4 Cybersecurity Trends to Look for in 2024
Technological advances are multiplying and becoming more and more complex. Robotization and digital transformation are improving productivity and adding value to our businesses. This digitization of our economy brings its own set of challenges in terms of data protection and increasingly sophisticated cybersecurity threats. Now more than ever, companies and organizations need to understand cybersecurity issues and adapt to meet these challenges, using the best practices and most innovative solutions on the market.
Cybersecurity in the spotlight
Cybersecurity will become a hot topic for organizations in the coming years and bears close examination. Each year Gartner, a world-leading information technology research and consulting company, publishes a series of articles and webinars on emerging cybersecurity trends that are shaping the digital landscape. Here is a brief overview of upcoming trends in cybersecurity, according to Gartner.
1. Privacy regulations
By 2024, many jurisdictions, including Quebec, will be adopting modern regulations to better protect personal information. In Quebec, the second phase of Law 25, largely inspired by the GDPR in Europe, came into force on September 22, 2023. This type of regulation will cover the majority of consumer data by 2024, but only 10% of organizations will successfully leverage data privacy, which drives customer trust, as a competitive advantage.
2. Responsibility and zero-trust programs
Surprisingly, still according to Gartner, by 2025, 50% of cybersecurity leaders will change jobs because of the stress associated with this type of professional responsibility.
By 2026, 10% of large organizations will have implemented a mature zero-trust program (compared with 1% today). The zero-trust model assumes that the security of a complex network is always exposed to external and internal threats. Under this model, the infrastructure limits access to data at all times by checking every connection. Of course, this philosophy must be combined with other complementary preventive and offensive security strategies.
3. TDIR capabilities
By 2026, more than 60% of threat detection, investigation and response (TDIR) capabilities will leverage management data to validate and prioritize detected threats, compared with 5% today. As organizations’ attack surfaces expand due to increased connectivity, SaaS use and cloud applications, companies need to have a better overview of their risks, and make use of solutions and experts to continuously monitor threats. Fortunately, new and increasingly powerful TDIR solutions are emerging on the market to help companies identify potential threats, detect cybersecurity attacks and catch all kinds of incidents involving data they want to protect.
As well, with cybersecurity issues increasingly at the heart of corporate risk management strategies, Gartner predicts that more organizations will have a cybersecurity expert on their board to better guide decision-making for this type of risk. By 2026, 70% of boards will include a member with cybersecurity expertise.
4. Putting people at the heart of cybersecurity
Unfortunately, the belief that technology can solve all our problems remains a myth, and humans are still a core consideration in IT security management. For this reason, by 2027, 50% of chief information security officers will formally adopt human-centric design practices into their cybersecurity programs, rather than programs centred on technology. In fact, another Gartner study shows that over 90% of employees have admitted to behaviours they knew to be risky for their organization. The human factor must not be underestimated.
By 2027, 75% of employees will adopt, modify or create technologies, applications or other IT tools without informing their employer or IT department (compared to 41% in 2022). This behaviour will only further increase the potential attack surface and put organizations at risk. Gartner therefore recommends thinking about cybersecurity beyond technology and automation, actively involving employees to improve their decision-making and ensure they have the tools to act in an informed and secure manner.
In any event, it’s important to remember that cybersecurity is evolving rapidly, and will become an even greater issue in corporate risk management. It is therefore imperative to align strategies with corporate objectives and, above all, not to disregard the human factor. In these fast-moving times, standing still is not an option.