Deputy CISO, Microsoft
OPINION / EXPERT PERSPECTIVE — 2023 saw the start of a transformative shift in cybersecurity, bringing both new opportunities and new challenges to the industry. In 2024, we can only expect this change to accelerate as security solutions continue to advance and our digital threat landscape becomes more complex. Here are my predictions for the new year:
Taking a cue from Taylor Swift, AI will begin a new “era” for cyber good, reducing the cybersecurity talent gap. The market has been talking about the shortage in cyber talent. What we have seen with 50-companies previewing Microsoft’s CoPilot is a clear elevation of capabilities in the team. You can write code 50% faster, which means you can get more done. You can uplift talent. A level 1 engineer (less experienced) can do what a level 3 engineer can do. And AI can detect risks and anomalies that humans found very difficult. AI applied to security can shrink the talent gap tremendously.
Advances in generative AI will define cybersecurity in 2024 – helping to reduce vulnerable code at creation and transforming Security Operations Centers (SOCs) by automating workflows and reducing human error. It also means our digital adversaries will be upping their game – and we’ll need to be vigilant and agile to keep up with new kinds of threats.
OT cyber risks will continue to be a priority. Attackers copying data is a nuisance and a big problem. Interrupting OT (manufacturing, energy, telco, etc.) can not only shutdown a company but can have a systemic cascading effect. Just look at what happened to Colonial Pipeline or imagine what would happen if the electric grid was shut down or food supply was interrupted. Getting information security is important but getting OT security is life impacting.
Threat intelligence will become even more important as geopolitical tensions rise and attackers develop increasingly advanced tech. The lines of truth become difficult to discern and influence operations can turn sentiment in elections, policy, etc. We need to be vigilant to how countries use operations influence to move both markets and truth.
More countries will move to more of a cloud sovereignty stance. It is often said that the internet removed country borders of commerce. We have seen a clear evolution of countries moving policy to protect citizens privacy but also supporting local economic progress. This ‘cloud sovereignty’ will likely continue and it will be up to Microsoft, AWS, Google and other cloud providers to allow for both global commerce and local sovereignty.
Disparate privacy laws will move toward rationalization – this was my optimistic prediction for 2023, and we saw the beginnings of some progress.
I’d like to hear from you. What are your 2024 cybersecurity predictions? Which threats will be prioritized? Which technologies and solutions will have the biggest impact? What’s your cybersecurity pipe dream?
Drop an email to firstname.lastname@example.org with your thoughts.
And check out The Cyber Initiatives Group for opportunities to join leading experts from government and the private sector on the most pressing cyber issues.
You can also sign up for the Sunday Cyber Read Ahead newsletter filled with the week’s top cyber stories for an easy way to stay up to date.
Follow Kelly Bissell on LinkedIn
Kelly Bissell joined Microsoft as CVP in 2022. Prior to this, Bissell led Accenture’s Global Security business and oversaw security services including strategic consulting, cyber defense, digital identity, response and remediation services, and managed security services. With more than 25 years of security industry experience, Bissell specializes in breach incident response, identity management, privacy and data protection, secure software development, and cyber risk management. His role at Accenture spanned strategic consulting, proactive risk management and digital identity to cyber defense, response and remediation services, and managed security services—across all industries.