Securing the world of tomorrow: Anticipating the IT security topics of 2024 and beyond
With the traditional workplace changing beyond recognition at the start of the decade, we saw the most significant changes to the IT security landscape last year; with the wider implementation of artificial intelligence (AI), stronger authentication practices, third-party data breaches, end-to-end encryption, and the Online Safety Bill to name a few. In this time, cyberattacks have advanced exponentially in sophistication and regularity, with IT cyber defenses struggling to keep up.
Thanks to increasingly large supply chains, small to medium-sized enterprises (SMEs) who once thought they were beyond the ‘crown jewel’ targets of large enterprises, are now struggling to defend themselves in the face of more frequent and sophisticated attacks due to smaller budgets and a lack of robust security measures.
With 2023 behind us, we’ve taken an audit of how the IT industry has changed and what it means to navigate an ever-evolving threat landscape. Every SME IT team, from the single IT admin to those with deep domain and dark web expertise, are now evaluating how to strengthen their organization’s security posture, which will help to repel the newest attack vectors. Here are six key IT security topics to monitor in 2024.
AI-Powered Cyberattacks and Phishing Sophistication
AI and machine learning (ML) are increasingly being used to enhance cyberattacks. Examples include using algorithms to craft more convincing phishing emails, guess passwords or crack CAPTCHAs, and generate deep fakes.
However, AI and ML can also be used to deploy better cyber defenses against these cyberattacks, especially in attack simulations, patch and vulnerability management, and threat and anomaly detection.
Given the investment in AI, there’s cause to be cautiously optimistic. Companies are approaching it with the right level of alarm; recent industry research suggests that the AI cybersecurity market was already at $22.4B in 2023, and will grow to over $60B by 2028. If AI policies need to be implemented, they need to ensure these AI tools are used where relevant, effectively, and responsibly.
Cybersecurity Skill Gap Crisis
The ongoing skills gaps within IT teams will cause organizations to frantically seek professionals who have deep cybersecurity knowledge or the necessary certifications. As AI and ML add a new dimension to the threat landscape, the demand for these cybersecurity experts will outstrip the supply. The only way to address this is for organizations to adopt a proactive stance, driving investment in training and talent acquisition.
Demand for Multi-factor Authentication (MFA) Will Explode
IT teams, especially within SMEs, will turn to external partners and vendors for help in implementing robust security measures. One area where improvement is sorely needed is MFA.
Despite its promise, MFA adoption has stagnated, leaving organizations exposed. Microsoft acknowledged that 99.9 percent of compromised user accounts don’t have MFA authorized, and only 28 percent of Microsoft users were using MFA as of December 2022. The recent MGM hack is an example of the consequences of lagging security.
This should be a catalyst for countless security teams to double down on how to adopt MFA into the business, as soon as possible.
Passwordless Solutions in the Mainstream
Due to both low MFA adoption and inherent human weakness in the security chain, 2024 will be the year where we’ll see real movement toward passwordless solutions, with demand for passwordless solutions growing at a faster rate than before. Passwordless authentication methods such as biometrics and secure tokens will become both normalized and expected; 2024 will mark a significant step towards a more secure digital environment.
Google's Passkey Move and Company Implications
The adoption of passkeys by Google for consumers has been widely lauded by IT professionals. However, more discussions are needed around the broader implications for the company and the industry.
Companies will need to evaluate whether integrating passkeys into their security strategies makes sense as they may find they’re not ready. Irrespective of whether passkeys are enterprise-ready, the industry conversation around them underscores the need for MFA, and the need for standardization and best practices.
Momentum in Continuous Authentication for Identity and Device Management
In 2024, traditional static methods of authentication and authorization will be supplemented by dynamic, real-time evaluation of users and devices. This approach will enhance security by constantly assessing the trustworthiness of identities and devices accessing a network or application. As cyber threats evolve, so too must security measures. Continuous evaluation will play a pivotal role in adapting to the changing landscape.
No company is immune from a cyberattack, with large and small enterprises being targeted. In the face of an escalating landscape where threat actors leverage innovative technologies and hone their skills to find new vulnerabilities to exploit, companies must not merely adapt but proactively strive to stay a step ahead while preparing to withstand potential security threats.
To strengthen its defenses and confront both internal and external risks head-on, organizations must not only establish but rigorously implement a comprehensive framework for managing trusted identities, networks, and devices. This entails imposing strict conditional access control policies that regulate users' access to specific types of resources. This proactive defense is achieved by adopting a Zero Trust-based approach, with enterprise-level identity and access management seamlessly orchestrated through a single, centralized platform that is easy to manage.
IT professionals need to become resolute in their commitment to preparing their organizations for the next challenge as security continues to be a big concern and priority for SMEs in 2024 and beyond.
Photo Credit: alphaspirit/Shutterstock
Denis Dorval is Vice President, International EMEA & APAC at JumpCloud.