As the digital landscape continues to evolve, so do the threats and challenges faced by organizations. In 2024, several cybersecurity trends are expected to shape the way we approach security. In this article we explore the top security trends for the coming year.
1. Security Of Generative AI
Generative AI, powered by large language models like ChatGPT and Gemini, is gaining prominence. While it promises productivity gains and skills reduction, security leaders must collaborate proactively with business stakeholders to ensure ethical, safe, and secure use of this disruptive technology.
With thousands of GenAI solutions accessible through browsers, knowing what is running in your environment is half the battle. Allowing people a safe place to practice with these tools is essential for avoiding high risk AI tools becoming a shadow IT issue in your environment. A few simple steps can set you on the right path:
Inventory, monitor and manage in-house GenAI tools and use cases.
Define GenAI requirements and understand where your data is going.
Implement solution controls and issue safe-use guidelines for users.
Learn how to secure GenAI attack surfaces and block high risk tools.
2. Security With Generative AI
The other side of the coin is the use on GenAI to enhance your security practice. Your security focused GenAI tools still need to follow the four steps above, however the use cases from these tools can enhance detection, protection and response times of your SOC. For example:
Automated Threat Detection: GenAI can analyse vast amounts of security data, identifying patterns and anomalies that human analysts might miss. From detecting phishing emails to identifying zero-day vulnerabilities, GenAI can improve threat detection.
Behavioural Analysis: GenAI models learn from historical data and can recognize abnormal user behaviour. By monitoring network traffic, user activity, and system logs, GenAI helps organizations spot potential insider threats or unauthorized access.
Predictive Analytics: GenAI predicts potential security incidents based on historical data and real-time observations. It can assist in proactive risk management by identifying vulnerabilities or miss configurations before they are let loose in production.
There's certainly not a 'one size fits all' solution here, and its best to understand clearly what activities you are looking to enhance and finding the right tool to help you with that use case. Avoid the danger of implementing a GenAI security tool without having a clear vision of how it is going to add value to your operations.
3. Cybersecurity Outcome-Driven Metrics (ODM)
Boards and executives seek confidence in their cybersecurity strategies. Outcome-Driven Metrics, or 'ODMs', bridge the communication gap by linking cybersecurity investment to delivered protection levels. These metrics enable a defensible investment strategy, reflecting agreed-upon protection levels in simple language that non-IT executives can understand.
In simple terms, Outcome-Driven Metrics are created exactly how they sound: understand the risk outcome you are looking to drive and measure your operations against it. For example:
Outcome: Reduction in vulnerability exploit time.
This outcome directly ties to the likelihood of a cyber compromise.
Protection Level: An agreed time to patch vulnerabilities.
This agreed protection level defines the target for the metric.
Metric: Average days to patch.
This operational metric is measured against your protection level and determines one of two things...
You are below your protection level agreement and no further investment is needed.
You are above of your protection level agreement and further investment is needed.
Adding trending to these Outcome-Driven Metrics provides insight into areas that have historical under investment as opposed to minor monthly deviations - ensuring that investment into security is going where it is needed most.
4. Security Behaviour & Culture Program
A Security Behaviour and Culture Program is a strategic initiative aimed at shaping employee attitudes, behaviours, and practices related to security. It goes beyond mere compliance training and focuses on creating a security-aware workforce that actively contributes to risk reduction and incident prevention.
The PIPE framework can help in designing effective security behaviour and culture programs. Let’s break down each component:
Policies and Procedures (P):
Policy Development: Start by creating clear and concise security policies. These policies should align with organizational goals, legal requirements, and industry best practices.
Policy Communication: Regularly communicate policies to employees. Use multiple channels (emails, intranet, posters) to ensure widespread awareness.
Policy Enforcement: Implement mechanisms to enforce policies consistently. This includes monitoring, audits, and consequences for non-compliance.
Incentives and Metrics (I):
Positive Reinforcement: Recognize and reward security-conscious behaviour. Consider gamification, certificates, or small incentives for compliance.
Metrics and KPIs: Define measurable security-related Key Performance Indicators (KPIs). Examples include reduced incident rates, completion of security training, or timely patching.
People (P):
Training and Awareness: Regularly train employees on security best practices. Cover topics like phishing awareness, password hygiene, and safe browsing.
Leadership Buy-In: Leadership sets the tone. Ensure executives actively participate in security initiatives and demonstrate commitment.
Champions and Advocates: Identify security champions within teams. These advocates promote security awareness and serve as role models.
Education and Culture (E):
Continuous Learning: Security education is not a one-time event. Provide ongoing learning opportunities, such as webinars, workshops, and newsletters.
Cultural Integration: Embed security into the organizational culture. Encourage open discussions about security risks and incidents.
Behavioural Nudges: Use subtle cues to influence behaviour. For example, display security reminders near printers or elevators.
A great example of continuous learning and behavioural nudges the cyber awareness campaign kit is Education Arcades offering: "First Line of Defence: Cyber Compromise".
5. Taking Action!
This may sound like a strange thing to add to a 'top security trends' list; however, research has shown that security teams are pushed to capacity. As a result, the best laid plans often fall short as operational demand exceeds strategic delivery capacity.
Understanding what action to take first is essential and utilising existing resources to speed up the early stages of delivery can drastically improve the likelihood of meeting your strategic roadmap milestones.
Using the Security Behaviour and Culture Program as an example, you can speed up your delivery of this initiative by following the trusted implementation guide from those who developed it:
Implementing the PIPE Framework
Assessment: Begin by assessing your organization’s current security culture. Identify gaps and areas for improvement.
Strategy Development: Develop a comprehensive strategy that aligns with business objectives. Involve HR, IT, and communication teams.
Communication Plan: Craft a communication plan to disseminate security messages effectively.
Training Programs: Design engaging and relevant security training programs. Consider e-learning modules, workshops, and simulations.
Measurement and Feedback: Continuously measure program effectiveness. Seek feedback from employees and adjust strategies accordingly.
Remember to build capacity into your teams and provide guiding frameworks to fast track delivery so that they are able to meet the objectives in your roadmap. Those are the top 5 security trends for 2024, we hope you find some value in them!