“CISOs (and others) feel pressure from recent government actions. As if defending their organizations from bad actors wasn’t challenging enough, now they will have to pay more attention to documenting absolutely everything.”
Hi Steve, welcome to the CIO Influence Interview Series. What is your opinion about the accelerating Big Data in the security industry?
I think that the accelerating data explosion will force a security strategy rethink.
In 2024, organizations will face a stiffer challenge in securing data across a rapidly expanding and changing surface area. One way they can address it is to have the same visibility into SaaS and cloud data as they have in their on-premises environments–in particular with existing capabilities. And that will be a major cybersecurity focus for many organizations next year. More will recognize that the entire security construct has shifted – it’s no longer about protecting individual castles but rather an interconnected caravan.
Why are cyber attackers targeting Edge devices?
Edge devices grow as a target for “boutique” hacker groups.
In September 2023, U.S. and Japanese government agencies announced that hackers linked to the People’s Republic of China used stolen or weak administrative credentials to compromise Cisco routers with the installation of hard-to-detect backdoors for maintaining access.
The disclosure exemplified an emerging trend we’ll see more of in the new year: government intrusion groups viewing attacks on edge devices as a way to differentiate themselves from garden-variety ransomware gangs and such.
Edge devices almost certainly will be a major cybersecurity battlefront in 2024 and provide an opportunity for hacker groups to show off their capabilities. Government programs may even “defend” this edge access from other cybercrime groups and push them out to maintain their stealthy access.
How do you see Artificial Intelligence (AI) solutions transforming the cybersecurity marketplace?
In 2024, AI will dominate the cybersecurity conversation.
Both attackers and defenders will step up their use of AI. The bad guys will use it more to generate malware quickly, automate attacks, and strengthen the effectiveness of social engineering campaigns. The good guys will counter by incorporating machine learning algorithms, natural language processing, and other AI-based tools into their cybersecurity strategies.
I believe there is almost no scenario where AI-driven deepfakes won’t be part of the pending U.S. Presidential election amongst others.
Even if the technology isn’t applied, it’s within the realm that AI deepfakes will be blamed for gaffes or embarrassing imagery. We’ll also hear more about the role AI can play in solving the persistent cybersecurity talent gap, with AI-powered systems taking over more and more of the routine operations in security operations centers.
When it comes to cybersecurity in 2024, AI will be everywhere.
Could you please tell us about the impact of government actions on CISOs?
CISOs (and others) feel pressure from recent government actions.
In late October, the Securities and Exchange Commission announced charges against SolarWinds Corporation, which was targeted by a Russian-backed hacking group in one of the worst cyber-espionage incidents in U.S. history in 2019, and its chief information security officer, Timothy G. Brown. The complaint alleged that for more than two years, SolarWinds and Brown defrauded investors by overstating SolarWinds’ cybersecurity practices and understating or failing to disclose known risks.
The charges came nearly six months after a judge sentenced Joseph Sullivan, the former CISO at Uber, to three years of probation and ordered him to pay a $50,000 fine after a jury found him guilty of two felonies. Sullivan had been charged with covering up a ransomware attack while Uber was under investigation by the Federal Trade Commission for earlier lapses in data protection.
On top of all that, new SEC rules on cybersecurity and disclosure of breaches were set to take effect Dec. 15. They require public and private companies to comply with numerous incident reporting and governance disclosure requirements.
All of this will have CISOs looking over their shoulder in 2024. As if defending their organizations from bad actors wasn’t challenging enough, now they will have to pay more attention to documenting absolutely everything.
Read More: ITechnology Interview with Charles Fan, Co-Founder at MemVerge
Thank you, Steve That was fun and we hope to see you back on CIO Influence soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
Head of Zero Labs, Rubrik.
Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions.
Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.
