5 CISOs share their best security predictions for 2024: Insights to safeguard your organization

2023 saw significant changes in cybersecurity, notably with AI. For example, after ChatGPT's release in November 2022, SlashNext reported a 1,265% increase in phishing emails in their 2023 State of Phishing report. AI is not only helping employees but also aiding threat actors, who use it to enhance their attacks, from creating convincing phishing emails with chatbots to developing AI-generated malware. As 2024 begins, Techopedia asked top CISOs about the key security trends for the year. Their edited and condensed comments follow.

5 CISOs best security trends for 2024

1. Regulatory complexity will increase

"In 2024, cybersecurity compliance is expected to become more complex due to advancements in technology, evolving threats, and changing regulations. Privacy laws such as GDPR and CCPA have set a precedent for stricter data protection measures. More regions and countries are likely to implement similar regulations, broadening compliance requirements for organizations handling personal data. Artificial intelligence and machine learning will also play a larger role in compliance, automating threat detection, analyzing data for violations, and providing real-time insights to facilitate compliance."

2. Stricter data breach disclosure requirements

"In 2024, the responsibilities of CISOs are set to increase significantly, especially with the evolving incident disclosure regulations. In 2023, the SEC introduced a disclosure rule for public cybersecurity companies, impacting cybersecurity leadership across industries.

As of late July, public companies must disclose any significant breach within four business days of discovery if the incident has a material impact. Despite recent clarifications from the SEC, the ruling's language remains somewhat vague, leaving CISOs concerned about its impact and the potential legal risks they face.

It's widely understood that the full extent of a breach often takes months or years to uncover after thorough investigation. Therefore, in 2024, more CISOs are expected to seek Directors and Officers (D&O) insurance, and many may retain personal legal counsel to safeguard themselves.

The security community has historically thrived on open information sharing, including CVE disclosure and best practices. However, due to the SEC's rulings, there may be a shift toward more secrecy among CISOs and the security community. CISOs may be more inclined to withhold potentially incriminating information until it is deemed safe to share."

3. Supply chain attacks and security automation

• Open-source software supply chain attacks will increase: Expect a rise in attacks targeting unregulated open-source ecosystems in 2024. Attackers have already used tactics like seeding malicious Python packages in open-source repositories, mimicking legitimate ones. Given developers' reliance on these packages, such attacks are likely to persist, leading to significant vulnerabilities. With over 90% of software worldwide built on open-source code, this trend will have wide-ranging implications. To mitigate this, more companies are expected to use AI for assessing open-source package risks.
• Data governance and the data supply chain: In 2024, CISOs will face critical decisions regarding data governance. They will need to choose between strict control over private/protected data or embracing its open use, acknowledging the associated risks. Data, much like software, has its own supply chains. For instance, if data is deleted or a customer requests its removal from a supply chain, but it has already been used to train a large language model (LLM), unwinding this process can be challenging or impossible. For companies working with machine learning models, managing data supply chains requires operational discipline, which falls under the CISO's purview.
• Security automation replacing "shift left" security: The concept of "shift left" security aimed to address security flaws earlier in the software development lifecycle by involving developers more closely. However, this approach has significantly burdened developers. In 2024, security automation will likely replace "shift left" security by removing security tasks from the developer's workflow. This approach, termed "shifting down," automates security into lower-level functions, reducing developers' security responsibilities. AI will play a crucial role in automating the identification and remediation of security issues, providing developers with more manageable and actionable feedback.

4. The rise of polymorphic malware

The emergence of AI has profoundly impacted various aspects of our society, especially in cybersecurity. Looking ahead to 2024 and beyond, we expect to see a rise in polymorphic malware, a sophisticated type of malicious software created using AI technology.

Polymorphic malware is particularly worrisome because it can adapt and evolve to bypass security systems. By studying and understanding these defenses, the malware can effectively infiltrate and propagate within systems, often eluding detection by traditional security measures.

Another significant cybersecurity challenge facing IT leaders is the increase in data breaches resulting from employee negligence. This often involves mishandling or improperly sharing sensitive business information.

Employees may unknowingly expose confidential data through actions like mishandling emails, using insecure networks, or falling victim to phishing attacks.

Such data breaches can be particularly harmful as they involve internal access and may result in the unauthorized disclosure of critical business secrets or personal data belonging to customers and employees.

5. Understanding cybersecurity responsibility

In 2024, CISOs and security professionals have three key priorities. Firstly, they must ensure that all members of the organization, not just the security team, understand their role in cybersecurity. This can be achieved through comprehensive training programs.

Secondly, there is a need for continuous education among employees regarding phishing scams and the importance of avoiding clicking on suspicious links. Implementing tools to reduce spam and phishing attempts can be beneficial in this regard.

Lastly, it is essential for security experts to utilize queryable encryption to safeguard sensitive data, even in the event of a ransomware attack.

In 2024, it will be crucial for enterprises, employees, and security leaders to stay vigilant in addressing the increasing complexity of regulatory requirements and cyber threats, assuming our top security trends are accurate.

While there are no easy solutions to countering next-generation threats, fostering a security-conscious organizational culture and implementing fundamental best practices, such as zero trust access controls and multi-factor authentication, can mitigate future risks.