www.helpnetsecurity.com
Open in
urlscan Pro
54.218.231.238
Public Scan
URL:
https://www.helpnetsecurity.com/2023/12/21/2024-security-challenges/
Submission: On December 22 via api from TR — Scanned from DE
Submission: On December 22 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1703211317"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Steve Durbin, Chief Executive, Information Security Forum December 21, 2023 Share WHY DATA, AI, AND REGULATIONS TOP THE THREAT LIST FOR 2024 The new year finds us confronted by a landscape characterized by political uncertainty, social fragmentation, escalating geopolitical tensions, and a turbulent macro-economic backdrop, making it crucial for security leaders to strategically prepare for the forthcoming challenges. Let’s explore the three main security challenges businesses will face in 2024: 1. DATA Modern businesses generate and manage vast volumes of data daily. Since data is central to decision-making and competitive advantage, its sudden disruption or unavailability can lead to severe repercussions for the business. Some of the essential questions security teams ought to be asking themselves include: How do we manage and safeguard aspects like confidentiality, integrity, and availability of data? What strategies can we employ to protect our data against cyber threats and misuse? How do we address the security challenges that emerge with expanding data repositories? How do we differentiate between valuable data and redundant information? Furthermore, there’s often a misalignment in how data is structured versus the business framework. Consequently, security teams may need to engage in discussions with business units to clarify issues such as how we are applying our data. With whom is this data being shared? Who holds accountability for it? Who is responsible for making decisions regarding data security? Is it the information security team, the chief executive, the board, or is it a combined effort? 2. ARTIFICIAL INTELLIGENCE Although AI technologies aren’t new, the recent widespread adoption of AI has introduced a myriad of business and security challenges for organizations. Key questions to consider include: How do we monitor AI usage within the organization? How do we regulate the data shared with AI systems by employees? How do we ensure ongoing compliance with ethical standards and legal requirements? Data is the cornerstone of AI. How do we provide sufficient data for AI systems while ensuring this data is secure, ethical, and transparent? How do we safeguard AI data and algorithms from manipulation by threat actors? Security teams need to be vigilant about all AI-related risks, including ethical concerns. Despite these challenges, AI offers significant opportunity for companies aiming to evolve and enhance their business models. In 2024, corporate boards will likely assume a central role in overseeing AI’s secure deployment across the organization. This scenario presents a prime opportunity for security teams to align closely with business objectives, be at the forefront of the AI revolution, and actively participate in key business decisions alongside management teams. 3. REGULATIONS Security is rapidly evolving, and so are regulations governing it. Over the next 12 months, several regulations will either be introduced, updated, or reviewed. For example, GDPR may lead to stringent reinforcements in 2024; the Digital Operational Resilience Act (DORA) will apply to financial entities across the EU in January 2025; the EU AI Act may be voted in. Given these developments, organizations must develop a comprehensive understanding of the regulations in the jurisdictions where they operate. This knowledge is crucial for building the necessary processes and frameworks proactively, as once these regulations are enforced, adjusting to them retroactively will be challenging. Hence, staying ahead of these regulations in 2024 is imperative, as non-compliance could lead to severe legal, financial, and reputational consequences. HOW CAN CYBERSECURITY LEADERS ADDRESS THESE SECURITY CHALLENGES? Below are four risk management initiatives that cybersecurity leaders can integrate into their 2024 cybersecurity planning: 1. COMMUNICATE ISSUES IN BUSINESS TERMS It’s essential for cybersecurity leaders to present issues in a manner that resonates with business leaders. CEOs typically prefer to avoid technicalities. Their concern is how technology will impact the business and whether it aligns with overall objectives. Will it meet stakeholder expectations? What are the risks in terms of financial, operational, and economic factors, beyond technical aspects? 2. ESTABLISH CLEAR RISK TOLERANCE LEVELS For security leaders working with management teams, it’s crucial to define the company’s risk tolerance concerning cyber loss, akin to other risk types. For instance, what is the risk tolerance for employing generative AI? Who is responsible for making this decision? What regulations are relevant, and how will this affect the information we disclose? 3. IMPLEMENT A ROBUST AND PRACTICED RESPONSE PLAN Executive teams and boardrooms seek assurance. They require confidence that the organization is prepared for unexpected crises, ensuring there is comprehensive situational awareness across the organization, and confirmation that vigilant monitoring of activities is ongoing. They need reassurance that fundamental cyber protection measures are implemented and that a thoroughly documented and regularly rehearsed business continuity and response plan is ready to be activated in the event of a security incident. 4. BUILD AWARENESS, FOSTER ACCOUNTABILITY IN THE WORKFORCE AND SUPPLY CHAIN The nature of work has transformed significantly in recent years, necessitating updates in security policies and procedures to reflect these changes. Organizations must explicitly outline accountability for data collection and usage, engage in collaborative and transparent interactions with stakeholders, and ensure everyone understands their role in safeguarding the business. Likewise, it’s crucial to extend the same security principles and procedures to third parties and supply chain partners that handle data on behalf of the parent organization. To summarize, we’re facing three key areas that will continue to grow in complexity and challenge: data, AI, and regulation. There’s an increasing expectation for closer engagement between security teams and business operations, coupled with board directors’ growing concerns about their personal liability. If security leaders concentrate on these threat management initiatives, they can significantly help mitigate risk and contribute to building a resilient organization into the future. More about * artificial intelligence * cybersecurity * data * Information Security Forum * opinion * regulation Share FEATURED NEWS * Why data, AI, and regulations top the threat list for 2024 * A closer look at the manufacturing threat landscape * How executives adapt to rising cybersecurity concerns in mobile networks Guide: Application security posture management deep dive SPONSORED * eBook: Cybersecurity career hacks for newcomers * Download: The Ultimate Guide to the CISSP * eBook: Keeping Active Directory out of hackers’ cross-hairs * Guide: SaaS Offboarding Checklist DON'T MISS * Why data, AI, and regulations top the threat list for 2024 * A closer look at the manufacturing threat landscape * How executives adapt to rising cybersecurity concerns in mobile networks * Are organizations moving away from passwords? * 8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2023 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×