After meeting with top security professionals and executives around the world and hearing their key priorities, challenges and opportunities, we thought it would be worthwhile to share several themes we predict will define cyber security in 2024:
To take stock of where we’re at and what lies on the horizon, we’ve once again gathered our team of cybersecurity experts. Let’s take a closer look at what they observed in the crystal ball for 2024.
* IT execs will become knowledgeable about the threats posed by Post Quantum Cryptography (PQC), and companies will start accelerating their investments for crypto-agility. In 2024, PQC education and planning activities will accelerate investments in this area. We predict companies will move aggressively to start enforcing policies around PQC. NIST is expected to release its final standards in February, which will push organizations to take steps to consider, document and specify their quantum strategy and crypto-agility approach. One of the most vital steps will be a move to a certificate management platform and discovery.
* Identity and provenance will become the foundation for content authenticity, with Generative AI making it harder to distinguish real from fake content. We predict that browsers will begin rolling out special displays for QWACs, as required by law. This will be a game-changer, because as merchants, governments and financial institutions realize the value of having their identities displayed, they’ll advise that customers only do business with entities displaying QWACs.
* Software supply chains will see trust embedded in building blocks: inspect before you sign software, check packages, and provide Software Bill of Materials (SBOM) transparency. On the hardware side of the supply chain, we predict that more malware will be embedded within hardware components manufactured in certain regions. Placing malware inside devices like digital cameras, modems and laptop microcontrollers is an easy way for bad actors to compromise the entire supply chain. Manufacturers will begin to demand that suppliers utilize a trust-by-birth and security-by-design approach to chipsets and other components to assure day-zero security.
* IoT Trust will enable a wider range of real-world use cases such as EV chargers and medical devices. As the world grows increasingly mobile and dynamic, device security is becoming more important than ever. With individual identity now frequently tied to smartphones and other devices, the root of identity must be specialized per device and per individual - all protected under the umbrella of trust.
* Chief Digital Trust Officers (DTOs) will emerge as a key participant on the executive team guiding business priorities. A DTO is responsible for ensuring that an organization's partners and customers can trust the organization's digital assets and capabilities. Their work is focused on keeping an organization's digital presence secure and reliable and ensuring that trust is built into all digital interactions. Having a DTO leader not only brings a more strategic approach to security and compliance but conveys a message of confidence and assurance in the safety and security of the digital infrastructure within the company.
* Zero Trust security architecture will continue to proliferate. Its foundation will rest on Digital Trust in identities. “Never trust, always verify” architectures will become pervasive through information technology, product security and consumer ecosystems, replacing networks and VPNs that formerly provided implicit trust to their users. The use of certificate-mediated authentication to deliver identity, integrity and encryption to application and data interactions will continue to grow.
---
As you know, our mission is committed to helping our customers bring Digital Trust to the real world. I invite you to reach out to my team with any questions or needs, and I wish you great success in 2024 and beyond.