As part of European Cybersecurity Awareness Month, Tata Consultancy Services (TCS) has revealed the top cybersecurity trends it believes will impact global enterprises in 2024. The key themes include generative AI, boardroom discussion, sovereign cloud, vendor strategy, and insights on hiring.

These top cybersecurity trends were developed by TCS cyber experts Margareta Petrovic, Global Managing Partner, Risk & Cybersecurity Consulting & Service Integration and  Dr. KPS Sandhu, Head of Global Strategic Initiatives, Cybersecurity, TCS. 

According to Tata Consultancy Services (TCS), these are the five most essential cybersecurity trends that businesses must consider and monitor to achieve success in 2024:

1. Generative AI Creates Security Opportunities and Pronounces Threats

Generative AI and machine learning are increasing the frequency and complexity of cyber-attacks, creating new pressures on companies. This technology can allow cybercriminals to launch sophisticated and stealthy attacks like deepfakes or self-evolving malware, compromising systems on a large scale. To counter these advanced threats and fight fire with fire, enterprises must use AI-driven cybersecurity.

This technology has the potential to transform the industry by improving enterprise posture through automated hardening of configurations and compliance, overcoming micro-segmentation challenges, fine-tuning least privilege access, enhancing reporting and more.

It can be used to significantly improve security operations in many ways, such as identification of false positive alerts with application of supervised machine classification and active learning, detection of advanced attacks like DNS tunneling with the help of machine learning-based payload analysis and traffic analysis, and discovery of new threat samples using deep-learning supervised classification models.

As threats become more eminent and dangerous, companies can consider two distinct methods to uplift their cyber resilience programs which we believe will see prominence in the future: cyber insurance and real-time threat dashboards.

Currently, leaders in cybersecurity understand the need to prepare for generative AI threats and opportunity—with insurance becoming less of a choice and more of a necessity. As a core precautionary method, a centralised visibility dashboard is a tool we expect many companies to invest in as it can plan, track, and react to attacks while giving insights into real-time cyber risks.

We believe AI and machine learning will be used more widely to help protect data across hybrid cloud environments by identifying shadow data, monitoring data access, encrypting data in transit and at rest, and alerting security teams about potential data breaches.

In the future, user authentication, AI and machine learning will continue to grow in influence. Leaders can use new technology to help balance security with user experience by analysing the risk of login attempts, and verifying users through behavioural data, biometric data, or multifactor authentication.

Additionally, malware can be detected and blocked by analysing file characteristics, network traffic, user behaviour, and other indicators of compromise. As enterprises embark on this journey, they should prioritize employee education on the secure use of AI tools, ensure the security of data transmitted to and from AI tools, have stringent access control and monitoring, and continuously harden models to mitigate potential security vulnerabilities.

2. Spotlight on Cyber with Increased Focus at the Top, Emphasizing Pressure on CISO Role

Due to increased cyber-attacks and opportunities for breaches, we expect C-suite to become increasingly involved in cyber risk-related decisions. According to reports, with increased executive accountability and heavy fines for violations, boards will focus on cybersecurity regularly and could take actions like creating a dedicated cybersecurity committee, engaging with external advisors, and requesting regular reports from CISOs.

Legislative changes such as the EU’s NIS2 Directive and rule changes by the Securities and Exchange Commission (SEC) around material cybersecurity breaches will affect board and cyber organisation structures while influencing decisions about investing in security access management, cloud security, and data security.

This has elevated the office of the Chief Information Security Officer (CISO), who have traditionally operated from a technocrat mindset of managing tactical risks, putting out fires, and enforcing compliance to being included in business strategy decisions and driving cybersecurity-enabled competitive advantage.

Now, these leaders increasingly report to the board and have more autonomy to make investment decisions. Boards will have a dedicated cyber committee and specific C-suite cyber performance metrics while also requiring companies to mandate cybersecurity education and training programs as further ways to mitigate cybersecurity risks and integrate cybersecurity best practices into any company-wide strategy.

3. A More Regulated, “Sovereign Cloud” Becomes Standard in Global Business

We expect the adoption rate of sovereign cloud to grow significantly in the coming years as more countries and regions develop data sovereignty laws and initiatives. When utilising this cloud, companies can safeguard valuable data and systems from unauthorised foreign access on a country or local level. Data privacy regulations and the geopolitical landscape are constantly changing, and these affect the control and flow of data.

The coverage of these laws is fast expanding, and by the end of 2023, nearly 5 billion people responsible for nearly 70% of global GDP will fall under a privacy law. The stringent stance taken by countries against privacy violations, with huge fines being levied on enterprises, makes data sovereignty a key imperative. By adopting a sovereign cloud solution, organisations can reduce the risk of data breaches, espionage, and sabotage, while enhancing trust with investors, customers, and regulators.

The current adoption rate of sovereign cloud varies depending on the sector, industry, and geography. According to a survey by IDC in 2020, 40% of European organisations have already adopted sovereign cloud solutions, while 31% plan to do so in the next two years. The adoption rate is higher among public sector organisations (49%) than private sector ones (37%), and among organisations in France (54%) and Germany (51%) than those in the UK (29%) or Italy (28%).

Some examples of sovereign cloud solutions are Gaia-X: a European project that aims to create a federated data infrastructure that ensures data sovereignty, security, interoperability, and portability for European cloud users and Azure Government, a Microsoft cloud service that offers dedicated regions and compliance certifications for U.S. federal, state, local, and tribal government entities, as well as their partners.  Alibaba Cloud is a Chinese cloud service that operates in multiple regions within China and complies with Chinese laws and regulations for data security and privacy.

4. Expanded Digital Ecosystems Leave Room for Attack, Altering Vendor Strategy

As business models involving digital ecosystems (complex networks of businesses, individuals and various systems and stakeholders that use technology to interact) become more sophisticated, we expect cyber threats to be more imminent. Right now, it is no longer feasible to address every threat identified in an organization’s digital ecosystem.

Because of this, it is recommended that enterprises adopt a continuous approach to threat management, which involves expanding threat assessments to include integrated supply chains while consolidating vendors.

As cybersecurity threats emerge and evolve, organisations often respond by adding more security products and partners, but this can ultimately work against their security goals. To solve this, many organisations are considering opting for vendor consolidation so that security posture can also be improved.

In fact, 75% of organisations are pursuing a security vendor consolidation, which is a substantial increase when compared to figures for 2020 when it was only 29%. The rationalisation of the cybersecurity vendor portfolio is urgently needed to provide the security team with an efficient platform to manage risks effectively across the broad threat landscape.

5. While Talent Gaps Continue to Widen, New Hiring Strategies Can Prevail

The talent gap in cybersecurity has created a dire need for skilled and qualified people to prevent, detect, and respond to novel and ever-growing cyber threats and incidents. ENISA, the European Union Agency for Cybersecurity, recently estimated the EU’s cybersecurity workforce shortage is at 300,000 – a gap that cannot be closed with the current number of graduates.

To combat these rising challenges, companies must consider hiring in-house specialists to bolster internal teams or outsource this work to large external resource companies (consulting firms, cloud providers) to reduce costs and risks. If hiring is not imminently possible, administrators should opt for a managed services provider.

The partner can then implement and operate a unified security platform using automated and streamlined processes to strengthen defences against advanced threats while providing complete visibility into the security posture of the enterprise.

At the education and training level, Europe’s Digital Decade policy programme 2030 has set a target of increasing the number of ICT professionals to 20 million by 2030, while also achieving gender convergence. We expect to see more emphasis on schooling, leading to a fuller job pipeline. We believe that consistency paired with automation will help organisations optimise their cyber security operations and overcome human resource limitations.

About Tata Consultancy Services (TCS)

Tata Consultancy Services is an IT services, consulting and business solutions organisation that has been partnering with many of the world’s largest businesses in their transformation journeys for over 50 years. TCS offers a consulting-led, cognitive-powered, integrated portfolio of business, technology and engineering services and solutions. This is delivered through its unique Location Independent Agile™ delivery model, recognised as a benchmark of excellence in software development.

A part of the Tata group, India’s largest multinational business group, TCS has over 616,000 of the world’s best consultants in 55 countries. The company generated consolidated revenues of US $25.7 billion in the fiscal year ended March 31, 2022, and is listed on the BSE (formerly Bombay Stock Exchange) and the NSE (National Stock Exchange) in India.

TCS’ proactive stance on climate change and award-winning work with communities across the world have earned it a place in leading sustainability indices such as the MSCI Global Sustainability Index and the FTSE4Good Emerging Index.

For more information, visit www.tcs.com.