For IT services companies, the cybersecurity outlook for 2024 features emerging technologies that will dramatically change the task of protecting businesses.
Generative AI (GenAI), the expansion of edge computing, and steady advances in quantum computing will all complicate the security landscape this year, industry executives say. In our partner ecosystem, we expect to encounter a large number of customers seeking advice throughout these developments.
But at the same time, service providers ensure their clients continue to have access to security essentials that go beyond the latest innovations.
With that in mind, here are four cybersecurity market trends to consider.
1. GenAI is bidirectional
Much of this year’s cyber discussion will revolve around GenAI, which paradoxically reveals vulnerabilities and Strengthen security measures. IT service executives need to take advantage of technology that is interactive.
Srinivasan CR, chief digital officer and executive vice president of cloud and cybersecurity services at Tata Communications, said he is positive about GenAI and its impact on security. He said the technology can enhance malware analysis and speed up response to incidents and alerts through AIOps. He noted that GenAI is also being incorporated into tools such as Microsoft Security Copilot.
“All the tools and all the applications we use to protect businesses are becoming much more intelligent,” Srinivasan says. “Generative AI gets you to a better place.”
But he acknowledged that GenAI “will be used for good and for bad.”
Regarding the latter, security concerns include: Immediate injection and other large-scale language model vulnerabilities, notes Miles Ward, CTO of SADA, a technology and business consulting firm. Additionally, AI-based chatbots are susceptible to API attacks and inadvertent data leaks and theft.
On the other hand, GenAI can speed up and simplify security tasks.
Srinivasan CRChief Digital Officer, Tata Communications
“Generative AI tools are very powerful for automating or extending what is being done in existing cyber workflows,” Ward said.
For example, AI technology facilitates security log management, a typical workflow element for security operations centers (SOCs). GenAI can help support activities such as reviewing logs, making sense of data, and threat hunting, Srinivasan said. However, GenAI alone cannot fully provide these benefits. Companies first need to pool their security data into a data lakehouse, he noted.
“Generative AI can be a useful addition to the SOC and, in some ways, reduce the complexity of day-to-day operations,” Srinivasan said.
2. Edge computing complicates security and governance
Enterprises are bringing more computing power, devices, applications, and workloads to the edge. This means even more security concerns for service providers and their customers.
Aly Adnan, managing director of cyber and strategic risk at Deloitte Risk and Financial Advisory, says businesses are becoming increasingly familiar with edge networks and their associated use cases. He said edge applications are expanding across the healthcare, retail, energy and utility industries. But broader adoption comes at a cost.
Adnan said the increased scale of edge deployments “certainly increases the risk.” “Security at the edge must become a higher priority.”
Srinivasan said cybersecurity concerns could overshadow the business benefits of moving more processing to the edge. He said the edge requires robust controls and “robust” cybersecurity processes.
“It’s basically distributed computing,” he says. “The scope of cyber events and attacks will expand.”
Adnan said these attacks are becoming increasingly sophisticated. Threat actors carry out attacks using a combination of man-in-the-middle attacks and theft. This approach complicates efforts to prevent and respond to attacks, he added.
Against this backdrop, Adnan said companies need to plan for cybersecurity from the beginning, rather than building edge networks and trying to secure them later. Additionally, planning for edge security requires more human involvement than previous IT security initiatives. He noted that scope includes users, executives, and vendors.
“People used to work in silos,” Adnan said. “Roles and responsibilities in edge networks are becoming more complex and they tend to overlap. Having the right governance model is important here.”
Adnan said business and technology leaders will spend more time developing edge network governance models that clearly delineate roles and responsibilities. Governance will be a challenge for organizations this year and perhaps beyond.
3. Post-quantum cryptography reaches a milestone
This year, more companies are likely to launch plans such as: post quantum cryptography.
Julian van Velzen, chief technology innovation officer and director of the Capgemini Quantum Institute, said it had been known for some time that quantum computers would eventually be able to break traditional encryption algorithms. Stated.
“But now that moment is getting much closer,” he said. “We need to take it very seriously.”
This year will be a pivotal year in the evolution of this security concern, Van Velsen said. He noted that NIST’s final standard for quantum-resistant algorithms is expected to be released this year. This regulation prepares the transition to post-quantum cryptography. Organizations that manage critical infrastructure and companies that supply products to U.S. government agencies will be among the first to adopt the new encryption, Van Velsen noted. He said other companies will likely follow suit in the coming years, a complex and time-consuming process.
“This is not going to be easy,” he said. “We have to think about what this transition will be, and it will probably take many years.”
4. Basic cyber hygiene remains a must
Companies may focus more on AI, edge computing, and post-quantum cryptography this year. However, we must also continue to focus on the basics of cyber hygiene.
SOC, 24/7 monitoring, proactive alert response and threat hunting remain among the key elements of security, Srinivasan said.
“These are really basic things,” he said. “Many companies still haven’t ticked all of those boxes.”
The Capgemini Institute report suggests that companies are considering security risks higher and are planning their spending accordingly.investment priorities report We found that 61% of business leaders surveyed believe that cybersecurity threats are a “key risk to business growth.” In last year’s survey, only 39% of respondents rated cyber as a business growth risk.
Respondents ranked cybersecurity as their third technology priority for 2024, after AI/GenAI and cloud. Capgemini Research conducted a survey of 2,000 executives at board level and above.
John Moore is a TechTarget editorial writer, covering CIO roles, economic trends, and the IT services industry.