2024 Cybersecurity Predictions & Emerging Trends – Part Two

Posted January 18, 2024 by Sayers 

Part one of this two-part series delved into six cybersecurity predictions for 2024 by our panel of Sayers engineering experts. 

As you prepare for new technology capabilities as well as threats to your business, read on to round out an even dozen of the panel’s cybersecurity predictions for 2024.

7. Companies Will Lower Their Cybersecurity Insurance Costs By Maturing Their Identity Security Program.

Identity security is a foundation of zero trust and a component of every security framework. Historically, cybersecurity insurance companies have had a security tool mindset, advising organizations to have specific identity security tools in place such as multi-factor authentication (MFA).

Now those cybersecurity insurance companies are asking smart follow-up questions about the maturity of your identity security program, such as: 

  • Is everybody in your organization using MFA? Or did you turn it off for C-suite members who are bothered by the extra steps to get into a system? 
  • If you’re using a privileged access management (PAM) solution, do you manage all of your privileged accounts in it?
  • How quickly are users taken out of the system once they leave the organization? 
  • In what other ways are you getting maximum value out of the tool to prevent malicious actors from gaining access to privileged areas?

“It’s not just about having the identity security tools, but what you’re doing with them that reflects your program maturity. Insurance companies are picking up on that. Some of our customers have been able to lower the cost of their cybersecurity insurance premiums because of the conversations they had with the insurance company about what they’re doing with identity security tools.”

Joe Schnell, Senior Cybersecurity Architect at Sayers

8. Threat Exposure Management Will Need To Be Continuous. 

Doing a vulnerability assessment or a penetration test once or twice a year isn’t enough to stay ahead of cybersecurity attackers, who are pivoting quickly. 

Applications are going through so many rapid changes, you have to be sure a developer hasn’t enabled something that’s going to expose sensitive data. 

Organizations are turning to continuous threat exposure management (CTEM) for a proactive and continuous approach to monitor, evaluate, prioritize, and improve their threat management processes. 

According to Gartner:

By 2026, organizations that prioritize their security investments based on a continuous exposure management program will be 3x less likely to suffer a breach.

Chris Willis, VP of Cybersecurity and Network Engineering at Sayers, adds:

“Managing threat exposure continuously is going to be extremely important. Offerings such as breach and attack simulations are getting into the CTEM space. We’re going to see more of that from multiple vendors.”

9. Ransomware Attacks Will Continue To Evolve.

Every device you have connected to a network is part of your attack surface. That attack surface includes CPS devices such as biomed implants or robotics. 

In 2024, expect to see these exploited in new ways. For example, imagine a ransomware scenario where malicious attackers ransom your electric car instead of your computer.

New SEC rules require public companies to report material cybersecurity incidents within four business days and report ransomware payments within 24 hours. Will bad actors use those rules to further extort the organization and its officers after looking for emails as evidence the company didn’t disclose within the required timeframe? 

“We’re going to start to see ransomware ramp up and move more into the extortion area. We will see more of a drive at the higher levels of organizations for a strong security practice versus just meeting compliance requirements.” 

Joe Schnell, Senior Cybersecurity Architect at Sayers

10. More Organizations Will Take Advantage Of Services And As-A-Service Offerings 

As cybersecurity vendors look for additional revenue streams, more managed services will enter the market. Many organizations lack enough trained and knowledgeable cybersecurity resources, so they will turn to as-a-service capabilities for help. 

A growing number of vendor-specific technologies will integrate with public clouds as a service, reducing complexity for companies in the cloud. More organizations also will turn to penetration testing as a service (PTaaS) as those offerings are becoming less disruptive to organizations.

“There’s been a huge race to move to the public cloud. Services are going to be booming because companies’ IT security departments will need help implementing security solutions in the cloud. Many of those organizations want a turnkey solution because the technology is too complicated for them to implement themselves.”

Gerry Wollam, Senior Cybersecurity Solutions Architect at Sayers

11. Quantum Cryptography Will Expand To Thwart Quantum Computing

The development of quantum computing threatens data and network security by using quantum bits (qubits) to perform complex calculations. Quantum computers can break through larger encryption keys in a much faster timeframe, but they also can make more robust encryption techniques possible.

Tech vendors such as Palo Alto Networks are encouraging companies to transition to post-quantum cryptographic suites as they upgrade their virtual private networks to resist quantum computing attacks.

The Open Quantum Safe project supports the development and prototyping of quantum-resistant cryptography through open-source libraries including OpenSSL. 

12. Consolidation And Integration In Cybersecurity Will Continue.

Organizations want to move to fewer security technology providers. Larger vendors are looking to converge technologies into platform offerings, while smaller vendors find it more difficult to compete. The result: Niche players in cybersecurity will continue to be acquisition targets. 

In a recent example, Palo Alto Networks announced they will acquire Dig Security, a cloud security start-up focused on data security posture management (DSPM).

In the identity space, players tend to fall into one or more of the three pillars – access management (AM), privilege access management (PAM), and identity governance and administration (IGA). Expect to see consolidations among vendors to cover all three of those pillars.

Vendors that don’t get acquired will continue using API integrations to integrate with other security applications, making their offerings better in the process.

 “We’re going to see a lot of consolidation because how many different CSPM or CNAPP platforms can the industry support independently? There are too many options, because everyone says they can do it. At some point, they’re going to consolidate down to two or three. 

Ken Wisniewski, Senior Security Architect at Sayers

Questions? Contact us at Sayers today to discover extensive technology solutions and expertise to cover all areas of your business.

    Addresses

  • Atlanta
    675 Mansell Road, Suite 115
    Roswell, GA 30076
  • Boston
    25 Walpole Park South, Suite 12, Walpole, MA 02081
  • Rosemont
    10275 W. Higgins Road, Suite 470 Rosemont, IL 60018

 

  • Bloomington
    1701 E Empire St Ste 360-280 Bloomington, IL 61704
  • Chicago
    233 S Wacker Dr. Suite 9550 Chicago, IL 60606
  • Tampa
    380 Park Place, Suite 130, Clearwater, FL 33759

Have a Question?

Subscribe Contact us