By Sharda Tickoo, Director Sales, Large Enterprise and Technical Leader – Trend Micro, India & SAARC
Every year, cybersecurity experts share their predictions about the trends that will define the industry. But how often do we pause and reflect on these forecasts once the year concludes? As we enter the season of new predictions, let’s pause and reflect on the past, closely examining the current landscape of trends that were anticipated to revolutionise the cybersecurity industry at the beginning of 2023. It’s time to separate the signal from the noise in last year’s predictions and consider what implications they hold for the upcoming year.
Dispelling the AI Buzz
At the dawn of 2023, the spotlight was firmly on artificial intelligence (AI), with the rise of ChatGPT capturing widespread attention. Initial concerns suggested that generative AI might give rise to unprecedented cyber threats. However, as the year unfolded, reality took a different turn. Generative AI, though it appears ‘innovative’, is fundamentally confined to synthesising existing data. However, one cannot dismiss its impact entirely. Generative AI did play a role in beefing up existing attack modalities such as phishing in 2023. These AI-driven attacks pose an ongoing challenge for cybersecurity teams. They’re stronger, faster, and smarter than traditional attacks, demanding less human intervention allowing cybercriminals with limited skills to mount effective and lucrative attacks easily.
Amidst the uncertainty surrounding AI and its potential risks, regulatory discussions surged throughout the year. According to the Secretary of the Ministry of Electronics and Information Technology (MeitY) S. Krishnan, the Indian government has commenced the process of preparing regulations for Artificial Intelligence (AI) to foster development, protection, and innovation in this emerging technology.
Closing the skills gap: A cybersecurity trend in desperate need of fixing
A fundamental cultural shift becomes increasingly imperative keeping in mind the ongoing skills shortage in the cybersecurity sector. Globally, organisations are in dire need of filling approximately 3.5 million positions, despite hundreds of thousands of qualified cybersecurity professionals actively seeking employment. According to ISACA’s ninth annual research report, titled “State of Cybersecurity 2023”, the cybersecurity skills gap is leaving businesses vulnerable to attacks, with over 40% of CIO/CTOs in India stating that their cybersecurity teams are understaffed.
One of the primary challenges lies in the lack of specificity within multiple job postings. These listings often insist on extensive expertise and demand years of experience in emerging domains that haven’t been around for that long. What is truly necessary are specific capabilities tailored to defined functions. Organisations should clarify their needs, hire accordingly, and provide internal opportunities for skill development.
It is also equally imperative to recognise that enterprises aren’t the only ones who need to adjust. Achieving effective workforce development requires increased collaboration among the three fundamental pillars: industry, government, and academia, emphasising the need for them to work more closely together. Moreover, academia in particular requires enhanced alignment with industry to better prepare graduates for today’s workplace, bridging the gap in academia-industry dynamics.
Human-centric security: Empowering people as the strongest link
A notable shift in perspective emerged regarding the perception of humans as the weakest link in cybersecurity. To echo the sentiments of Albert Einstein, “Blind belief in authority is the greatest enemy of truth. Regrettably, within the realm of cybersecurity awareness and expertise, certain persistent outdated notions endured in 2023. This includes the clichéd notion that humans are the vulnerable weak point, a concept that needs reconsideration for genuine progress.
Acknowledging that blame lies with organisations for not adequately raising cyber awareness, the narrative is now changing. Recognizing the strength that individuals can bring to cybersecurity, there is a growing emphasis on fostering a culture where employees feel safe reporting mistakes, promoting transparency, and continuous improvement.
Challenge of Tool Proliferation
The persisting trend of tool sprawl in cybersecurity, marked by an abundance of disparate solutions, continued to be a concern in 2023. Organisations grappled with the challenges of managing numerous cybersecurity tools, leading to uncorrelated alerts, redundancies, and increased complexity. Although consolidation efforts were not fully realized in 2023, there is a growing awareness of the need to streamline cybersecurity operations. The potential for consolidation to simplify operations by adopting open platforms and reducing the number of tools and vendors is a trend that is expected to gain momentum in 2024.
Navigating 2024: Cybersecurity trends and emerging solutions
While organisations are encouraged to intensify cybersecurity awareness training, addressing the pervasive and long-standing global skills gap requires innovative and collaborative strategies. As enterprises enter 2024 with a backlog of vacant positions, cybersecurity consolidation emerges as a potential solution to address some of these gaps. Simultaneously, this consolidation offers streamlined cybersecurity operations, fortifying the overall defenses of organisations.
Anticipated advancements in automation and the strategic utilisation of generative AI are poised to bolster the consolidation initiative, serving as crucial defenses amid the evolving landscape of malicious AI applications. Although blockchain is likely to solidify its position within cryptocurrency, its potential utility might extend to other domains, such as in the issuance and management of secure documentation.
Upon reflecting on the events of 2023, a fundamental truth emerges: the definitive verdict on cybersecurity trends can only be revealed with time.