Artificial intelligence will be the leading cybersecurity trend in 2024, analyst firm Gartner has predicted in a new release ahead of its upcoming Gartner Security & Risk Management Summit in Sydney, Australia. And, it said that security leaders need to prepare for the swift evolution of generative AI (GenAI), adding that large language model (LLM) applications such as OpenAI's ChatGPT, derivative tools such as Microsoft's GitHub Copilot for developers, and Google's Gemini are only the start of its disruption.
Gartner senior director analyst Richard Addiscott said in a statement that Gartner recommends using GenAI only when business stakeholders proactively collaborate to support the foundations for the technology's ethical, safe, and secure use.
“GenAI is occupying significant headspace of security leaders as another challenge to manage, but also offers an opportunity to harness its capabilities to augment security at an operational level.”
—Richard Addiscott
Vendors have been doing a lot of GenAI demos, Addiscott said, and many show real promise for security operations and application security (AppSec).
“There’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth. Things will improve, so encourage experiments and manage expectations, especially outside of the security team.”
—Richard Addiscott
Other major cybersecurity trends outlined in the Gartner report include the increased use of outcome-driven metrics, the rollout of security behavior and culture programs, the adoption of resilience-driven third-party risk management (TPRM) strategies, the spread of continuous threat exposure management, and the extension of identity and access management.
Here's a rundown on Gartner's top cybersecurity trends of this year — with a focus on AI — and what your team needs to know about them.
[ Related: The AI EO: What AppSec teams need to know | Key takeaways: The State of Software Supply Chain Security 2024 | Download the full report ]
AI can be a boon for cybersecurity
GenAI is positioned to completely transform cybersecurity, said Geoff Haydon, CEO of Ontinue. That's because it can drive better speed and accuracy, augment and empower defenders, and streamline communication and collaboration between teams, he said.
"AI should play a key role in every organization’s cyber-resilience strategy."
—Geoff Haydon
But Haydon said AI is not a silver bullet for a strong cyber-posture. It must be combined with human expertise and other security measures to be effective, accurate, and relevant, he added. "Having humans in the loop can fact-check AI-driven decisions and fine-tune AI models."
Patrick Tiquet, vice president for security and architecture at Keeper Security, said AI and machine learning have been playing roles in cybersecurity for some time, and there are use cases that make them an absolute boon in this arena — such as the ability to analyze massive datasets for anomalies faster than any team of humans could.
He cautioned, however, that there are weaknesses in certain types of AI that make them more difficult to implement and trust when applied to cybersecurity.
One of the significant limitations of neural networks and LLMs in cybersecurity, he said, is that they will come up with believable and probably accurate assessments, but they won't be able to explain how they came to their conclusions.
"Without that key piece of information, it’s risky for security teams to make business-impacting decisions. This information is better used as a thread to pull and investigate."
—Patrick Tiquet
AI is altering the cybersecurity landscape
David Lindner, CISO of Contrast Security, said AI will alter both the defender and the attacker landscape.
"In the near term, the technology will bolster malicious actors by streamlining the process of discovering vulnerabilities and crafting sophisticated attacks, requiring less precision and expertise from attackers. However, as the technology matures, its potential for bolstering cybersecurity defenses becomes more apparent."
—David Lindner
Enhanced training methodologies and refined prompting for LLMs will significantly improve the precision and relevance of AI-generated responses, thereby reducing the false positives that often overwhelm security teams, Lindner said.
"Generative AI will enable the development of more adaptive, proactive security tools that can predict and neutralize threats before they materialize, tailor security protocols to the unique needs of individual systems, and provide real-time, context-aware guidance to cybersecurity professionals. This evolution represents a paradigm shift from reactive to predictive cybersecurity strategies, marking generative AI's most profound long-term impact on the field."
—David Lindner
AI will also have a prominent impact on identity security and governance, said Vibhuti Sinha, chief product officer for workforce identity and intelligence at Saviynt. Identity platforms are inherently complex, and it takes several months before customers can see the real value-add.
"GenAI technologies will be the solution toward building identity platforms that are easy to interact with and can reduce complexities across all governance dimensions."
—Vibhuti Sinha
This could be achieved with easier integrations and onboarding, which can improve the compliance posture of enterprises, which still have 80% of their apps ungoverned, Sinha added.
The time has come for outcome-driven metrics
Gartner also sees greater use of outcome-driven metrics (ODMs) by security leaders to enable stakeholders to draw a straight line between cybersecurity investment and the delivered protection levels it generates. Gartner said ODMs will be central to creating a defensible cybersecurity investment strategy that reflects agreed protection levels, has powerful properties, and is easy to explain to non-IT executives.
"In the ever-evolving, complex threat landscape, focus should not just be on the volume of security measures implemented but also on the tangible outcomes these measures achieve. Outcome-driven metrics provide clear insights into the effectiveness of cybersecurity strategies, facilitating better decision making, resource allocation, and risk management."
—David LindnerODMs help in identifying not only where defenses are strong, but also where vulnerabilities lie, allowing for more targeted and efficient responses to threats. "This shift toward outcomes rather than outputs will allow for better justification of cybersecurity investments and overall security posture improvement," Lindner said.
Addressing the human problem in cybersecurity
Another trend identified by Gartner is a shift away from promoting user awareness to looking for behavior changes. By 2027, Gartner predicts, 50% of CISOs at large enterprises will have adopted human-centric security design practices — embodied in security behavior and culture programs (SBCPs) — to minimize cybersecurity-induced friction and maximize control adoption.
“Organizations using SBCPs have experienced better employee adoption of security controls, reductions in insecure behavior, and increases in speed and agility. It also leads to a more effective use of cybersecurity resources, as employees become competent at making independent cyber risk decisions.”
—Richard Addiscott
Security behavior and culture programs address the one-size-fits-all approach of typical cybersecurity training, said Saviynt's Sinha.
"SBCPs will succeed because they integrate security awareness and behavior into day-to-day workflows. This reduces the friction to learn."
—Vibhuti Sinha
SBCPs also introduce continuous learning, as opposed to periodic training, so users are always up to date. "SBCPs also follow a data-driven approach to measure outcomes so they can gauge success effectively over time," Sinha added.
Building resilient third-party risk management
Security leaders' concern over third-party cybersecurity incidents is feeding another 2024 trend, Gartner said, pushing them to focus more on resilience-oriented investments and less on front-loaded due-diligence activities. Several resilience-oriented investments are possible.
“Start by strengthening contingency plans for third-party engagements that pose the highest cybersecurity risk. Create third-party-specific incident playbooks, conduct tabletop exercises, and define a clear offboarding strategy involving, for example, timely revocation of access and destruction of data.”
—Richard Addiscott
Linder said that due diligence can never be thorough enough to eliminate risk when third-party vendors are involved. "This reality stems from the fact that due diligence often evaluates the security posture of a third party at a single point in time, failing to account for the evolving nature of cyberthreats and the dynamic changes within third-party environments, particularly in SaaS environments," he said.
Lindner added that establishing third-party resilience isn't easy. It's complicated by the complexity of managing and monitoring multiple third-party relationships, the varying levels of cybersecurity maturity across different vendors, and the difficulty in ensuring continuous compliance with security standards. Additionally, the decentralized nature of SaaS applications complicates the enforcement of consistent security measures, he added.
"Developing a collaborative approach to manage and respond to incidents in real time requires a level of transparency and communication that is hard to achieve, further complicating efforts to maintain a robust security posture across the entire supply chain."
—David Lindner
Continuous threat exposure management can reduce data breaches
Gartner foresees more organizations adopting continuous threat exposure management (CTEM) programs, which use a pragmatic and systemic approach to continually evaluate the accessibility, exposure, and exploitability of digital and physical assets. By 2026, Gartner predicted, organizations that prioritize their security investments based on a CTEM program will realize a two-thirds reduction in breaches.
Alexei Rubinstein, global sales engineering leader at XM Cyber, said that CTEM is a wise investment.
It allows organizations to not only contextualize exposures and attack paths to make sure they have the full understanding of a breach, but it will also allow organizations to take a proactive approach and possibly prevent breaches or reduce breach impact by constantly assessing a potential attack path toward their crown jewels and focusing remediation efforts on resolving key exposures."
—Alexei Rubinstein
Identity-first security: Bolster your overall security posture
Another trend identified by Gartner is the move by many enterprises to an identity-first focus on security. While Gartner sees an increased role for identity and access management (IAM) in security programs, it maintains that practices must evolve to focus more on fundamental hygiene and the hardening of systems to improve resilience. Gartner recommends that security leaders focus on strengthening and leveraging their identity fabric and identity threat detection and response to ensure that IAM capabilities are best positioned to support the breadth of the overall security program.
IAM can be particularly important in securing cloud environments, said Joseph Carson, chief security scientist and advisory CISO at Delinea. "As organizations realize the challenges of multi-hybrid cloud risks, they must take action to reduce those risks, and this typically means a strong identity and access management strategy integrated with a privileged access management solution and cloud infrastructure entitlement management."
"With these combinations of solutions, organizations can regain visibility across multiple cloud environments, enforce security, and reduce risks."
—Joseph Carson
The pros and cons of AI and cybersecurity
ReversingLabs field CISO Matt Rose noted recently that AI is a double-edged sword when it comes to cybersecurity. Development teams, for one, will need to consider the security and safety of the AI tools on which their products are built and the potential for hackers and other malicious actors to poison or attack these systems using that AI technology.
One challenge: understanding where a generative AI system is getting its information.
"They say the Internet is full of fake news. If your AI system is using data scraped from the Internet to come up with directed actions, then the information is only as good as the data it was sourced from."
—Matt Rose
Addressing AI-related security challenges is ultimately about the ability to look for and understand the behavior and the source of AI-generated code in applications, Rose said. That requires more than the code scanning in traditional application security testing (AST). Rose said software composition analysis (SCA), SBOMs, and complex binary analysis of software packages are essential to securing AI systems.
