To navigate this complex landscape, Heads of IT need to stay informed about the emerging cybersecurity trends. The ENISA Threat Landscape Report of 2023 shows that the number of cyberattacks on companies was higher than ever before.
.webp?width=800&height=505&name=Number%20of%20cyberattacks%20Diagram%20(count%20of%20number%20of%20observed%20incidents%20per%20month).webp)
Source: ENISA Threat Landscape 2023
Here is a summary of 4 key trends to watch out for and how you can address them effectively:
1. Expand your communication skills
Cybersecurity has transcended its traditional role as a technical IT matter. As hacking and cyber-threats escalate, resilience and cybersecurity have become pivotal to long-term business success and growth.
In the light of the pressing need to integrate cybersecurity into corporate culture, it becomes even more critical for Heads of IT in 2024 to cultivate and apply crucial soft skills, including effective communication capabilities that transcend departmental boundaries, bridging the gap across all business functions and establishing clear expectations for all.
Emrick Etheridge, Product Content Owner for Information Security at DataGuard underscores,
"Presenting and communicating important issues are skills that will become increasingly vital for IT leaders. They are increasingly called upon to educate staff on security measures and effectively communicate with senior management." - Emrick Etherdige
Next year, IT managers will face an even greater challenge in persuading C-level executives to allocate higher budgets for the implementation and enforcement of security measures. "This is because cybersecurity budgets are expected to rise significantly in 2024," explains Emrick Etheridge.
The ability to communicate cybersecurity strategies to both technical and non-technical audiences, foster a culture of cybersecurity awareness within the organisation, and effectively advocate for cybersecurity investment will be essential for IT leaders in 2024.
2. Understand legal landscape
Cybersecurity has become a paramount concern for businesses of all sizes, especially those operating in the European Union (EU). The new EU directive, NIS2, is set to significantly enhance cybersecurity standards, making it imperative for organisations to adapt accordingly.
NIS2 introduces a comprehensive set of cybersecurity requirements aimed at bolstering the overall resilience of EU-based organisations against increasingly sophisticated cyber threats. These measures extend to critical infrastructure organisations and other entities deemed essential to society's functioning, including healthcare, digital infrastructure, energy, and transport sectors.
Executive responsibility
Dr Frank Schemmel, Senior Director of International Privacy & Compliance at DataGuard, emphasises,
"Executives should not simply delegate cybersecurity measures. With the introduction of NIS2, C-level executives are now legally bound to ensure that the requirements are implemented effectively in their organisation. IT leaders will, therefore, need to work more closely with the C-suite." - Dr Frank Schemmel
Assessing your NIS2 status
For IT heads, the first step lies in assessing whether their organisation falls under the NIS2 remit. If so, a thorough risk assessment is crucial to identify potential cybersecurity vulnerabilities. Additionally, implementing an effective information security management system (ISMS) is paramount.
However, compliance with NIS2 extends beyond technical implementation. Heads of IT must also delve into the legal aspects of the directive. Dr Schemmel advises,
"With NIS2 taking effect, IT leaders must not only address the technical aspects but also grasp the legal framework. This will enable them to effectively manage compliance and ensure that all required measures are in place." - Dr Frank Schemmel
Internal communication and training
Effective cybersecurity hinges on a culture of awareness and preparedness within the organisation. IT heads must proactively inform and train their employees about the new cybersecurity measures and their role in implementing them.
Does the NIS2 Directive apply for UK businesses?
The UK has opted out of directly implementing NIS2, choosing to address cybersecurity concerns through independent measures rather than adhering to EU legislation. This approach allows the UK to tailor its cybersecurity regulations to its own specific needs and priorities.
Despite not directly adopting NIS2, the UK is taking proactive steps to strengthen its cybersecurity posture. It has made significant revisions to its existing cybersecurity laws, encompassing managed service providers (MSPs) within the NIS regulations, incorporating enhanced supply chain security measures, and bolstering incident reporting obligations.
These changes reflect the UK's commitment to safeguarding cybersecurity within its digital ecosystem. While the UK will not directly implement NIS2, it is taking proactive measures to align its approach with the directive's core principles, ensuring that UK businesses remain compliant with international cybersecurity standards.
Learn more about NIS2 compliance here.
3. Embrace the dual nature of AI
Artificial intelligence (AI), particularly generative AI (GenAI), has permeated our lives, making AI accessible to everyone through chatbots like ChatGPT and Bard.
This ubiquity highlights AI’s dual nature, a concept particularly relevant for IT leaders in 2024. As Emrick Etheridge puts it, AI is like yin and yang – a powerful tool with the potential to be used for both good and evil.
AI's accessibility poses a threat as even those without hacking expertise, termed "script kiddies," can leverage AI to spread disinformation, create fake content, and produce deepfakes, disrupting organisations, individuals, and even governments.
For example, phishing remains a favoured tactic among hackers. AI's emergence has amplified this trend, introducing new variants like spear phishing, whaling, smishing, and vishing. Social engineering attacks have also grown more sophisticated.
This is largely due to the emergence of GenAI tools such as ChatGPT, which make it easier for attackers to send deep fakes to trick employees into providing access to information.
As a Head of IT, you must proactively address this evolving landscape through training, education, and constant communication with experts. Additionally, educating employees about the diverse forms of phishing is crucial.
On the other hand, AI can be used to automate and make a defence against cyberattacks more efficient. To this end, IT managers should embrace AI and GenAI and continue to deepen and broaden AI skills within their organisations.
AI can be harnessed to automate and enhance cybersecurity defences. Embracing AI and GenAI is paramount for IT leaders, who should continuously expand their organisation's AI proficiency. As Etheridge emphasises,
"If no one within your organisation is utilising the positive side of AI, you will only be subjected to the negative side." - Emrick Etherdige
In conclusion, AI's dual nature demands vigilant awareness from IT leaders in 2024. By embracing AI's potential while mitigating its risks, organisations can secure their digital infrastructure and safeguard their data.
4. Navigate the cybersecurity talent shortage
As cybersecurity becomes an ever-more critical aspect of business operations, the lack of skilled professionals to defend against cyber threats poses a significant challenge. This talent gap, projected to continue through 2024, necessitates a reevaluation of recruitment strategies and a greater focus on cultivating an attractive corporate culture.
Put simply, there is a shortage of highly qualified information security specialists who can protect companies from cyber-attacks. Our experts believe that this trend will continue in 2024.
The scarcity of highly qualified cybersecurity experts poses a formidable hurdle in safeguarding sensitive data and critical infrastructure. To attract and retain these in-demand professionals, organisations must adapt their recruitment processes and prioritize fostering a workplace culture that resonates with their values and aspirations.
A positive and engaging corporate culture can serve as a powerful magnet, attracting and retaining the top cybersecurity talent that businesses need to thrive in a digital world.
To effectively address this issue, here are 6 crucial measures you can implement:
- Skills Acquisition Over Certifications: Focus on identifying candidates with a strong aptitude for learning and a willingness to acquire the necessary cybersecurity skills. Look beyond conventional certifications and assess candidates' ability to adapt, expand their knowledge base, and embrace continuous learning.
- Diversity Embracement: Cultivate a diverse workforce that brings a wealth of perspectives, experiences, and approaches to cybersecurity challenges. Diversity fosters innovation, enhances problem-solving abilities, and strengthens the overall cybersecurity posture.
- Emphasize Hard and Soft Skills: In addition to technical expertise, prioritise the development of both hard and soft skills within your cybersecurity team. Encourage empathy, communication, teamwork, and critical thinking skills to create a well-rounded and engaged workforce.
- Competitive Salaries: To attract and retain top cybersecurity talent, consider adjustments to salaries that align with market rates and reflect the value you place on these highly skilled individuals. Competitive compensation is a key differentiator in the tight cybersecurity talent market.
- Invest in Training and Development: Continuously invest in training and development programs for your cybersecurity team to stay abreast of the ever-evolving threat landscape and emerging technologies. Ensure your team has access to the latest knowledge and skills to effectively safeguard your organisation's assets.
- Outsource Cybersecurity Tasks: Strategically outsource specific cybersecurity tasks to external service providers when necessary. This can alleviate resource constraints, free up your in-house team to focus on critical priorities and tap into specialised expertise when required. Collaborating with external service providers can strengthen your overall cybersecurity posture.
By implementing these measures, as a Head of IT, you can navigate the cybersecurity talent shortage effectively, build a robust cybersecurity team, and safeguard your organisations' digital assets in the ever-changing cyber threat landscape.
You might also be interested in reading A Head of IT’s guide to information security.
Now you have a comprehensive understanding of the cybersecurity challenges and opportunities that lie ahead for IT Heads in 2024. Navigating this complex landscape effectively requires expert guidance and strategic partnerships. To secure your organisation's digital future, don't hesitate to connect with us. We're here to empower you with the insights and support you need to succeed.
Schedule a consultationwith our in-house experts today and let's work together to safeguard your organisation's cybersecurity posture.
