For IT services companies, the 2024 cybersecurity outlook features emerging technologies that are significantly changing the task of protecting businesses.
Generative AI (GénAI), the expansion of edge computing and the continued advance of quantum computing will complicate the security landscape this year, industry executives say. The partner ecosystem can expect to encounter many customers seeking advice on these developments.
At the same time, however, service providers will ensure that customers continue to benefit from essential security elements that transcend the latest innovations.
With that in mind, here are four cybersecurity market trends to consider:
1. GenAI goes both ways
This year, much of the cybersecurity discussion will revolve around GenAI, which paradoxically opens up vulnerabilities. And increases security measures. IT service leaders must navigate technology that can cut both ways.
Srinivasan CR, chief digital officer and executive vice president of cloud and cybersecurity services at Tata Communications, said he has a positive outlook on GenAI and its effects on security. He said the technology can strengthen malware analysis and speed up incident and alert responses through AIOps. GenAI is also integrated with tools such as Microsoft Security Copilothe noted.
“Every tool and every application you use to secure the enterprise is getting smarter and smarter,” Srinivasan said. “Generative AI puts you in a better place.”
He acknowledged, however, that GenAI “will be used for both good and bad.”
As for the latter, security concerns include rapid injection and other significant language model vulnerabilities, noted Miles Ward, CTO at SADA, a technology and business consulting firm. Furthermore, API attacks as well as inadvertent data leaks or exfiltration are issues with AI-based chatbots.
On the other hand, GenAI can speed up and simplify security tasks.
Srinivasan CRChief Digital Officer, Tata Communications
“Generative AI tools are extremely powerful for automating or augmenting what is done in existing cyber workflows,” Ward said.
AI technology, for example, can help manage security logs, a typical workflow item for a security operations center (SOC). GenAI can help review logs, make sense of data and support activities such as threat hunting, Srinivasan said. But GenAI alone cannot deliver these benefits. A company should first consolidate its security data into a data lakehe noted.
“Generative AI will be a useful addition to SOC and, in some sense, will reduce the complexity of daily tasks,” Srinivasan said.
2. Edge Computing Complicates Security and Governance
Companies bring more computing power, devices, applications and workloads at the limit. This means more security concerns for service providers and their customers.
Companies are becoming more comfortable with edge networks and associated use cases, said Ally Adnan, managing director, strategic cyber risk, at Deloitte Risk and Financial Advisory. He said cutting-edge applications have grown in the healthcare, retail, energy and utility sectors. But broader adoption comes at a cost.
The increasing scale of edge deployment “absolutely increases the risk,” Adnan said. “This should make security at the edge a higher priority.”
Cybersecurity concerns could overshadow the business benefits of moving more processing to the edge, Srinivasan said. He said the border requires robust controls and “rock-solid” cybersecurity processes.
“It’s basically distributed computing,” he said. “This expands the surface area for cyber events and attacks.”
These attacks are becoming more and more sophisticated, according to Adnan. Threat actors execute attacks in combination: man in the middle attack and exfiltration, for example. This approach complicates efforts to prevent and respond to attacks, he added.
In this context, companies need to plan for cybersecurity from the beginning, rather than building a perimeter network and trying to secure it later, Adnan said. And planning for edge security requires more people to be involved than previous IT security initiatives. The scope includes users, senior management and suppliers, he noted.
“In the past, people worked in silos,” Adnan said. “Roles and responsibilities within an edge network have become more complex and tend to overlap. It is essential to have the right governance model here. »
Adnan said he expects business and technology leaders to spend more time developing cutting-edge network governance models that clearly delineate roles and responsibilities. The task of governance will keep organizations busy this year and, potentially, well beyond.
3. Post-quantum cryptography takes a major step forward
This year, more businesses may also start planning post-quantum cryptography.
Julian van Velzen, chief technology innovation officer and director of Capgemini’s Quantum Lab, said it has long been known that quantum computers would eventually be able to break conventional encryption algorithms.
“But now that moment is getting much closer,” he said. “We have to take this very seriously.”
This year will prove crucial in the evolution of this security issue, van Velzen said. He cited this year’s expected release of final NIST standards for quantum-resistant algorithms. Regulation will pave the way for migration to post-quantum cryptography. Organizations managing critical infrastructure and companies supplying U.S. government agencies will be among the first to implement the new cryptography, van Velzen noted. Other companies will follow in the coming years in what he describes as a complex and lengthy process.
“It won’t be easy,” he said. “We need to think about what this migration is going to look like and it’s probably going to take us many, many years.”
4. Basic cyber hygiene remains essential
Businesses may pay more attention to AI, edge computing and post-quantum cryptography this year. But they also need to stay focused on the basics of cyber hygiene.
SOC, 24/7 monitoring, proactive alert response and threat hunting remain among the essential elements of security, Srinivasan noted.
“These things are really fundamental,” he said. “Many companies still don’t have the answers to all of them.”
A report from the Capgemini Research Institute suggests that companies view security issues as more important and plan to spend accordingly. Investment priorities report found that 61% of business leaders surveyed view cybersecurity threats as “a major risk to business growth.” In last year’s survey, only 39% of respondents ranked cybersecurity as a risk to their business’s growth.
Respondents ranked cybersecurity as their third technology priority in 2024, after AI/GenAI and cloud. The Capgemini Research Institute surveyed 2,000 executives and senior executives.
John Moore is a writer for TechTarget Editorial covering the role of the CIO, economic trends and the IT services industry.