatory requirements or client needs, many organisations juggle multiple certifications like PCI DSS, Cyber Essentials, or ISO 27001. As threats constantly evolve, requirements are likely to become more stringent. However, it is paramount to continually assess the efficacy of our defences against emerging threats and understand that cyber resilience is a mindset and discipline, not just a checklist. Proactively managing risks will enable steady compliance rather than reactionary fire drills each year.
A focus on resilience
Talking of resilience, cyber stretches the definition somewhat. Cyber resilience must ensure that we can withstand or recover from any unplanned events, not just cyberattacks including natural disasters, geopolitical events, pandemics or economic downturns. In essence, cyber resilience is vital for business continuity, reduces risk to financial or reputational loss and helps organisations continue to get work done.
Edge Networks as mentioned earlier are designed with resilience and redundancy in mind, but also offer secure and scalable solutions to facilitate growth to meet client considerations from existing business needs, plans for growth, technical capabilities, to cost or risk management. Getting the right provider therefore, requires a trusted partnership to understand those specific requirements and work in collaboration to meet those aspirations but avoid fears.
Finally, that focus on resilience is now impacting the cost of Cyber Insurance and is an excellent barometer of the current threat environment. As attacks have become more frequent and sophisticated, premiums have increased, and underwriters have become ever more focused on resilience to cyberattack. For the first time, organisations are finding their risk appetites being dictated from outside their Boardroom, influenced by the insurance company and their perception of risk. The Cyber Insurance market will be interesting to watch. Assessments to onboard risk will likely become more discerning and carry more punitive exclusions for organisations who are unable to demonstrate basic cyber hygiene.
Security – The beacon of trust
It’s clear there’s a lot of great things on the horizon, but equally a lot to be careful of if we are to continue to deliver the trusted infrastructure clients are looking for and I’m excited to see where it takes us.
As cyber professionals, it’s never been more important to keep our Executive Boards up to speed. We have to bring to life the tedious security certifications and illustrate the business risks and sensible counter measures that ensure we and our customers remain cyber resilient. This is what makes cyber a beacon of trust, rather than a costly tick-box exercise.