By MARGARETA PETROVIC, Global Managing Partner, Risk & Cybersecurity Consulting & Service Integration and DR. KPS SANDHU, Head of Global Strategic Initiatives, Cybersecurity
1. Generative AI Creates Security Opportunities and Pronounces Threats
Generative AI and machine learning are increasing the frequency and complexity of cyber-attacks, creating new pressures on companies. This technology can allow cybercriminals to launch sophisticated and stealthy attacks like deepfakes or self-evolving malware, compromising systems on a large scale. To counter these advanced threats and fight fire with fire, enterprises must use AI-driven cybersecurity
This technology has the potential to transform the industry by improving enterprise posture through automated hardening of configurations and compliance, overcoming micro-segmentation challenges, fine-tuning least privilege access, enhancing reporting and more. It can be used to significantly improve security operations in many ways, such as, identification of false positive alerts with application of supervised machine classification and active learning, detection of advanced attacks like DNS tunneling with the help of machine learning based payload analysis and traffic analysis, and discovery of new threat samples using deep-learning supervised classification models.
As threats become more eminent and dangerous, companies can consider two distinct methods to uplift their cyber resilience programs which we believe will see prominence in the future: cyber insurance and real-time threat dashboards.
Currently, leaders in cybersecurity understand the need to prepare for generative AI threats and opportunity—with insurance becoming less of a choice and more of a necessity. As a core precautionary method, a centralized visibility dashboard is a tool we expect many companies to invest in as it can plan, track, and react to attacks while giving insights into real-time cyber risks.
We believe AI and machine learning will be used more widely to help protect data across hybrid cloud environments by identifying shadow data, monitoring data access, encrypting data in transit and at rest, and alerting security teams about potential data breaches. In the future, user authentication, AI and machine learning will continue to grow in influence. Leaders can use new technology to help balance security with user experience by analyzing the risk of login attempts, verifying users through behavioral data, biometric data, or multifactor authentication. Additionally, malware can be detected and blocked by analyzing file characteristics, network traffic, user behavior, and other indicators of compromise. As enterprises embark on this journey, they should prioritize employee education on the secure use of AI tools, ensure security of data transmitted to and from AI tools, have stringent access control and monitoring, and continuously harden models to mitigate potential security vulnerabilities.
2. Spotlight on Cyber with Increased Focus at the Top, Emphasizing Pressure on CISO Role
Due to increased cyber-attacks and opportunities for breaches, we expect C-suite to become increasingly involved in cyber risk-related decisions. According to reports, with increased executive accountability and heavy fines for violations, boards will focus on cybersecurity regularly and could take actions like creating a dedicated cybersecurity committee, engaging with external advisors, and requesting regular reports from CISOs. Legislative changes such as the EU’s NIS2 Directive and rule changes by the Securities and Exchange Commission (SEC) around material cybersecurity breaches will affect board and cyber organisation structures while influencing decisions about investing in security access management, cloud security, data security,
This has elevated the office of the Chief Information Security Officer (CISO), who have traditionally operated from a technocrat mindset of managing tactical risks, putting out fires, and enforcing compliance to being included in business strategy decisions and driving cybersecurity-enabled competitive advantage. Now, these leaders increasingly report to the board and have more autonomy to make investment decisions. Boards will have a dedicated cyber committee, and specific C-suite cyber performance metrics, while also requiring companies to mandate cybersecurity education and training programs as further ways to mitigate cybersecurity risks and integrate cybersecurity best practices into any company-wide strategy.
3. A More Regulated, “Sovereign Cloud” Becomes Standard in Global Business
We expect the adoption rate of sovereign cloud to grow significantly in the coming years as more countries and regions develop data sovereignty laws and initiatives. When utilizing this cloud, companies can safeguard valuable data and systems from unauthorized foreign access on a country or local level. Data privacy regulations and the geopolitical landscape are constantly changing, and these affect the control and flow of data. The coverage of these laws is fast expanding and by end of 2023, nearly 5 billion people responsible for nearly 70% of global GDP will fall under a privacy law. The stringent stance taken by countries against privacy violations with huge fines being levied on enterprises makes data sovereignty a key imperative. By adopting a sovereign cloud solution, organizations can reduce the risk of data breaches, espionage, sabotage, while enhancing trust with investors, customers, and regulators.
The current adoption rate of sovereign cloud varies depending on the sector, industry, and geography. According to a survey by IDC in 2020, 40% of European organizations have already adopted sovereign cloud solutions, while 31% plan to do so in the next two years. The adoption rate is higher among public sector organizations (49%) than private sector ones (37%), and among organizations in France (54%) and Germany (51%) than those in the UK (29%) or Italy (28%).)
Some examples of sovereign cloud solutions are Gaia-X: a European project that aims to create a federated data infrastructure that ensures data sovereignty, security, interoperability, and portability for European cloud users and Azure Government: a Microsoft cloud service that offers dedicated regions and compliance certifications for U.S. federal, state, local, and tribal government entities, as well as their partners. Alibaba Cloud is a Chinese cloud service that operates multiple regions within China and complies with Chinese laws and regulations for data security and privacy.
4. Expanded Digital Ecosystems Leave Room for Attack, Altering Vendor Strategy
As business models involving digital ecosystems (complex networks of businesses, individuals and various systems and stakeholders that use technology to interact) become more sophisticated, we expect cyber threats to be more imminent. Right now, it is no longer feasible to address every threat identified in an organization’s digital ecosystem. Because of this, it is recommended that enterprises adopt a continuous approach to threat management which involves expanding threat assessments to include integrated supply chains while consolidating vendors.
As cybersecurity threats emerge and evolve, organizations often respond by adding more security products and partners, but this can ultimately work against their security goals. To solve this, many organizations are considering opting for vendor consolidation so that security posture can also be improved. In fact, 75% of organizations are pursuing a security vendor consolidation, which is a substantial increase when compared to figures of 2020 when it was only29%. The rationalization of the cybersecurity vendor portfolio is urgently needed to provide the security team with an efficient platform to manage risks effectively across the broad threat landscape.
5. While Talent Gaps Continue to Widen, New Hiring Strategies Can Prevail
There are over 700,000 job openings in the U.S. and according to some estimates, there is a need for more than 2.7 million cyber professionals globally. The talent gap in cybersecurity has created a dire need for skilled and qualified people to prevent, detect, and respond to novel and ever-growing cyber threats and incidents.
To combat these rising challenges, companies should consider hiring in-house specialists to bolster internal teams or outsource this work to large external resource companies (consulting firms, cloud providers) to reduce costs and risks. If hiring is not imminently possible, administrators should opt for a managed services provider. The partner can then implement and operate a unified security platform using automated and streamlining processes to strengthen defences against advanced threats while providing complete visibility into the security posture of the enterprise.