Blog | 24By7Security

Cybersecurity Advice for 2024 from the Experts at Gartner and Forbes

Written by Sanjay Deo | March, 19 2024

Executives now have access to expert tips for enhancing cybersecurity in 2024

As 2024 continues to build momentum in the first quarter, many industry sources have shared their professional views of the cybersecurity challenges we face in 2024. Both Gartner and Forbes have offered expert cybersecurity advice for 2024 to help guide business executives in stepping up their cybersecurity strategies and safeguards to meet those challenges.

Among the most compelling, cybercriminals are using artificial intelligence to make their schemes more convincing, and experts advise organizations to deploy AI to develop more effective countermeasures. Ongoing vulnerabilities in the supply chain must be addressed with more resilience-oriented investments, shifting away from front-loaded due diligence activities. And zero trust protocols need to be integrated into organizational IT architectures to close risky access gaps.

As a cybersecurity and compliance firm dedicated to continually improving security in business, healthcare, education, and government, we bring these ideas directly to you for consideration.

Latest Cybersecurity Advice from Gartner

In its own words, Gartner “provides insights and solutions across many areas of IT, offering clients actionable advice on developing strategies, selecting technologies, and implementing them in their businesses. Their mission is to help customers use technology to improve their performance and create value for their stakeholders.”

And according to its Wikipedia profile, “Gartner, Inc. is an American technological research and consulting firm based in Stamford, Connecticut, that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences.” Research and advice are major components of Gartner’s value proposition, and when Gartner speaks, business executives typically listen.

In a clarion call to action for security executives in 2024, the following are some of the cybersecurity tips offered by Gartner.

Prepare for the swift evolution of Generative AI 

  • Large language model (LLM) applications like ChatGPT and Gemini are only the start of this disruption, which promises productivity increases, skills gap reductions, and other new benefits for cybersecurity. Gartner recommends security leaders use GenAI in proactive collaboration with their stakeholders to support foundations for the ethical, safe and secure use of this disruptive technology. It’s not too early to “encourage experiments in the use of generative AI, and to manage expectations, especially outside of the security team.”

Shift focus from increasing awareness to fostering behavioral change

  • Concentrating on creating behavioral change will further reduce cybersecurity risks. Security behavior and culture programs (SBCPs) enable an organization-wide approach to minimizing cybersecurity incidents associated with employee behavior. Organizations using these programs have experienced better employee adoption of security controls, reductions in unsecure behavior, increases in speed and agility, and have seen employees become competent at making independent cyber risk decisions, according to Gartner. These programs do not replace cybersecurity awareness training, but rather build on that training to drive new behaviors.

Enhance risk management of third-party services

  • The inevitability of third parties experiencing cybersecurity incidents is pressuring security leaders to focus more on resilience-oriented investments and move away from front-loaded due diligence activities, according to Gartner. The number of data breaches among healthcare providers’ business associates is a prime example of supply chain vulnerability when security measures vary from one supplier to the next. Of the 548 total healthcare data breaches reported to the HHS Office for Civil Rights in 2023, 22 breaches affected a total of 91 million individuals, and more than half of those high-impact breaches were incurred by business associates.
  • Gartner recommends “strengthening contingency plans for third-party engagements that pose the highest cybersecurity risk, creating third-party-specific incident playbooks, conducting tabletop exercises, and defining a clear offboarding strategy” to include timely revocation of access and destruction of data.

Adopt continuous threat exposure management (CTEM)

  • CTEM is a pragmatic, systemic approach organizations can use to continually evaluate the accessibility, exposure, and exploitability of digital and physical assets. By 2026, Gartner predicts that organizations prioritizing their security investments based on a CTEM program will realize a two-thirds reduction in breaches, adding that security leaders “must continuously monitor hybrid digital environments to enable early identification and optimal prioritization of vulnerabilities to help maintain a hardened organizational attack surface.”

Shift from network security and other traditional controls to Identity and Access Management (IAM) techniques

  • An identity-first approach to security moves the focus away from network security and other traditional controls to IAM. Gartner recommends security leaders focus on “strengthening and leveraging their identity fabric and leverage identity threat detection and response to ensure IAM capabilities are best positioned to support the breadth of the overall security program.”

Cybersecurity Advice for 2024 from Forbes

Forbes magazine was founded by Bertie Charles Forbes in 1917 and today is owned by Hong Kong-based investment group Integrated Whale Media Investments. According to the publication’s profile in Wikipedia, Steve Forbes is the chairperson and editor-in-chief, and Mike Federle is the CEO. The venerable American business periodical is based in Jersey City, New Jersey.

In the company’s own words, Forbes aims to drive “systemic change in business, culture, and society,” bringing “this mindset to everything we do, the coverage we deliver, and the communities we connect. Forbes gives people the knowledge, resources, inspiration, and connections they need to achieve success.” 

Below are a few of Forbes’ cybersecurity tips for 2024.

Integrate AI into Cybersecurity Applications

  • As with Gartner’s advice, Forbes recognizes the growing role played by artificial intelligence in cybercrime and its solutions, noting that this role is expanding to encompass automated responses and predictive analytics. Forbes encourages security leaders to use AI to analyze historical data and current trends to anticipate future cyber threats. Integrating AI into cybersecurity applications can improve threat detection and incident response since AI’s ability to analyze vast datasets and detect patterns can quickly identify anomalies or deviations that may indicate potential security threats. AI is already a major component of cybercrime—and needs to be equally significant in cybersecurity countermeasures.

Harden Security Against Ransomware Attacks

  • Ransomware continues to be a formidable threat in 2024, with tactics becoming increasingly sophisticated and ransom negotiations more aggressive. According to Cybersecurity Ventures, damages from cybercrime are projected to exceed $10.5 trillion globally by 2025. The ransomware landscape demands robust backup strategies, employee training (especially in phishing scams which often lead to ransomware attacks), cyber insurance, negotiation expertise, and incident response plans, says Forbes. Security leaders need to be diligent in performing penetration and vulnerability testing, constantly validating network integrity, monitoring for suspicious behavior, and identifying unauthorized activity as well.
  • One of the most active ransomware gangs in the world, the LockBit group alone has targeted over 2,000 victims, extorted more than $120 million in ransom payments, and demanded ransoms totaling hundreds of millions of dollars. The LockBit criminal organization has been active since at least September of 2019, when it launched LockBit ransomware-as-a-service (RaaS) for sale to other hackers and cybercriminals.

Prepare for AI-Based Social Engineering Schemes

  • Social engineering schemes prey on unwitting employees and can lead to unauthorized intrusion, data exfiltration, and ransomware attacks. Cybercriminals use AI-based predictive social engineering and social manipulation techniques to exploit human weaknesses and create more convincing personalized phishing campaigns at scale.
  • As one example, scammers have used AI to clone the voices of family members to convince the call recipient to take certain actions, such as wiring money or providing bank account information to assist the “family member in need.” The Federal Trade Commission has warned consumers about these AI-facilitated social engineering attacks. Security leaders need to include this attack vector in their security risk assessments and adopt AI-resistant security protocols to guard against this emerging threat.

Adopt Zero Trust Architectures Throughout the Organization

  • Rooted in the principle of "never trust, always verify," the widespread adoption of zero-trust architectures signifies a paradigm shift in security strategies, emphasizing continuous verification of every user and device, regardless of their location or network, according to Forbes. Implementing zero trust requires the installation of strict access controls and the successful authentication of every resource before granting any individual access to a system or application.
  • Security leaders need to adopt the concept of zero trust in cybersecurity and integrate it into cybersecurity architectures and programs throughout their organizations. Forbes suggests that the implementation of zero trust is “no longer a technical nicety but a business imperative. This strategic move elevates cybersecurity from a technical concern to a core business function, crucial for protecting organizational assets.”

Summary

Data breaches continue to make news in 2024, with ransomware attacks dominating the headlines. Many industry sources offer expert advice for enhancing cybersecurity, including Gartner and Forbes. Artificial intelligence is a hot emerging topic as cybercriminals use AI to make their schemes more convincing, and experts counsel organizations to deploy AI to develop more effective countermeasures. Vulnerabilities in the supply chain must be addressed with more resilience-oriented investments, shifting away from front-loaded due diligence activities. And zero trust protocols need to be integrated into organizational IT architectures to close access gaps.

Neither should the fundamental but highly effective cybersecurity safeguards be overlooked. These basics include strong password policies, multifactor authentication, regular data backups, annual risk assessments, and full compliance with applicable federal and industry regulations. By leveraging professional advice, tools, and expertise, executives have the power to effectively manage risk within their organizations. Now is the perfect time to implement the cybersecurity advice for 2024 that is most appropriate for your organization.