With 2024 on the horizon, we have once again reached out to our deep bench of experts here at Netskope to ask them to do their best crystal ball gazing and give us a heads up on the trends and themes that they expect to see emerging in the new year. We’ve broken their predictions out into four categories: AI, Geopolitics, Corporate Governance, and Skills. Here’s what our experts think is in store for 2024:
AI
The rise of AI-enabled threat actors
“The increasing accessibility of AI technologies will unfortunately empower cybercriminals to refine their attack methodologies. Anticipate enhanced utilization of AI for rapid vulnerability exploitation and the automated extraction of valuable information. Adversaries may also leverage generative AI for crafting effective phishing narratives and creating realistic deepfake audio and video, therefore elevating their social engineering capabilities. With the rise of more sophisticated cyber threats, traditional rule-based approaches may become inadequate. We can expect more companies to turn to AI and machine learning algorithms that can enhance threat intelligence, improve phishing prevention, and detect abnormal patterns in real-time.” Yihua Liao, Head of Netskope AI Labs
AI assistants are here to stay
“2024 will be the year of the AI assistant. As demand for AI increases and organizations experiment with new services, it will become common for employees to leverage their own AI assistant either in simplifying existing tasks or supporting and enhancing new methods of working. As a result, both security and privacy will need to be considered by organizations.” Neil Thacker, CISO EMEA
Generative AI for continuous analysis and monitoring
“In the coming year, I think we will see generative AI be used to analyze a company’s existing policies, regulatory requirements, and threat landscape to generate tailored security policies. I also think we will also see generative AI used to continuously monitor a company’s network and systems for policy violations and automatically respond to issues.” Mike Anderson, CIO & CDO
Geopolitics
Potential for Cyber Peace Agreements on the horizon
“Wars have historically played out on land, sea, and air, but the digital domain is fast emerging as the latest battleground. As we approach 2024 – and beyond – major geopolitical confrontations will increasingly involve cyber elements, elevating cybersecurity to a top priority for countries globally. Just as peace treaties are negotiated for conventional wars, 2024 may see proposals for “Cyber Peace Agreements” between nations.” James Christiansen, VP, CSO – Cloud Security Transformation
AI regulations facing scrutiny
“Proposed AI regulations will come under scrutiny in 2024. We are already seeing countries and entire regions proposing new AI regulations to counter and attempt to control new services, but will we see draft regulations proposed and updated that can support innovation alongside ethics and privacy? All eyes are on the U.S, Europe, and China but could other countries steal a march by delaying their own regulations to enter the AI arms race?” Neil Thacker CISO EMEA
Board consequences for security incidents
“I think we will see shareholders start to sue companies for not disclosing material security incidents in the manner required under the SEC rules. Why does under-reporting happen in the first place? Because companies define ‘material incidents’ from their own perspective, but shareholders don’t care about nuanced definitions of ‘material’ – they care about what’s important to them in selecting investments. Materiality should be defined from the position of the investor NOT the company.” Shamla Naidoo Head of Cloud Strategy & Innovation
Corporate governance
Realizing continuous adaptive trust
“As we close 2023 it’s fair to say that organizations the world over have enthusiastically embraced the broad concepts of zero trust as they seek an appropriate model for pivotal cybersecurity transformation. However in 2024 I expect to see organizations pushing harder for vendors to put meat on the bones of the concept. In particular I think we will see them interrogate promises of what zero means in this context, seeking out ever increasing granularity and looking for ways to implement ‘continuously adaptive’ zero trust, where each request is processed as it emerges, irrespective of its genuine origin and destination.” James Christiansen, VP, CSO – Cloud Security Transformation
More accountability for CISOs and security executives
“The regulatory landscape will heat up with respect to the personal liability on CISOs and security executives in organizations – as we’ve seen with cybersecurity executives from Solarwinds receiving a Wells Notice, or the DoJ charges against Joe Sullivan. I predict we will see more accountability than ever before.” David Fairman, CIO APAC
Skills
The CISO role will continue to transform
“In the coming year, I expect to see an increasing number of CISO roles moving from “technical/tactical” towards being board whisperers, cross-functional influencers, and drivers of cultural transformation. The people with these new powers are the right leaders to drive the Digital Trust agenda which is becoming essential to organizational strategies.” Ilona Simpson, CIO EMEA
Resetting expectations around the “cyber skills gap”
“I predict we will see a shift in the kinds of candidates organizations look to hire into open cyber security roles. I don’t think there is a shortage of security generalists, but there is a shortage of computer scientists, developers, engineers, and information security professionals who can code, understand technical security and enterprise architecture… product security and application security specialists… analysts with threat hunting and incident response skills… individuals with network design, troubleshooting, and operational skills. None of this can’t be fixed by a newbie taking a six-month information security boot camp. Companies will start to realize that rather than looking for a mythical beast they need to focus on career progression to bring in newbies with the intent to invest in them for development.” Gerry Plaza Field CTO – Head of Digital Transformation
If you’d like to hear more 2024 predictions, keep an eye out for our blog dedicated to Netskope Threat Labs predictions on Tuesday 11/21.
