By Doug Saylors, Partner, Co-lead, Cybersecurity, Information Services Group (ISG)
The cybersecurity market offers promising opportunities for real-time threat intelligence through advanced technologies such as AI and ML. It’s also characterized by formidable challenges: the complexity of modern systems, deepfakes, synthetic identities and other emerging tech-related developments.
Heading into 2024, organizations are investing heavily and proactively in cybersecurity to safeguard their digital assets, recognizing that prevention is more effective and cost-efficient than recovery. This includes implementing robust security protocols, deploying cutting-edge threat detection systems, conducting regular vulnerability assessments and promoting a culture of cybersecurity awareness among employees. Additionally, organizations are embracing the concept of “defense in depth,” deploying multiple layers of security to create a resilient and robust security posture.
The importance of cybersecurity at the board level cannot be over-emphasized. Executives and board members understand the ramifications of security breaches and are actively exploring strategies and investments to protect the organization’s reputation and financial well-being and foster customer trust and loyalty. To do this, they need comprehensive insights into the organization’s cybersecurity posture, including threat intelligence, incident response capabilities, risk quantification and ongoing security assessments.
Regulatory bodies and governments are shaping the cybersecurity agenda with regulatory frameworks that shift accountability to and incentivize enterprises to ensure they have appropriate defenses for critical vulnerabilities. New U.S. Securities and Exchange Commission (SEC) measures will require cyber organizations in large, public corporations to disclose cyber incidents that hit a materiality threshold to the SEC and in financial reports. This is causing an uptick in new financial frameworks and processes, which in turn will have to be auditable and defensible.
Key Trends and Developments in the Cybersecurity Market
Increased dependence on digital infrastructure and connected systems, the expanded attack surface created by connected devices, cloud computing and IoT, and the increasingly distributed workforce and applications work model have accelerated demand for security architecture guidance on cloud, edge, virtualized implementations, zero trust and endpoint detection and response (EDR).
At the same time, cybercriminals and hacktivists are constantly devising new ways to breach security defenses. Human-centric security is now a top CISO concern as techniques such as social engineering and phishing manipulate individuals into revealing sensitive data or granting access to protected systems. Behavioral psychology can provide insight into employees’ relationships with risk and ensure cybersecurity awareness education and training is as effective as possible.
These factors reinforce the need for a holistic approach to risk management, harnessing the convergence of disaster recovery, business continuity and cybersecurity to minimize the impact of security incidents and ensure critical systems and services are not interrupted.
Other top cybersecurity trends for 2024 will include:
- Increased adoption of extended detection and response (XDR)
Extended detection and response (XDR) is an architectural approach that facilitates integrated detection and response capabilities for all internal data sources. Ideally, an XDR approach consolidates multiple security tools to provide a unified solution that automatically monitors, analyzes, detects and mitigates threats. This AI-powered approach uses automation to improve the efficiency of security operations, enabling a cohesive view of threat signals and data across a security environment. XDR vendors use two main approaches in their offering: open and native.
- An open XDR approach uses an enterprise’s security tools to provide a layer of integration across silos. Open XDR vendors are required to have extensive integration capabilities. Large organizations with a comprehensive security stack prefer open XDR to create a single management platform, regardless of the vendor ecosystem and pre-existing security environment.
- A native XDR approach involves a single-vendor outlook as an all-in-one platform for security intelligence, in which the vendor takes responsibility for the set up and integrations, enabling rapid deployment and time to value. Typically, native XDR solutions can be integrated with other security products of the same vendor and have limited interoperability with other vendor security products.
- Growth of attribute- or context-based access control and the decline of pure, role-based access control
Passwordless authentication is becoming a component of a zero-trust architecture. Some enterprises eliminate passwords whenever possible, but to attain the actual state of zero trust architecture, it is imperative to consider other options.
- Security solutions that offer passwordless authentication are gaining prominence among enterprises as they reduce user log-in friction and strengthen system resilience by adding an AI-powered layer of security.
- Some identity and access management (IAM) vendors have acquired start-ups and technology companies to launch AI-driven passwordless authentication platforms that use behavioral data to interpret suspicious activities.
- Acceleration of managed security services (MSS) and managed detection and response (MDR) services
MSS and MDR services empower enterprises to strengthen their cybersecurity frameworks, mitigate risks and respond effectively to security incidents. Outsourcing these services to experts frees organizations to focus on their core competencies.
MSS: Large enterprises need a full range of MSS, including data security, threat intelligence and analytics, incident response, security risk and compliance services and rapid response and recovery to cyberthreats. MSS providers help these enterprises develop and implement a comprehensive security strategy and roadmap.
MDR: Phishing and ransomware attacks are the most common security breaches for small and medium businesses. These businesses need end-to-end threat detection and response capabilities to protect sensitive corporate data and assets, but they lack the budget and expertise to implement robust security measures. MDR service providers offer network and endpoint monitoring, incident analysis and response and proactive threat hunting.
- Incident response assessments and virtual CISO services are gaining momentum
The shortage of skilled experts is a challenge in the industry, and enterprises of all sizes are struggling to hire well-qualified and experienced CISOs. As an alternative, some enterprises are choosing virtual CISO or CISO on-demand services from cybersecurity consulting firms, MSSPs and independent consultants. These providers offer well-defined and comprehensive virtual CSO (vCISO) services that focus more on small and medium businesses.
For large enterprises, incident response assessments improve understanding of cyber resilience maturity and determine detection, response and recovery capabilities across their security operations.
- Cybersecurity risk quantification gains traction
Enterprise boards and senior leadership teams are starting to ask how their cybersecurity investments address evolving threats to the business and how to quantify the reduction in risk they deliver. Enter cyber risk quantification methods that use actuarial models to provide tangible, practical and easy-to-understand estimates of cybersecurity value.
In this area, organizations will be hyper-focused on risk analysis from the perspective of AI-driven cyber threats, risks that stem from the organization’s use of AI and the cyber implications of the internal use of AI. This will lead to a reactive flurry of policies and guidelines, such as acceptable use policies for ChatGPT, Grok, Copilot and others.
In 2024, more IT and cyber leaders will add cyber risk quantification to their portfolio of tools to communicate cybersecurity value. Solutions range from those that are highly customized and require significant training for cyber and risk teams working with actuarial and risk modelling experts, to risk-quantification-as-a-service leveraging available market and organization data on platforms with proprietary actuarial models.
Investments in advanced security tools and solutions alone will not ensure business continuity. The multitude of challenges enterprises face, including cyber risks, threats and cyberattacks, compliance obligations and more, require them to double down on achieving cyber resilience in 2024.
About the Author
Doug Saylors leads the ISG Cybersecurity business in the Americas, ANZ and Asia Pacific. He offers expertise in cybersecurity strategy, administrative and operational models, large-scale transformation projects, infrastructure, digital enablement, relationship management and service delivery, and a strong focus on minimizing the risk of loss. He has helped dozens of the firm’s most prominent global clients in multiple industries, including Aerospace & Defense, Life Sciences, Financial Services, Healthcare and Manufacturing, with operational assessments and strategy development to select optimal delivery alternatives and achieve the client’s overall business objectives. Doug can be reached on LinkedIn and at our company website https://isg-one.com/.