Key Trends Impacting Your Security Program in 2024

Richard Bartley, VP Analyst at Gartner, highlights key trends shaping cybersecurity, emphasizing AI-driven risks, zero-trust architectures, data security, and automation as critical for resilient security programs amid global uncertainties.

In an era marked by geopolitical tensions, domestic challenges, and supply chain disruptions, cybersecurity leaders face unprecedented strategic risks. These uncertainties necessitate the development of more efficient and effective security programs. To navigate this complex landscape, leaders must focus on key trends that will shape their security strategies and ensure robust protection against evolving threats. The following are the critical trends that must be considered when creating a comprehensive security program.

Trend 1: AI and Geopolitical Changes Will Drive Security by Presenting Strategic Opportunities and Risks
Changes in regulatory environments, open warfare, trade disputes, and hypernationalism will continue to pose significant security challenges. Cybersecurity leaders must gain visibility into these issues to manage risks effectively. Supply chain cybersecurity risks, which need to be addressed as sociotechnical challenges, require awareness of security control gaps and malicious software within the supply chain. These risks should be mitigated with compensating layers of defense, assuming a breach is inevitable.

New privacy and security legislation will also impact technology security programs. Sociotechnical influences affect IT system design and the selection of security tools, impacting data, processes, and communications. These areas attract external control expectations, such as sovereignty, breach notification, privacy by design, identity-first security, encryption regulations, 5G implementation, and government regulations.

Additionally, AI tool governance must include security, ethical, and human concerns. With the rise of machine learning models like GenAI, governance should focus on organizational security and the ethical and human impacts that could pose enterprisewide risks, including reputational risks and insider threats.

Trend 2: Emerging Architectural Patterns Will Redefine Security
As security vendors begin to realize the benefits of cybersecurity mesh architectures (CSMAs), organizations will be able to leverage not only the vendors’ point products but also integrate third-party solutions with ease. Implementing CSMA principles, starting with data analytics and risk modelling, provides a modern architectural construct that helps vendors converge their tools into more comprehensive and effective security capabilities.

Using “security by design” principles is essential. “Security by design” should be a key design aim rather than an afterthought. These principles provide the basis or context for the envisaged security architecture.

Moreover, zero-trust principles must be central to your security architecture. Zero trust has become a fundamental architectural tenet, with government agencies and standards bodies defining principles, guidance, and best practices to follow. Organizations must implement zero-trust architecture (ZTA) to replace implicit trust, securely connect entities to resources, and detect access abuses.

Additionally, monitoring malicious usage and evaluating the defensive capabilities of GenAI is crucial. Potential risks from the malicious use of GenAI include misinformation, more scalable and effective phishing, inclusion of malicious code in products, and poisoned datasets. Organizations adopting GenAI capabilities need to add new security measures and augment existing controls to secure the consumption of GenAI applications.

Trend 3: Data Security Will Be Key to a “Data Everywhere” World
Gartner predicts that by the end of 2025, 75% of the world’s population will have its personal data governed by some form of privacy regulation. Securing data and ensuring privacy compliance within data warehouses and big data/advanced analytics pipelines are becoming increasingly critical for businesses.

Visibility into dark data is crucial, and can be achieved using discovery, classification, and data loss prevention solutions. Discovery and classification solutions can automate classification using techniques like ML and AI. These solutions can help determine data sensitivity, as well as other categorizations such as source code, HR data and purchase orders. Organizations must also promote zero trust by utilizing data-centric security architecture. By implementing encryption at rest and in transit, enterprises can protect sensitive data, regardless of the circumstances or location.

Trend 4: Security Operations with Automation Will Enhance Capabilities
Organizations continue to struggle with staffing and skills for security operations. Managed detection and response (MDR) help organizations address this issue. Additionally, increased automation — both integrated into existing tools and provided in the form of security orchestration, automation and response (SOAR) tools — helps scale existing security operations staff.

Using vendor-validated detection stacks for cost-effective threat detection is also essential. Cybersecurity leaders should evaluate their detection stack approach against their monitoring objectives, current performance levels, and costs. Evaluating your automation strategy for increasing security operations efficiency is crucial. Automation goals should be based on anticipated measurable gains in security operations and align with specific objectives or use cases.

Furthermore, enriching asset risk data and using metrics to optimize exposure management is important. Security operations can enrich asset context with risk indicators from security tools and nontraditional tools within the enterprise. Cyber asset attack surface management (CAASM) tools can automate the ingestion and aggregation of these risk indicators to enrich exposure management processes.

Additionally, evaluating GenAI to enhance detection and response automation is recommended. Adoption of GenAI is evolving rapidly, and vendors often announce capabilities before fully understanding their use. SecOps organizations should take an evaluative approach to this technology, whether previewing a vendor’s implementation or making a build decision.