As we enter the final quarter of the year, here are the key security themes that have emerged from 2024 so far: risks are increasing, AI is here to stay, and the need for cybersecurity professionals and leaders is greater than ever.
Bad Actors Aren’t Slowing Down
The Identity Theft Resource Center reported more than one billion victims of cyberattacks that occurred in the U.S. during the first half of the year, along with a 490% increase of data breach victims compared to 2023. These growing threats aren’t flying under the radar and increased news coverage and awareness have organizations asking, what are we doing to prevent becoming a headline? For many, it seems the answer is implementing a zero trust approach to cybersecurity. In his article Zero Trust Architecture: Building a Resilient Cybersecurity Framework with Key Technologies and Strategies Nitin Uttreja, CISSP defines the concept simply as, “a trust-no-one approach, whether someone is accessing an application from inside or outside of the network. It’s about verifying everything – every user, every device – every time someone tries to access something.” While the zero trust approach is growing in popularity, the 2024 ISC2 Cybersecurity Workforce Study found zero trust among the top three technical skill gaps on security teams.
Are We All Using AI Yet?
In an ISC2 member survey on AI, 88% of respondents said they believe AI will significantly impact their job over the next couple of years with 35% saying that it already has. While AI is commonly seen as a threat to human work roles, in a time where the cybersecurity workforce gap is rising – it might just be the lifeline defenders need to stay afloat. AI can enhance previously manual processes with task automation, user and network monitoring, malware detection and more. Eight out of 10 (82%) of those surveyed agreed that AI will improve job efficiency. This isn’t to say the AI can’t also play the villain. Some 54% of respondents noted a substantial increase in cyber threats this year and 13% are confident they can directly link that to AI-generated threats.
We Need Bees to Build a Hive
The 2024 ISC2 Cybersecurity Workforce Study found that the perceived number of cyber professionals needed to securely protect assets is well outpacing the industry’s employment rate. The count of those actively working in a security role remained broadly flat year-over-year at 5.5 million, while the combined active workforce and workforce gap rose from 4 million to 4.8 million. As we’ve noted, threats are increasing at a significant pace and the number of professionals entering the profession isn’t growing fast enough to counter those threats. It’s no wonder why cyber job satisfaction has seen a steep decline from 74% in 2022 to just 66% in this year’s findings. 58% said staffing shortages pose a significant risk to their organizations and undoubtedly are leaving security professionals feeling stretched thin and therefore vulnerable. Today, the power is still in the hands of organizational stakeholders who can and should open doors for new talent and invest in training and development to address skill shortages. However, a recent ISC2 Insights article warns that without some swift progress we are likely to see more governance and regulation in the form of legislation.
Cyber Leaders are Always Learning
Over the 20 years of Cybersecurity Awareness Month, a persistent theme has been the need to empower cyber leaders. From communicating cross-functionally throughout organizations to embracing the latest technology, those who provide skilled guidance and impact positive change are engaged in continuous learning. Outside of their strategic responsibilities, these leaders found interest in growing their recruitment knowledge, budgeting and understanding the value of their positions. We will continue to explore these themes and more throughout the month. To keep up with ISC2’s latest research, member experiences and more follow along with us and #CybersecurityAwarenessMonth on X and LinkedIn.
Related Articles