Cybersecurity Trends: 8 Critical Trends to Watch

Dissecting the cybersecurity landscape isn’t easy. Organizations are perennially under-prepared. Seemingly every person in the world has been affected by some company’s data breach. Then, we layer in the biggest tech news of 2023: the widespread experimentation and use of generative AI.

Today, no one is immune from the threat of an attacker. Each organization must be ready. Organizations of all sizes must understand the evolving cybersecurity landscape in order to defend themselves. Importantly, the impact of cyberattacks is not limited to the digital world. More and more, we see digital attacks having real impact on the physical world.

Fortunately for all of us, the goal and focus of cybersecurity has never been more clearly in focus. We know what we need to do, we just have to do the hard work. So, 2024 is a great year to reevaluate — and perhaps refocus — your security posture.

Lookback at 2023 trends

First, let’s take a quick stroll down memory lane. Technology writer Kayly Lange explored eight trends a year ago — let’s see how those landed now.

• Ransomware attacks will increase, become more professionalized. This truism remains, and with a new twist: the biggest trend in ransomware is extortionware, a new flavor of attack.
• Machine learning as the next attack vector. We are seeing more instances of data exfiltration, which could poison your ML datasets.
• Deglobalization pressures turn cybersecurity local. More local laws are emerging, especially around data privacy, and we’ll see how this local spin plays out in another trend below.
• It’s still a great time to work in cybersecurity. That’s because we need more security professionals than we currently have.
• Omnichannel attacks are on the rise. This has never been truer! More channels for us to live and work — social media, chat, phone calls, video, SMS — means more surfaces to attack.
• The CISO role expands. True: the stakes of security grow, so attention in the board room does too. In fact, nearly half of CISOs now report directly to their CEO.
• Requirements for cyber insurance will increase. Though estimates vary, you’re likely paying much more for cyber insurance today than you did just a year or two ago.
• Zero-trust is the norm. Yes, zero-trust is still the ideal standard, though many orgs still struggle to get there.

With that background, lets pivot to some top trends for security in 2024.

What’s in? Cybersecurity trends in 2024

Six trends, in no particular order.

Trend 1: Threat hunting & detection engineering on the rise

Here at Splunk, we’re having more conversations about threat hunting than ever before. That alone is a reflection on cybersecurity going mainstream: we’re all being attacked, so how can we go on the offensive and hunt out these threats?

Threat hunting generally combines manual and machine-assisted processes — driven by curiosity and pattern recognition. Expert hunter and researcher David Bianco explains the relationship between automation and threat hunting:

The ultimate goal of threat hunting is not only to find more security incidents — but to improve automated detection capabilities over time.

Indeed, its this relationship between humans and automations that will power the most robust security mechanisms. Which explains the similar rise in detection engineering, a cyber discipline focused on building and continuously fine-tuning your systems to detect risky or unauthorized activities.

(For the latest in threat hunting, explore the new, agnostic PEAK Threat Hunting Framework.)

Graph from Google Trends showing global search interest over the last five years. People searching for “threat hunting” is the red, top line, those searching “detection engineering” is shown in blue, underneath.

Trend 2: Fully embracing security automation (finally!)

Another thing our security pros have found: many, many people are interested in security automation. That’s because more and more people understand how their actions can have risk — and automation is one way to lower that risk. Automation enables critical functions to protect against regular attacks and known vulnerabilities.

Here at Splunk, we’re seeing significant growth in the amount of people looking for information about security automation, including security solutions like SIEM and SOAR. Learn more about these concepts:

• Security automation
• SIEM vs. SOAR solutions

Trend 3: A smarter focus on data

Dovetailing with the automation trend is a renewed focus on data. Data is the enabler for cybersecurity science. Its not about having enough data — its about ensuring the quality, security, and privacy of that data.

Data quality is important because it ensures that your data is accurate, complete, consistent, unique, valid, and maintains its integrity. If you’re basing your security on inaccurate, bad data, your cybersecurity will also be bad.

Not sure where to start? This guide to data types will help you prioritize.

Trend 4: AI for security

Shocking no one, AI is certainly on everyone’s trends list this year. More people are using AI — and using it well. And the more attention something in technology gets, the more it becomes a target for bad actors.

The biggest uptick is in the use of generative AI. Despite a lot of handwringing about AI leading to more cyberattacks, our SURGe security team researched this exact phenomenon and found that…at least for now, nothing is a huge deal.

In fact, it might be that AI will actually be helpful in the long run — it certainly will be central to how we do cybersecurity. That’s because AI on its own isn’t going to revolutionize anything, according to Gary Steele, Splunk’s President and CEO.

“What is crucial is the purposeful application of [AI] rather than widespread, undirected use.”

Indeed, Steele and others believe that AI will transform how the world’s most complex organizations will keep digital systems both secure and reliable. He predicts that “we will see AI bring enormous value by”:

• Automatically detecting anomalies.
• Leveraging predictive models to provide better ways for security teams to distill information, find patterns and prioritize threats.
• Recommending actions and focusing users’ attention where it’s most needed based on intelligent assessment of risk.

(Learn about Splunk AI & our trustworthy AI principles.)

Companies are already using genAI for cybersecurity. (The CISO Report)

Trend 5: Cyber education

For security pros, 2024 might feel like a pivotal year, where everyone who doesn’t already love cybersecurity finally starts to understand what you’ve been harping on about for years. We know that most people around the world use the internet — yet few know where their risks lie.

That needs to change. As Ollie Whitehouse, new CTO at the UK’s National Cyber Security Center (NCSC) explains, his agency has “a critical role in preparing the UK for tomorrow whilst supporting a path to a whole-of-society cyber resilience today.”

It’s the whole-of-society angle that feels new. Just as we’re seeing individuals understand the risk, organizations and governments are getting involved, too. President Joe Biden and Vice President Kamala Harris jointly, in 2023, released the National Cyber Workforce & Education Strategy (NCWES), a comprehensive approach that aims to address short-term and long-term needs for the cyber workforce.

(Keep learning with these security certifications, events, books & podcasts.)

Trend 6: Security becomes the #1 area for tech spending

With increasing interest rates globally, more organizations are dialing back unnecessary — or less justifiable — spending while going all-in on cybersecurity. With AI developing as rapidly as it is, organizations might be smart to define and strengthen your security posture right now, as preparation for the future.

(Learn more: IT Spending Forecasts & The State of Security Annual Report.)

What’s out for 2024

• Worrying about every little vulnerability. That’s because we don’t know what we don’t know: we can only guess which vulnerabilities are likely to present genuine threats to our systems in the near future. Instead, focus on the threat at hand.
• Data operations being limited to data scientists and data engineers. Today, everyone is using data at work. This is a blessing — people can understand their work better — and a curse: its yet another risk that security teams must consider.
  (Related reading: today’s top data trends.)

• Rolling your own encryption. It’s never cool.

The state of cybersecurity in 2024

To remain secure in the face of increasing threats, 2024 will be marked by a modern cyber-defense that requires flexibility to meet the evolving cybersecurity landscape. Both individuals and companies must look at their current digital footprint and consider how to lower their risk of attack — both now and in the years ahead.