With the cybersecurity landscape constantly evolving, discussing cybersecurity trends for 2024 can feel like trying to predict the unpredictable. But amid all the uncertainty, trading ideas about the future of security can help us better understand how to prepare for the months ahead.
Here, our co-founders Thomas Kinsella and Eoin Hinchy share five cybersecurity predictions for 2024, including insights on AI's role in security, the ever-changing role of the CISO, and more.
5 cybersecurity trends and predictions for 2024
1. For attackers, AI is a trusty sidekick. For defenders, it's a game-changer
by Eoin Hinchy, CEO
For all the FUD (fear, uncertainty, and doubt) about an AI arms race between attackers and defenders in cybersecurity, AI will be a greater asset for security teams than it will be for hackers. Generative AI is helping bad actors write malware and phishing emails, but there was no shortage of malware before AI and people still routinely fell for phishing attempts.
For defenders, on the other hand, AI has been a game changer. The technology is tailor-made to solve a security team’s most pressing challenges: too much data, too many tedious tasks, and not enough time, budget, or people.
AI is democratizing cyber defense by quickly summarizing vast swaths of data, normalizing query languages across tools, and removing the need for security practitioners to be coding experts.
In 2024, we’ll see AI’s impact in automation as defenders use AI to make incident response more efficient. AI is a once-in-a-decade leap forward, and it’s going to carry cyber defenders farther than hackers.
2. Natural language will pave the way for the next evolution of no-code
by Eoin Hinchy, CEO
Automation is only effective when implemented by teams on the frontline. Five years ago, the best way to place automation in the hands of non-technical teams was via low- or no-code interfaces. Now, with AI chatbots that let people use natural language, every single team member - from sales to security - can put automation to work solving their own unique problems.
The breakthrough in AI was the new ability to iterate in natural language, simply asking an LLM to do something a bit differently, then slightly differently again.
Generative AI and LLMs are obliterating barriers to entry. No-code tools have already reduced the need to code. No-code will be the next barrier to fall.
We’ve successfully moved from programming languages like Python to Microsoft Excel or drag-and-drop interfaces. Next year, we'll see more and more AI chat functions replace no-code interfaces. We can expect to see non-technical teams throughout organizations embracing automation in ways they never thought possible.
3. The SolarWinds charges will raise the stakes for CISOs
By Thomas Kinsella, CCO
Salaries, performance bonuses, and reputations are no longer the only things at stake for CISOs. As they plan for 2024, in the wake of charges against the SolarWinds CISO, security leaders know their personal liberty is potentially on the line.
It’s difficult to hold CISOs accountable when so many things are outside their control. But regulators are making clear that - just as CFOs must fairly present their company’s financial position - CISOs are accountable for stating the material truth of their cybersecurity posture.
The Uber CISO's conviction showed that leaders must be transparent about breaches. Now, the same applies to policies.
If CISOs claim to have access restrictions and a secure software development lifecycle, they better actually have them.
The SEC’s decision will raise standards across the industry as companies invest in new tools and take a closer look at their existing tech stack. Expect security leaders to leverage automation in order to achieve those elevated standards, maximize their budget and team, and deal with the deluge of alerts new tools provide.
4. CISOs will demand additional budget — and the ear of the CEO
By Thomas Kinsella, CCO
The SEC charges against the SolarWinds CISO will have sweeping ramifications for the role. CISOs, knowing they might have to ‘take the fall’ for security failings, will demand a robust cybersecurity budget, headcount, and tooling — or find a company willing to provide them.
Security leaders are also going to become louder voices in the C-suite. CISOs will bring more issues to the attention of the board or risk committee, forcing the entire company to accept the risk rather than shouldering it alone.
Expect more cybersecurity issues to escalate to a boardroom issue. The chain of command may also shift as CISOs who currently report to a CIO or CTO look for a direct line to the CEO.
These added layers of reporting and responsibility may initially slow the pace of innovation as companies catch up to the new security standard.
5. A wave of cybersecurity consolidation will see more companies get acquired
By Thomas Kinsella, CCO
VC funding in cybersecurity is still available. Activity is down from its 2021 record highs but investors are keeping faith in the sector as spending on security - and the share of technology budgets allocated to security - continues to grow. But security has not been immune to the economic pressures causing other VC-backed companies to lay off employees, raise down rounds, or go bust entirely.
Some security startups achieved unicorn status with seven-figure or low eight-figure revenue. Others had strong products but either lacked a clear way to monetize or grew too fast. That’s not sustainable.
In 2024, we’ll see companies snapped up by partners or competitors in a wave of consolidation.
The companies that survive — and thrive — will have strong growth metrics, an efficient business model, and the massive potential VC firms crave.
Read more from our co-founders in the Tines Newsroom.