• About
  • Subscribe
  • Contact
Thursday, June 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Resources Blogs

Cybersecurity trends and practices

Melinda Baylon by Melinda Baylon
January 30, 2024
Cybersecurity trends and practices
Share on FacebookShare on Twitter

Cybersecurity, safeguarding computer information systems, hardware, networks, and data, has been one of the top priorities of organisations across all industries globally. While technology becomes more sophisticated and cybercrimes become more threatening, practices to protect organisational assets against cyber threats increasingly become necessary.

Statista notes that there are around 5.45 million cybersecurity professionals globally in 2023. Even though the number has increased from 4.6 million professionals in 2022, the talent gap remains to be wide in the industry, as the demand for cybersecurity skills continually shoots up. Even with a widening gap, current cybersecurity professionals make the most they can with the skills they have learned throughout the years.  

Cybersecurity in 2023

For Patrick Joyce, the Global Resident CISO, Proofpoint, the most effective cybersecurity strategy he learned in 2023 is a people-centric approach to cybersecurity and protection. 

“As evident from 2023, bad actors are increasingly employing techniques like social engineering and phishing, exemplifying their focus on manipulating human behaviour to infiltrate systems, rather than exploiting technological weaknesses.” 

Mel Migriño, the Southeast Asia regional director at Gogolook, and chair and president of Women in Security Alliance Philippines, acknowledges that cybersecurity strategy varies from one enterprise to another. She adds that cybersecurity strategies are primarily driven by a company’s risk appetite, resources, capabilities, and regulations.

“Zero trust as a framework and operational strategy is effective to most organisations following a prioritised approach. Also, the Assumed Breach strategy worked well mostly in critical infrastructure,” the Gogolook executive says. 

While there is no one-size-fits approach to cybersecurity strategies, Migriño says it must align with business objectives, risk management framework and principles, people and culture, and regulatory and contractual obligations.

Joyce’s most significant learning in 2023 is the awareness of being up against constantly evolving threat actors.

“They are now even prioritising identity over technology. While the specifics of their tactics, techniques, and procedures (TTPs) and the technology they target may change, one constant remains: people and identities are the most targeted links in the attack chain,” he explains.

Related:  Ransomware-as-a-service, weapon of choice for cybercriminals

For Migriño, it is how threat actors leverage emerging technologies like AI to deploy attacks. 

Mel Migriño

AI has penetrated our lives in ways we did not expect its scale. Hence, there is a strong need to ensure and integrate identity proofing and validation in online transactions and activities.

Mel Migriño

Similar scenarios keep cybersecurity professionals awake at night. 

“Threat actors are more equipped, creative, and motivated than ever. Even with a multi-layered, people-centric approach, we still need to remain vigilant and expect the unexpected,” says Proofpoint’s Joyce.

“It is about the many forms of attacks and the scale of attacks that adversaries can launch while Business As Usual work immerse cyber defenders and the team has limited resources, failing to detect the early stages of an attack, resulting in the business to freeze part or most of its operations,” Migriño says. 

AI, top 2024 concern

Joyce considers the prevalence and democratisation of generative AI as one of the biggest concerns in 2024. 

“Malware developers are already using open-source tools and generative AI to make advanced techniques accessible to an even larger audience. This has resulted in the proliferation of malware with advanced detection-bypass capabilities. This further democratisation might thus lead to the increase in advanced malware by lowering the barrier to entry for more amateur developers in 2024,” he says.

“As there are many ways to misuse AI like the creation of AI-based malware, FraudGPT, scam-based AI, AI gender biases and discrimination that when not detected, controlled and managed will lead to huge risks in our daily lives – ways of work, choices, and perspectives,” says Migriño.

Related:  Dow Jones Risk & Compliance launches RiskCenter Advanced Screening and Monitoring

2024 Challenges cybersecurity profession 

Joyce believes “threat actors will continue to exploit the human element, and more so in 2024.” 

Aside from offensive AI, he lists evolving toolsets that allow threat actors to attack even more industries and continued aggression against identities and privileges as challenges to cybersecurity in 2024

Migriño believes that the lack of AI regulation on a local scale will be a significant cybersecurity challenge in 2024, as well as continued, persistent cyber attacks and burnout among cybersecurity professionals.

“More practitioners are moving in search for a somewhat balanced work and personal time,” she says. 

Staying relevant 

Joyce says it is vital for cybersecurity professionals to collaborate and share insights to stay informed about the latest threats and defence strategies even as threat actors are already doing the same.

Patrick Joyce

Continuous learning through this information exchange will enhance our collective knowledge and response capabilities.

Patrick Joyce

He also hopes CISOs and fellow cybersecurity professionals will advocate for a proactive and adaptive cybersecurity strategy. He says it is vital to recognise and secure the “human element in the cyber defence chain.”

To stay relevant, Joyce reminds cybersecurity professionals to stay updated with industry trends and advancements. He encourages them to adopt responsible AI policies and contribute to discussions on enhancing cybersecurity practices in cybersecurity.

For Migriño, cybersecurity professionals must join in the knowledge exchange within the community. 

“Don’t hesitate to seek peer professional advice, as through coaching, mentoring, and asking questions, we learn more,” she says. 

She hopes the industry will learn how new standards, regulations, and emerging risks can impact enterprises and encourages industry players to propose solutions to common cybersecurity issues.

“Ensure that cybersecurity is a discussion across all levels including the Board. Participate in private-public partnership collaborations in closing gaps in cybersecurity,” Migriño says. 

Tags: Artificial IntelligencecybersecurityGogolookproofpoint
Melinda Baylon

Melinda Baylon

Melinda Baylon joins Cxociety as editor for FutureCIO and FutureIoT. As editor, she will be the main editorial contact for communications professionals looking to engage with aforementioned media titles. 

Melinda has adecade-long career in the media industry and served as TV reporter for ABS-CBN and IBC 13. She also worked as a researcher for GMA-7 and a news reader for Far East Broadcasting Company Philippines. 

Prior to working for Cxociety, she worked for a local government unit as a public information officer. She now ventures into the world of finance and technology writing while pursuing her passions in poetry, public speaking and content creation. 

Based in the Philippines, she can be reached at [email protected]

No Result
View All Result

Recent Posts

  • Platform to enhance software development security
  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl