Connect with us

Hi, what are you looking for?

HEADLINES

5 High-priority initiatives security leaders should implement in 2024

The Security Priorities 2024 report reveals the pressing issues that IT and security leaders must prioritize and advocates for a pivot from traditional, reactive security postures to proactive, predictive security strategies.

With cyber threats becoming increasingly sophisticated, organizations are facing unprecedented challenges in safeguarding their digital assets. Recognizing the urgent need for robust and dynamic security strategies, Info-Tech Research Group published its Security Priorities 2024 report.

This report underscores the critical need for organizations to adapt their security measures in response to the constant changes in cyber threats in 2024 and beyond. The firm’s research highlights the importance of a strategic approach, emphasizing the need for clear oversight and effective implementation strategies to develop, deploy, and monitor security initiatives that enhance an organization’s resilience against threats.

“The threat landscape has been exacerbated by the various emerging attack vectors, such as credential-compromise attacks and cloud exploitation. The increase in supply chain risks and rise in deepfakes also showcase the shift of threat actors to improve the sophistication of their attacks,” says Ahmad Jowhar, research analyst and lead author of the report. “The rising costs of ransomware and cyber insurance premiums coupled with the continuous talent shortage depicts the challenges of efficiently fighting against these threats.”

The Security Priorities 2024 report reveals the pressing issues that IT and security leaders must prioritize and advocates for a pivot from traditional, reactive security postures to proactive, predictive security strategies. The annual report emphasizes the importance of fostering a security-centric culture across the organization, enhancing collaboration between security teams and other business units, and developing agile security frameworks that can adapt to new threats and business needs.

Advertisement. Scroll to continue reading.

“The emergence of advanced technologies has created opportunities for organizations and security leaders to explore unique approaches to these challenges while also enhancing existing capabilities to better equip themselves with the right people, process, and technology this year,” says Jowhar. “These approaches include assessing the ability to address the talent shortage through upskilling, establishing a foundation to implement AI technologies, and evaluating an organization’s security risk management with respect to integrating with the enterprise.”

Info-Tech’s latest report is based on comprehensive research, including insights from the firm’s Future of IT survey and in-depth interviews with IT and security professionals across various industries and regions. The diverse approach ensured that the experiences of leaders from both small and large organizations were incorporated into the report and covered a broad spectrum of security budgets. The insights collected and analyzed by the firm reflect the realities of managing cybersecurity in different organizational contexts, from multinational corporations to nimble startups, providing a well-rounded view of the challenges and strategies at play in the current security landscape.

Leveraging the firm’s research findings and data, the Security Priorities 2024 report outlines the following five high-priority initiatives security leaders and their organizations should implement to confidently address security risks for 2024 and the years to come:

  1. Develop and Optimize Cybersecurity Workforce. For the third consecutive year, talent shortage has remained the most pressing cybersecurity challenge, as highlighted by Info-Tech’s survey data. Respondents rated the difficulty of hiring enough security professionals to meet demands at an average concern level of 3.32 out of 5. Security leaders must identify their current skills gap and organizational needs, define their current security resourcing plan, and determine their approach to acquiring the necessary expertise.
  2. Secure the AI Revolution. As many organizations are working to leverage the power of AI, measures must be in place to ensure an effective adoption of the technology. Establishing AI governance should be one of the initial initiatives within an organization’s AI roadmap to ensure a strong and ethical risk management framework is in place. However, according to the new report, over 40% of organizations don’t have AI governance in place. In order to address potential vulnerabilities, Info-Tech advises security leaders to prioritize identifying their organization’s AI goals, determine existing security gaps, and formalize a comprehensive AI governance framework. This framework must define clear accountability, responsibilities, and risk management strategies for AI deployments.
  3. Embed Security Risk Management with the Enterprise. With the increasing adoption of AI, organizational reliance on third-party vendor platforms and capabilities will also grow exponentially. This reliance on vendors means increased information sharing and places greater accountability on CISOs or security leaders to safeguard an organization’s information assets. Despite this critical need, many organizations lack mature vendor risk management practices. As outlined in the report, in many organizations, the responsibility of vendor risk inadvertently falls on the CISO, given their role in protecting sensitive information and assets. To address this issue, security leaders must evaluate their organization’s existing third-party risk management practices, establish comprehensive policies, and ensure third-party risk management is communicated effectively to executive leadership.
  4. Operationalize Zero Trust Strategy. As cyberattacks increase in sophistication due to the advancement of emerging technology and evolving attack techniques, organizations are evaluating various defense strategies to protect their most critical assets. The report emphasizes the adoption of a zero trust framework as an effective measure to enhance an organization’s security posture and align with its business objectives. A zero trust model can significantly reduce an attacker’s capacity for lateral movement within a network, enforce least privilege access across critical resources, and minimize the organization’s overall attack surface. Info-Tech recommends security leaders adopt an iterative and scalable approach to developing a zero trust roadmap, allowing for continuous improvement and strategic deployment with an initial focus on critical surfaces. Security leaders can start by defining their zero trust strategy, assessing and identifying key capabilities and processes, formulating a comprehensive roadmap, and then consistently monitoring initiatives to identify enhancement opportunities.
  5. Automate and Autonomize Security Processes. With automated and AI-based threats becoming increasingly prevalent, the need for security process automation and autonomization has become more pronounced. Organizations should evaluate their capacity for refining security processes to proactively defend against sophisticated attacks and maintain a technological edge. However, the firm’s research shows that not all security processes are prime candidates for automation, as they could introduce risks if automated. The report recommends security leaders start streamlining their security processes by first defining automation objectives and assessing the current and desired states of their security operations to identify any gaps. Subsequently, they should determine the suitability, value, and risks associated with automating each security process, thereby prioritizing initiatives accordingly. Finally, a detailed automation roadmap that aligns with the organization’s strategic objectives must be developed and effectively communicated to executive leadership in order to obtain support.

The 2024 report also includes customizable templates that security leaders can utilize to effectively communicate their organization’s key security priorities to stakeholders and executives, ensuring a clear understanding of the required security measures.

In the face of ever-evolving cyber threats, the Security Priorities 2024 report provides security leaders with a blueprint for safeguarding their digital environment. By implementing the priorities based on their unique organizational goals and needs, security leaders can enhance their security posture, proactively address and mitigate vulnerabilities, and build a culture of resilience against the cyber threats of the future.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement