Security and Identity Cloud have released the 2024 Cybersecurity Forecast report, revealing the trends and perspectives in cybersecurity in 2024. Phil Venables, VP of TI Security and CISO at Google Cloud, and Nick Godfrey, Senior Director, Office of the CISO at Google Cloud, provided updates on last year's headlines and offered forward-looking insights into the future landscape of cybersecurity.
The year 2023 was prominent for IT as it marked a profound shift in the security world, with the rise of generative AI dominating significant headlines. Google has been utilising machine learning and AI in security for nearly twenty years. However, the advent of generative AI has had a powerful impact on security frameworks.
Generative AI has the power to significantly boost cybersecurity paradigms, making security processes smarter and more efficient. Its rapid growth will cause threat actors to use AI to scale their information operations. According to the report, "Defenders will use gen AI and related technologies to strengthen detection, response, and attribution of adversaries at scale, as well as speed up analysis and other time-consuming tasks such as reverse engineering."
In terms of key points, the report has anticipated increasing instances of 'shadow AI' in workplaces, where employees may inadvertently use consumer-grade AI tools over more secure enterprise-grade counterparts.
Marina Kaganovich, executive trust lead at the Office of the CISO, advised, "Since generative AI tools and use-cases will only mature over time, organisations should get ahead of the trend. They should develop plans to implement generative AI safely and effectively, starting by choosing gen AI tools that fit their use-cases."
The report also emphasised that generative AI model developers will increasingly be held accountable for their models' outputs. Organisations adopting these models need to understand the limits of foundational models and new methods to secure them. Toby Scales, an advisor at the Office of CISO, stated that public declarations of AI principles will become increasingly crucial as technical innovation intersects with moral philosophy.
A significant expectation for the future is that with new SEC rules in place, Chief Information Security Officers (CISOs) will likely seek more job protection. Taylor Lehmann, Director and Office of the CISO, added, "The beliefs that the CISO is individually accountable for cybersecurity outcomes and that cybersecurity is beyond the typical responsibilities of non-technical leadership will no longer be accepted."
The forecast also unveiled that attacks on hybrid and multicloud environments would have an increasing impact due to identity-management problems and configuration errors. To combat these threats, companies are recommended to invest in correct credential management, enforce policies, and dedicate significant resources towards training.
Odun Fadahunsi, Financial Services Executive Trust Lead, Office of the CISO, stressed the importance of risk management in cloud adoption, stating that it can help drive digital transformation goals. Other potential issues beyond technological security were also addressed, such as the new concerns in the space of medical device security, specifically patient safety, and the vulnerabilities observed in supply chains.
Overall, the 2024 Cybersecurity Forecast provides crucial insights into the upcoming trends in cybersecurity, urging organisations to prepare and strengthen their security systems for the year ahead.