Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialArtificial intelligence will be the leading cybersecurity trend in 2024, analyst firm Gartner has predicted in a new release ahead of its upcoming Gartner Security & Risk Management Summit in Sydney, Australia. And, it said that security leaders need to prepare for the swift evolution of generative AI (GenAI), adding that large language model (LLM) applications such as OpenAI's ChatGPT, derivative tools such as Microsoft's GitHub Copilot for developers, and Google's Gemini are only the start of its disruption.
Gartner senior director analyst Richard Addiscott said in a statement that Gartner recommends using GenAI only when business stakeholders proactively collaborate to support the foundations for the technology's ethical, safe, and secure use.
Richard AddiscottGenAI is occupying significant headspace of security leaders as another challenge to manage, but also offers an opportunity to harness its capabilities to augment security at an operational level.
Vendors have been doing a lot of GenAI demos, Addiscott said, and many show real promise for security operations and application security (AppSec).
Richard AddiscottThere’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth. Things will improve, so encourage experiments and manage expectations, especially outside of the security team.
Other major cybersecurity trends outlined in the Gartner report include the increased use of outcome-driven metrics, the rollout of security behavior and culture programs, the adoption of resilience-driven third-party risk management (TPRM) strategies, the spread of continuous threat exposure management, and the extension of identity and access management.
Here's a rundown on Gartner's top cybersecurity trends of this year — with a focus on AI — and what your team needs to know about them.
Related: The AI EO: What AppSec teams need to knowKey takeaways: The State of Software Supply Chain Security 2024Download the full report
GenAI is positioned to completely transform cybersecurity, said Geoff Haydon, CEO of Ontinue. That's because it can drive better speed and accuracy, augment and empower defenders, and streamline communication and collaboration between teams, he said.
Geoff HaydonAI should play a key role in every organization’s cyber-resilience strategy.
But Haydon said AI is not a silver bullet for a strong cyber-posture. It must be combined with human expertise and other security measures to be effective, accurate, and relevant, he added. "Having humans in the loop can fact-check AI-driven decisions and fine-tune AI models."
Patrick Tiquet, vice president for security and architecture at Keeper Security, said AI and machine learning have been playing roles in cybersecurity for some time, and there are use cases that make them an absolute boon in this arena — such as the ability to analyze massive datasets for anomalies faster than any team of humans could.
He cautioned, however, that there are weaknesses in certain types of AI that make them more difficult to implement and trust when applied to cybersecurity.
One of the significant limitations of neural networks and LLMs in cybersecurity, he said, is that they will come up with believable and probably accurate assessments, but they won't be able to explain how they came to their conclusions.
Patrick TiquetWithout that key piece of information, it’s risky for security teams to make business-impacting decisions. This information is better used as a thread to pull and investigate.
David Lindner, CISO of Contrast Security, said AI will alter both the defender and the attacker landscape.
David LindnerIn the near term, the technology will bolster malicious actors by streamlining the process of discovering vulnerabilities and crafting sophisticated attacks, requiring less precision and expertise from attackers. However, as the technology matures, its potential for bolstering cybersecurity defenses becomes more apparent.
Enhanced training methodologies and refined prompting for LLMs will significantly improve the precision and relevance of AI-generated responses, thereby reducing the false positives that often overwhelm security teams, Lindner said.
David LindnerGenerative AI will enable the development of more adaptive, proactive security tools that can predict and neutralize threats before they materialize, tailor security protocols to the unique needs of individual systems, and provide real-time, context-aware guidance to cybersecurity professionals. This evolution represents a paradigm shift from reactive to predictive cybersecurity strategies, marking generative AI's most profound long-term impact on the field.
AI will also have a prominent impact on identity security and governance, said Vibhuti Sinha, chief product officer for workforce identity and intelligence at Saviynt. Identity platforms are inherently complex, and it takes several months before customers can see the real value-add.
Vibhuti SinhaGenAI technologies will be the solution toward building identity platforms that are easy to interact with and can reduce complexities across all governance dimensions.
This could be achieved with easier integrations and onboarding, which can improve the compliance posture of enterprises, which still have 80% of their apps ungoverned, Sinha added.
Gartner also sees greater use of outcome-driven metrics (ODMs) by security leaders to enable stakeholders to draw a straight line between cybersecurity investment and the delivered protection levels it generates. Gartner said ODMs will be central to creating a defensible cybersecurity investment strategy that reflects agreed protection levels, has powerful properties, and is easy to explain to non-IT executives.
David LindnerIn the ever-evolving, complex threat landscape, focus should not just be on the volume of security measures implemented but also on the tangible outcomes these measures achieve. Outcome-driven metrics provide clear insights into the effectiveness of cybersecurity strategies, facilitating better decision making, resource allocation, and risk management.
ODMs help in identifying not only where defenses are strong, but also where vulnerabilities lie, allowing for more targeted and efficient responses to threats. "This shift toward outcomes rather than outputs will allow for better justification of cybersecurity investments and overall security posture improvement," Lindner said.
Another trend identified by Gartner is a shift away from promoting user awareness to looking for behavior changes. By 2027, Gartner predicts, 50% of CISOs at large enterprises will have adopted human-centric security design practices — embodied in security behavior and culture programs (SBCPs) — to minimize cybersecurity-induced friction and maximize control adoption.
Richard AddiscottOrganizations using SBCPs have experienced better employee adoption of security controls, reductions in insecure behavior, and increases in speed and agility. It also leads to a more effective use of cybersecurity resources, as employees become competent at making independent cyber risk decisions.
Security behavior and culture programs address the one-size-fits-all approach of typical cybersecurity training, said Saviynt's Sinha.
SBCPs also introduce continuous learning, as opposed to periodic training, so users are always up to date. "SBCPs also follow a data-driven approach to measure outcomes so they can gauge success effectively over time," Sinha added.
Security leaders' concern over third-party cybersecurity incidents is feeding another 2024 trend, Gartner said, pushing them to focus more on resilience-oriented investments and less on front-loaded due-diligence activities. Several resilience-oriented investments are possible.
Richard AddiscottStart by strengthening contingency plans for third-party engagements that pose the highest cybersecurity risk. Create third-party-specific incident playbooks, conduct tabletop exercises, and define a clear offboarding strategy involving, for example, timely revocation of access and destruction of data.
Linder said that due diligence can never be thorough enough to eliminate risk when third-party vendors are involved. "This reality stems from the fact that due diligence often evaluates the security posture of a third party at a single point in time, failing to account for the evolving nature of cyberthreats and the dynamic changes within third-party environments, particularly in SaaS environments," he said.
Lindner added that establishing third-party resilience isn't easy. It's complicated by the complexity of managing and monitoring multiple third-party relationships, the varying levels of cybersecurity maturity across different vendors, and the difficulty in ensuring continuous compliance with security standards. Additionally, the decentralized nature of SaaS applications complicates the enforcement of consistent security measures, he added.
David LindnerDeveloping a collaborative approach to manage and respond to incidents in real time requires a level of transparency and communication that is hard to achieve, further complicating efforts to maintain a robust security posture across the entire supply chain.
Gartner foresees more organizations adopting continuous threat exposure management (CTEM) programs, which use a pragmatic and systemic approach to continually evaluate the accessibility, exposure, and exploitability of digital and physical assets. By 2026, Gartner predicted, organizations that prioritize their security investments based on a CTEM program will realize a two-thirds reduction in breaches.
Alexei Rubinstein, global sales engineering leader at XM Cyber, said that CTEM is a wise investment.
Alexei RubinsteinIt allows organizations to not only contextualize exposures and attack paths to make sure they have the full understanding of a breach, but it will also allow organizations to take a proactive approach and possibly prevent breaches or reduce breach impact by constantly assessing a potential attack path toward their crown jewels and focusing remediation efforts on resolving key exposures.
Another trend identified by Gartner is the move by many enterprises to an identity-first focus on security. While Gartner sees an increased role for identity and access management (IAM) in security programs, it maintains that practices must evolve to focus more on fundamental hygiene and the hardening of systems to improve resilience. Gartner recommends that security leaders focus on strengthening and leveraging their identity fabric and identity threat detection and response to ensure that IAM capabilities are best positioned to support the breadth of the overall security program.
IAM can be particularly important in securing cloud environments, said Joseph Carson, chief security scientist and advisory CISO at Delinea. "As organizations realize the challenges of multi-hybrid cloud risks, they must take action to reduce those risks, and this typically means a strong identity and access management strategy integrated with a privileged access management solution and cloud infrastructure entitlement management."
Joseph CarsonWith these combinations of solutions, organizations can regain visibility across multiple cloud environments, enforce security, and reduce risks.
ReversingLabs field CISO Matt Rose noted recently that AI is a double-edged sword when it comes to cybersecurity. Development teams, for one, will need to consider the security and safety of the AI tools on which their products are built and the potential for hackers and other malicious actors to poison or attack these systems using that AI technology.
One challenge: understanding where a generative AI system is getting its information.
Matt RoseThey say the Internet is full of fake news. If your AI system is using data scraped from the Internet to come up with directed actions, then the information is only as good as the data it was sourced from.
Addressing AI-related security challenges is ultimately about the ability to look for and understand the behavior and the source of AI-generated code in applications, Rose said. That requires more than the code scanning in traditional application security testing (AST). Rose said software composition analysis (SCA), SBOMs, and complex binary analysis of software packages are essential to securing AI systems.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial