Balancing AI risks and benefits
The almost unparalleled adoption of AI marked one of the biggest tech trends in 2023. But as the popularity of the technology grows, so too will the potential for it to be used for other purposes. In 2024 we can expect threat actors to train malicious AI engines and build code to complement their nefarious intent. Organizations will need to adapt to defend against the added threat of AI-enabled adversaries. Reviewing cyber governance policies and controls, and assessing their adequacy, will be critical to avoid falling victim to these AI-enhanced attacks.
Operational resilience will become a boardroom mantra in 2024
Operational resilience requirements in the finance sector are becoming increasingly similar across regulators, and Huntsman Security expects that these requirements will quickly broaden to other critical infrastructure sectors. Regulators are already reinforcing cyber security as a business issue; and cyber, like other types of operational risks which can sit outside the immediate control of an organization, will become a specific element of expanded operational governance requirements.
In turn, this will mean that while organizational leadership can certainly delegate these specialist tasks, they can no longer deflect responsibility for their effective operation and oversight. Directors will need to maintain a steady line of sight across operational risk governance, especially cyber security. Directors must identify the important business services they provide. They must ensure the adequate protection of the systems, processes, resources and third parties that go together to deliver those services to customers. This will result in a more top-down focus on cyber security.
Greater awareness of cyber resilience in digital transformation processes
Cyber security and resilience can sometimes be overlooked during digital transformation processes. This will change in 2024, as a greater awareness of the need for operational resilience will require directors to more comprehensively report the adequacy of their operational governance processes to regulators. As a consequence, data-driven security information systems better suited to volatile threat environments, will rise in popularity. In the next 12 months directors will recognise the ability of digital cyber management techniques to provide more reliable information, more quickly, to guide their security decisions.
New technologies will help to alleviate the cyber security skills shortage
Skill shortages in cyber security have frustrated many organizations’ security efforts for a number of years. However, a growing shift to digital innovation and automation in security processes themselves should provide some relief. The adoption of data-driven solutions and automated, evidence-based reporting should allow less skilled technicians to enter the market – effectively interpreting, responding to and managing large parts of the cyber security process. This will, in turn, enable existing security professionals to address more pressing needs, attending to the outliers – such as exceptional data and high-level analytical problems – that we will always face.