Looking further into the year 2024, Moshe Weis, CISO, Aqua Security identified three major threats that will continue to be top of mind for security teams globally and in the Asia Pacific region.
Worthy of first mention are AI-powered threats and mitigation. This is far from surprising with the increasing adoption of AI in both offensive and defensive cybersecurity strategies. As AI-driven threat actors become more sophisticated, organisations, too must deploy AI-driven security measures. More than ever, cyber defenders must stay ahead of these evolving threats through behavioural analytics, anomaly detection, and ethical AI practices.
The democratisation of access to AI has made the need for AI trust, risk and security management even more critical. These aspects of AI must be considered and organisations must evaluate the AI model, its application governance, fairness, reliability, robustness, security and data protection.
“The democratisation of access to AI has made the need for AI trust, risk and security management even more critical.”
Michal Lewy Harush, CIO, Aqua Security
The attack surface of Gen AI is all over the AI lifecycle – from code to runtime. Therefore, security leaders will have to include in their security programs solutions and techniques for model monitoring, data and content anomaly detection, AI data protection, model management and operations, attack resistance and AI-specific application security.
Weis also pointed out that data privacy concerns will persist in 2024. As privacy regulations become more stringent, and user data protection gains importance, organisations are intensifying their efforts to navigate this complex landscape. They are not only focusing on compliance but also enhancing data security through encryption, robust access controls, and data anonymisation.
Lastly, Weis said that supply chain security remains a top concern and will deepen in 2024. He acknowledged that cyberattacks targeting the supply chain have the potential to disrupt businesses and even national security. As a result, organisations are increasing their efforts to assess and strengthen their supply chain security, recognising the need for robust vendor risk management practices and continuous monitoring to address these growing risks. Cybersecurity professionals must continue to adapt and innovate in order to proactively secure their organisations against modern, persistent threats.
The wisdom in prioritisation and remediation
As the threat landscape evolves so does the enterprise attack surfaces, and it continues expanding far beyond what most effective patch management programs can cover. The time has come for a forward-looking defence strategy that requires modernisation of the assessment tool portfolio. These tools must not only inventory patchable and unpatchable exposures, but also prioritise findings based on what an attacker could really do. To achieve that, they must validate the reality of the exposure based on the ability to penetrate existing security defences.
Gilad Elyashar, Chief Product Officer, Aqua reinforces the need for remediation. With sophisticated attackers being able to spin up in the cloud and launch attacks within a short period of time, it is paramount that organisations have the ability to quickly and proactively identify threats, prioritise certain risks when they get through, and know where to find them and stop them.
The conversations happening amongst CISOs are about reducing the attack surface. This shifts the conversation to not only seeing and blocking what is trying to get in but to stopping and responding to the things that do.
Personnel, budget constraints to spur demand for managed services
On the topic of what the current security landscape and tightening budgets mean to partners, Jeannette Lee Heung, Senior Director, Global Channel and Ecosystems, Aqua weighed in. She suggested that partners must navigate the intersection of heightened demand for advanced cybersecurity and the constraints of tightening budgets. A notable trend is the acquisition of appropriate tools by customers to address their company’s challenges.
Despite customers recognising the necessity of these tools, a prevalent challenge persists – finding the personnel with the requisite skills or expertise to fully leverage the technology they have invested in. Looking further into 2024, it is evident that numerous partners will be channelling investments into advisory and consulting services tailored to address specific customer needs. This foresight is driven by the recognition that the services market is poised for continued expansion.
As traditional partners are heavily reliant on the transactional model of reselling, they are at a crossroads. In response to the evolving landscape, they are likely to explore strategic options such as mergers, acquisitions, or forging partnerships with specialised services companies. This strategic shift is essential for bridging the gap between sustaining revenues and meeting the evolving needs of customers in the dynamic cybersecurity landscape.
Balancing cost, effectiveness, value and security
As cloud usage accelerates, organisations will increasingly have to find the balance between cost, effectiveness, value and security. To do that, more and more CISOs together with CIOs will look for consolidated platforms that can help CIOs and IT leaders manage cloud spend, security posture, asset configuration management, quality and cost optimisation.
As AI continues to be weaponised, it is essential for organisations in an increasingly complex and dynamic digital environment to have robust cybersecurity plans that are tested and proven effective. By staying informed and adopting innovative security solutions, businesses can navigate the evolving landscape of cloud native technologies with confidence.