By Todd Moore, Global Head of Data Security Products, Thales
- Enterprises will finally grasp the importance of being quantum-ready in 2024. It will take standards to be agreed to finally get there, which are expected in 2024 – but we will start to see interest in quantum computing break out of the technical circles it’s largely languished in until now and onto the agenda of mainstream enterprise decision makers in 2024. Public key infrastructure, TLS encryption, browsers and code signing are the four essential areas where we will see greater interest in post-quantum cryptography in the coming year, not just in terms of mitigating risk, but as a business differentiator too.
- Artificial intelligence at the network edge will emerge as the preferred deployment mode of choice for the enterprise. With significant players building chips complete with CPU, GPU and inference processing engines – a whole system on a chip – the coming trend in 2024 will be to push development model training and deployment processing to the edge and on-prem for the customer. Moving things like computation and model training to the edge will go some of the way to mitigate the security concerns around leveraging IP and sensitive enterprise data in these LLMs, as well as allowing organisations to train their models without having to upload the data sets to Hyperscalers first, or leverage the foundation models.
- Budget pressures will see a shift in how companies purchase cybersecurity tools in 2024. The best companies are constantly examining the investment and spending they’re making, and finding ways they can make it work harder and further. As cybersecurity software technologies advance, we’ve seen a real trend towards the integrated platforms – giving companies greater choice and flexibility over what services they need and which ones they don’t. CISOs and security teams, under pressure to deliver the same results with smaller budgets, will be increasingly turning to integrated platforms in 2024 to consolidate the vendors they’re working with, and drive efficiencies. Gartner has recognised this, forecasting that 30% of enterprises by 2025 will have adopted broad-spectrum data security platforms, up from less than 10% in 2021.
- The search for standards and stewards of cyberattack accountability will begin. In the wake of the landmark SolarWinds case, the role of security leadership for companies will be under a microscope in the coming year. Public companies are now being called to task by the SEC, and leaders will be looking internally to determine how security will be handled moving forward. Where compliance and security leaders were originally separate, more harmonization will take place to make sure best practices and legal needs are both being met – and many will look to audit companies and certifiers for indemnification and protection. That being said, there will be major calls for a mandate or national standard that these providers can measure against, and while we have the building blocks of best practices – ISO standards, SOC2, CSA – we don’t yet have enough solid ground to make audits a simple process for public companies. Those who will be held accountable for cyber events at the C-suite and board level will be pushing for more clear requirements on a federal and international level.
- The ransomware scales will continue to be tipped in criminals’ favour. Ransomware is still increasing, with a significant rise in zero-days being taken advantage of – a trend that we’ll see continue in 2024 due to two major factors. First, organizations are still struggling to assess their own risk, and most do not have a strong enough grasp on their digital footprint to properly execute threat detection and response, which is poised to be the best defence method against ransomware. Second is that no government is yet taking the lead on ransomware. Sanctions may increase, but there are many questions left around jailing, debt, and other legal ramifications to criminalizing ransomware payments. These uncertainties across the board will make it difficult to get cybersecurity right within a legal framework, and ransomware-focused criminals will continue to thrive on that gap.