Rick Jones, CEO, DigitalXRAID; Jamal Elmellas, Chief Operating Officer, Focus-on-Security; and Jeremy Ventura, Director, Security Strategy and Field CISO, ThreatX, give us their cybersecurity predictions for 2024.
Rick Jones, CEO, DigitalXRAID
Attacks on critical national infrastructure continue to proliferate
Critical National Infrastructure (CNI) continues to be the prize bullseye for cybercriminals and nation-state actors alike. A whopping 90% of CNI industries have fallen prey to a successful ransomware attack in the past year, underscoring the urgent need for fortified defences. Further ratcheting up tensions, nearly 80% of CISOs feel that we’ve crossed into an era of constant cyber warfare.
In 2024, critical sectors such as energy and utilities and financial services will face amplified threats, particularly sophisticated tactics like double extortion. It’s high time organisations double down on basic but powerful defences – cybersecurity training, patch management and network segmentation. Simply put, you can’t afford to cut corners. In critical industries such as the energy or finance sector – or any part of the CNI for that matter- it will be too dangerous to just roll the dice.
Generative AI: A double-edged sword
AI can be both a transformative ally and a formidable foe in the world of cybersecurity. While innovations like Machine Learning algorithms have fortified our defences, the dark side of AI also looms large.
Security teams need to be on their toes to leverage AI as a defensive tool as well. As exhilarating as it is to use AI for good, it’s equally chilling to think about its misuse. Imagine phishing scams so cunning that they evade traditional filters or automated malware so sophisticated it bypasses conventional firewalls. Even platforms like ChatGPT are chiming in to raise the alarm against the impending AI-driven threats in the next year and beyond.
AI is incredible, but it can’t think creatively or adapt like a human can. In 2024, organisations will have more need than ever for highly skilled and certified experts who are constantly trained on the latest threats and can analyse complex attack vectors. For many, outsourcing threat monitoring through a SOC will no longer be a recommendation, it will instead be a necessity for the digital age.
Jamal Elmellas, Chief Operating Officer at Focus-on-Security, the cybersecurity recruitment agency
Skills shortages will begin to be felt due to them being cumulative
There is an annual shortfall of 11,200 cybersecurity employees, according to UK Government research, and this is cumulative which means year-on-year the shortage is intensifying. Moreover, an increase in demand for cyber-roles of 30% and growth in employment of 10% over the course of 2022 indicate demand is also on the up.
In 2024, the shortages of skilled cybersecurity employees will start to bite and businesses will no longer be able to keep doing what they have been doing and recruit from the same small pool of talent. Recruitment strategies will have to become more creative in a bid to identify raw talent if security teams don’t want to be left short staffed.
Emergence of more low cost or free training schemes to boost intake
Industry bodies have already taken proactive action with the likes of (ISC)2 offering a million free entry level certification courses and exams while in the US a number of universities have launched free online courses.
Advances in the provision of courses online mean this is now a viable low-cost alternative. So next year we can expect to see more subsidised or free training in a bid to attract more people into the sector or to upskill professionals to fill those roles that are in high demand.
A brain drain as more senior execs leave the field due to stress and burnout
Stress levels continue to be high with incidents and alert levels on the rise which means we are on track to realise Gartner’s prediction of 50% of cybersecurity leaders changing jobs and 25% leaving by 2025. Thus far that exodus has been tempered by the cost-of-living crisis but as inflation stabilises and confidence returns there will be an exodus at the top. Given the years of experience needed to fill these roles, this could seriously destabilise security teams and stall security projects.
Crackdown on AI in recruitment
AI has long been a part of recruitment but the emergence of Generative AI Large Learning Models (LLMs) is now seeing the technology used by candidates too. AI apps are providing candidates with ready crafted replies during interviews, for example. Next year we can expect to see the industry self-regulate with specific clauses in agreements against AI-generated CVs and AI-lead interviews.
Use of AI technologies such as an ATS (Application Tracking System) and/or Recruitment Management System (RMS) is also now widely regarded as problematic because it creates a hidden workforce, exacerbating the skills shortage. These systems are used by 58% of UK businesses, with more than 90% of employers using their RMS to initially filter or rank potential middle-skills (94%) and high-skills (92%) candidates, according to the Hidden Workers: Untapped Talent report from Harvard Business School.
Used to filter through CVs and applications, the technology has been criticised for excluding applicants that have been out of the workforce or unconventionally trained but strong candidates that don’t use key search terms. Candidates have tried to bait the system using whitefonting in the past because it’s viewed as such an obstacle. In 2024, we’ll see a move away from this technology towards more intuitive forms of filtering using the natural language processing (NLP) associated with Generative AI. This will enable recruiters to put forward candidates that have the aptitude if not the qualifications needed for specific roles.
Cybersecurity budgets will increase due to skills shortages
Spend on cybersecurity will go up in 2024 as organisations seek to compete for talent and invest in automated technologies to help lighten the workload of the security team. Investment will be buoyed by inflation stabilising and growth returning to the market. However, as roles become augmented by AI and automation, we can also expect to see remits change.
Jeremy Ventura, Director, Security Strategy and Field CISO at ThreatX
As we dive into 2024, cybersecurity faces a shift. Businesses must brace for an uptick in AI-fuelled cyberthreats. In addition, fear is at an all-time high, with our latest research demonstrating a staggering 97% of consumers predicting cyberattacks will get worse next year.
87% of consumers are concerned about whether companies they do business with – from banks to retailers to healthcare providers – will keep their data safe in 2024. Therefore, vendors across all industries must ensure 2024 cybersecurity investments and strategies factor in consumer concerns, which includes making sure the tools adopted meet the challenges of looming cyberattacks threatening sensitive information.
However, in 2024, consumers hold a key role in protecting themselves. Consumers are already planning to up their personal security as 56% plan to adopt different passwords for different accounts and 55% will move to two-factor authentication. Vigilance starts with a critical eye on emails – scrutinising URLs, spotting misspellings and be aware of urgent tones. This also means resisting the lure of suspicious links and pop-ups.
As we step into the new year, businesses and consumers go hand in hand to protect themselves against cyberthreats by embracing these simple yet potent measures.
Click below to share this article
