Locking the Piggy Bank: Keeping Prying Hands Out in 2024

Top 2024 Cybersecurity Priorities revealed in a new report by Info-Tech Research Group

Staff

Info-Tech’s Security Priorities 2024 report delves into the pressing issues that IT and security leaders must prioritize over the coming year, including the cybersecurity talent shortage, the rise of AI-driven threats, the integration of security risks with business risks, the adoption of zero-trust frameworks, and the increasing significance of automating security operations. The global IT research and advisory firm explains in the report that by addressing these priorities, organizations can better prepare themselves to face the evolving threat landscape.

With cyber threats becoming increasingly sophisticated, organizations are facing unprecedented challenges in safeguarding their digital assets. Recognizing the urgent need for robust and dynamic security strategies, Info-Tech Research Group has published its Security Priorities 2024 report. The report underscores the critical need for organizations to adapt their security measures in response to the constant changes in cyber threats in 2024 and beyond. The firm’s research highlights the importance of a strategic approach, emphasizing the need for clear oversight and effective implementation strategies to develop, deploy, and monitor security initiatives that enhance an organization’s resilience against threats.

“The threat landscape has been exacerbated by the various emerging attack vectors, such as credential-compromise attacks and cloud exploitation. The increase in supply chain risks and rise in deepfakes also showcase the shift of threat actors to improve the sophistication of their attacks,” says Ahmad Jowhar, research analyst and lead author of the report. “The rising costs of ransomware and cyber insurance premiums coupled with the continuous talent shortage depicts the challenges of efficiently fighting against these threats.”

The Security Priorities 2024 report reveals the pressing issues that IT and security leaders must prioritize and advocates for a pivot from traditional, reactive security postures to proactive, predictive security strategies. The annual report emphasizes the importance of fostering a security-centric culture across the organization, enhancing collaboration between security teams and other business units, and developing agile security frameworks that can adapt to new threats and business needs.

“The emergence of advanced technologies has created opportunities for organizations and security leaders to explore unique approaches to these challenges while also enhancing existing capabilities to better equip themselves with the right people, process, and technology this year,” says Jowhar. “These approaches include assessing the ability to address the talent shortage through upskilling, establishing a foundation to implement AI technologies, and evaluating an organization’s security risk management with respect to integrating with the enterprise.”

Info-Tech’s latest report is based on comprehensive research, including insights from the firm’s Future of IT survey and in-depth interviews with IT and security professionals across various industries and regions. The diverse approach ensured that the experiences of leaders from both small and large organizations were incorporated into the report and covered a broad spectrum of security budgets. The insights collected and analyzed by the firm reflect the realities of managing cybersecurity in different organizational contexts, from multinational corporations to nimble startups, providing a well-rounded view of the challenges and strategies at play in the current security landscape.

Leveraging the firm’s research findings and data, the Security Priorities 2024 report outlines the following five high-priority initiatives security leaders, and their organizations, should implement to confidently address security risks for 2024 and the years to come:

Develop and Optimize Cybersecurity Workforce. For the third consecutive year, talent shortage has remained the most pressing cybersecurity challenge, as highlighted by Info-Tech’s survey data. Respondents rated the difficulty of hiring enough security professionals to meet demands at an average concern level of 3.32 out of 5. Security leaders must identify their current skills gap and organizational needs, define their current security resourcing plan, and determine their approach to acquiring the necessary expertise.

Secure the AI Revolution. As many organizations are working to leverage the power of AI, measures must be in place to ensure an effective adoption of the technology. Establishing AI governance should be one of the initial initiatives within an organization’s AI roadmap to ensure a strong and ethical risk management framework is in place. However, according to the new report, over 40 percent of organizations don’t have AI governance in place. In order to address potential vulnerabilities, Info-Tech advises security leaders to prioritize identifying their organization’s AI goals, determine existing security gaps, and formalize a comprehensive AI governance framework. This framework must define clear accountability, responsibilities, and risk management strategies for AI deployments.

Embed Security Risk Management with the Enterprise. With the increasing adoption of AI, organizational reliance on third-party vendor platforms and capabilities will also grow exponentially. This reliance on vendors means increased information sharing and places greater accountability on CISOs or security leaders to safeguard an organization’s information assets. Despite this critical need, many organizations lack mature vendor risk management practices. As outlined in the report, in many organizations, the responsibility of vendor risk inadvertently falls on the CISO, given their role in protecting sensitive information and assets. To address this issue, security leaders must evaluate their organization’s existing third-party risk management practices, establish comprehensive policies, and ensure third-party risk management is communicated effectively to executive leadership.

Operationalize Zero Trust Strategy. As cyberattacks increase in sophistication due to the advancement of emerging technology and evolving attack techniques, organizations are evaluating various defense strategies to protect their most critical assets. The report emphasizes the adoption of a zero trust framework as an effective measure to enhance an organization’s security posture and align with its business objectives. A zero trust model can significantly reduce an attacker’s capacity for lateral movement within a network, enforce least privilege access across critical resources, and minimize the organization’s overall attack surface. Info-Tech recommends security leaders adopt an iterative and scalable approach to developing a zero trust roadmap, allowing for continuous improvement and strategic deployment with an initial focus on critical surfaces. Security leaders can start by defining their zero trust strategy, assessing and identifying key capabilities and processes, formulating a comprehensive roadmap, and then consistently monitoring initiatives to identify enhancement opportunities.

Automate and Autonomize Security Processes. With automated and AI-based threats becoming increasingly prevalent, the need for security process automation and autonomization has become more pronounced. Organizations should evaluate their capacity for refining security processes to proactively defend against sophisticated attacks and maintain a technological edge. However, the firm’s research shows that not all security processes are prime candidates for automation, as they could introduce risks if automated. The report recommends security leaders start streamlining their security processes by first defining automation objectives and assessing the current and desired states of their security operations to identify any gaps. Subsequently, they should determine the suitability, value, and risks associated with automating each security process, thereby prioritizing initiatives accordingly. Finally, a detailed automation roadmap that aligns with the organization’s strategic objectives must be developed and effectively communicated to executive leadership in order to obtain support.

The 2024 report also includes customizable templates that security leaders can utilize to effectively communicate their organization’s key security priorities to stakeholders and executives, ensuring a clear understanding of the required security measures.

In the face of ever-evolving cyber threats, the Security Priorities 2024 report provides security leaders with a blueprint for safeguarding their digital environment. By implementing the priorities based on their unique organizational goals and needs, security leaders can enhance their security posture, proactively address and mitigate vulnerabilities, and build a culture of resilience against the cyber threats of the future.

Info-Tech Research Group is one of the world’s leading information technology research and advisory firms, proudly serving over 30,000 professionals. The company produces unbiased and highly relevant research to help CIOs and leaders make strategic, timely, and well-informed decisions. For more than 25 years, Info-Tech has partnered closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.