Top Security Insights and Trends
The cybersecurity landscape has evolved over the course of 2024. In this Research Note, WWT's cybersecurity leaders provide their insights about AI security, resilience strategies, data management and more to help you stay ahead of emerging threats and know where to focus your resources for the rest of the year.
In our annual Security Priorities Report, we provide a roadmap for risk executives to invest their time and resources in the key domains that will help them better address current risks and prepare for future threats, including:
- Balancing cyber risk and opportunity with AI
- Maintaining uninterrupted business operations with a resilience strategy
- Managing and securing the increasing burden of enterprise data
- Optimizing the portfolio of security tools and vendors
- Finding, developing and retaining qualified security talent
In this update on the state of cybersecurity, we explore how industry trends have shifted and the importance of preparing for regulatory changes while leveraging AI and improving resilience and data management strategies.
Balancing cyber risk and opportunity with AI
A shift from protecting AI to utilizing AI for security
In 2023, many of our clients were concerned with protecting AI systems, reflecting growing concern across industry verticals over this emerging threat landscape as organizations consider and adopt AI for various use cases. In the last six months, we've observed some notable progress: the organizations we talk with are beginning to secure their AI and implement governance frameworks.
Though most organizations are still in the early days of their AI security journeys, security teams are starting to explore broader areas of AI security. Now, the focus is shifting toward leveraging AI within security operations. Many of these forward-thinking organizations are harnessing AI for various cybersecurity applications, including:
- Deepfake detection evaluation
- AI-powered incident management
- AI security tools rationalization
- Threat/news alert readers and summarizers
- Audit assistants
- Compliance mapping
Further reading: Check out our article on embracing the benefits of AI in cybersecurity operations
Maintaining uninterrupted business operations with a resilience strategy
The recent events of July 2024, when a significant IT outage impacted millions, serve as a powerful reminder of the vulnerabilities we face in the cybersecurity industry and the necessity of stronger resilience strategies.
Learn more: Watch this 38-minute video "Steps for Driving Cyber Resiliency Enterprise-Wide"
Increasing global regulations
Cyber resilience has come into sharper focus over the last several months as new and updated global regulations are released. Below are some of the most significant regulations that have been introduced:
Digital Operational Resilience Act (DORA)
DORA, enacted in the European Union, aims to strengthen the cybersecurity of financial institutions such as banks, insurance companies and investment firms, ensuring that the financial sector in Europe can quickly recover after operational disruptions. This regulation provides a risk management framework that will apply to any organization that offers financial services either directly or via third-party within the EU. At a high level, this requires organizations to:
- Take steps to ensure they can monitor, detect, withstand, respond to and recover from information and communication technology (ICT)-related threats and disruptions.
- Manage and report any ICT-related incidents, classify these incidents based on their severity and report them to the relevant authorities.
- Conduct regular testing to assess digital operational resilience.
- Manage risks associated with third-party ICT service providers.
National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience
In April 2024, the Biden-Harris Administration introduced a National Security Memorandum (NSM) aimed at bolstering the security and resilience of U.S. critical infrastructure. This memo addresses the modern threat landscape, including advancements in technology and increasing cyber threats from nation-state actors. Key highlights include:
- Requires the U.S. Intelligence Community to collect, produce and share intelligence with federal, state and local partners, and critical infrastructure owners, aligning with the 2023 National Intelligence Strategy.
- Designates 16 critical infrastructure sectors and assigns a federal department or agency as the Sector Risk Management Agency (SRMA) for each sector, leveraging their expertise for risk management.
- Outlines minimum security and resilience requirements across sectors.
Biden-Harris Administration's Cybersecurity Strategy Implementation Plan Version 2
The Biden-Harris Administration's Cybersecurity Strategy Implementation Plan Version 2, released in May 2024, builds on the initial plan and outlines 100 high-impact initiatives aimed at enhancing the U.S. cybersecurity posture. The plan emphasizes coordinated action across government and society, with each initiative assigned to a responsible agency with a timeline for completion. Key highlights include:
- Defending critical infrastructure: Strengthen the security and resilience of essential services through public-private collaboration.
- Disrupting and dismantling threat actors: Target malicious cyber activities and actors.
- Shaping market forces: Encourage long-term investments in cybersecurity and resilience.
- Investing in a resilient future: Promote innovation and workforce development in cybersecurity.
- Forging international partnerships: Collaborate globally to achieve shared cybersecurity goals
CISA's Fiscal Year 2024 to 2026 Cybersecurity Strategic Plan
The Cybersecurity and Infrastructure Security Agency (CISA) has released its FY2024-2026 Cybersecurity Strategic Plan, which outlines the agency's approach to enhancing cybersecurity over the next three years. This plan is aligned with the 2023 National Cybersecurity Strategy and CISA's own 2023 to 2025 strategic plan. Key highlights include:
- Addressing immediate threats: Increase visibility into and mitigate cybersecurity threats. Coordinate the disclosure and mitigation of critical vulnerabilities. Plan and execute joint cyber defense operations.
- Hardening the terrain: Understand and prevent cyber attacks. Implement effective cybersecurity investments. Provide capabilities and services to measure progress.
- Driving security at scale: Develop trustworthy technology products. Reduce risks from emerging technologies. Contribute to building a national cyber workforce.
Renewed focus on cyber recovery
Many organizations have accepted that breaches are inevitable, and the ongoing industry-wide focus on cyber resilience has emphasized the need to anticipate, withstand, recover from and adapt to cyber attacks.
However, we continue to see significant increases in attacks across all sectors in 2024; most notably, the healthcare industry in the U.S. and U.K. has been a prime target. In addition, third- and fourth-party risks in the supply chain (vulnerabilities and threats that arise from the involvement of external vendors and their subcontractors in a company's supply chain) have become extremely difficult to manage, with each vendor introducing vulnerabilities and entry points for adversaries.
This landscape is making it increasingly difficult — if not impossible — to guarantee uninterrupted operations during an attack. We recommend organizations shift their focus to include quick recovery. If you're the victim of a sophisticated breach, how quickly can you get the organization back online? Developing a strong cyber recovery plan is essential.
Dig deeper: Check out this video about driving cyber resiliency enterprise-wide
Managing and securing the increasing burden of enterprise data
Good data management is essential yet often neglected. Organizations are amassing vast amounts of information, often without proper stewardship, making data intelligence and governance crucial for security, compliance and efficiency. So far in 2024, organizations have been continuing to focus on understanding the quantity of data they possess and identifying data based on its sensitivity. This effort is essential as companies grapple with the challenges posed by technical debt and a lack of operational observability.
As multicloud strategies become more prevalent, data becomes more disparate, necessitating a clear understanding of the location and topography of critical assets, applications and data sources. This realization further underscores the importance of establishing a comprehensive lifecycle data management framework to ensure robust data security and operational efficiency.
Further reading: Check out our article on the convergence of security and privacy in a data-driven world
Optimizing your portfolio of security tools and vendors
The security tools landscape — and the need for optimization — has remained a priority so far this year, with a continued emphasis on rationalizing and optimizing the security toolset. The incident in July 2024 has underscored the risks associated with relying too heavily on a single cybersecurity vendor. As a result, companies are expected to move toward a more diversified approach.
Additionally, as major OEMs expand their capabilities to include AI, we expect the focus to shift toward optimizing these tools once strategic frameworks around AI are established. This ongoing evolution underscores the need for organizations to streamline their security portfolios while preparing for the integration of AI-driven solutions to enhance their cybersecurity posture.
Dig deeper: Check out this video on conquering complexity and platform consolidation in cybersecurity
Finding, developing and retaining qualified security talent
The ongoing challenge of finding, developing and retaining qualified security talent has taken a backseat as organizations pivot their focus towards integrating AI into security operations. This shift is reshaping the cybersecurity landscape, with AI being leveraged to enhance efficiency and automation, thereby alleviating the burden on security teams facing talent shortages. AI's role in security operations is multifaceted, encompassing incident response, threat hunting, policy management and zero trust strategies.
Further reading: Check out our articles on upskilling your security operations team and building a culture of cybersecurity
Final thoughts
The cybersecurity landscape is evolving faster than ever, and 2024 is shaping up to be a landmark year. As new threats emerge and old ones become more sophisticated, it is crucial for risk executives to stay on top of these evolving trends to protect their organizations effectively.
We'll be back at the beginning of 2025 with an update on the evolving threats and trends in the industry.
This report may not be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, recording, or otherwise, without the prior express written permission of WWT Research. It consists of the opinions of WWT Research and as such should be not construed as statements of fact. WWT provides the Report "AS-IS", although the information contained in Report has been obtained from sources that are believed to be reliable. WWT disclaims all warranties as to the accuracy, completeness or adequacy of the information.