We all know the tired old phrase, “New Year, New Me”. From our vantage point, it would be more accurate to ring in the new year with “New Technologies, New Challenges”. As we begin yet another orbit around the sun, it’s time to consider what the year ahead may have in store for us — as well as what we can learn from the year that was.

Information Security is Top of Mind

If you ask CxO’s what keeps them up at night (something we do regularly), most will cite a cyberattack as one of their greatest concerns. In fact, CFO Magazine found that ransomware was the number one CxO concern for 62% of surveyed organizations. Their fear is not unfounded: In 2023, IBM estimated the average cost of a US data breach at $5.09 million, slightly higher than the global average of $4.43 million. 

Businesses are understandably responding to this continuously growing threat. A 2023 Security Budget Benchmark Summary report found that cybersecurity spending averaged 8.6% of technology budgets in 2020; by 2023, the share had grown to 11.6%. 

Most industry experts agree that information security will continue to represent a significant portion of technology budgets for the foreseeable future. That spending is focused on technologies such as Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE), and Managed Detection and Response (MDR). Together, these technologies can “harden” systems and significantly reduce the chance of a breach.

It’s not just systems that are at risk of a breach. More and more, cyber actors are turning their attention to the humans who use and manage those systems. Data security vendor Proofpoint estimates that so-called Social Engineering represents more than 98% of cyberattacks and that 70% of data breaches begin with Social Engineering. To help counter this threat, CxO’s are predicted to spend more heavily than ever on Security Awareness Training.

As we move into 2024, we also observe that breaches are being conducted with unprecedented levels of “stealth.” This makes them difficult to detect, and often the detection only comes as a byproduct of the attack. 

A Security Operations Center (SOC) — or its outsourced equivalent — can significantly increase an organization’s odds of detecting and responding to a breach before damage occurs. Although the cost of running a SOC has often been viewed as prohibitive, recent trends are forcing CxO’s to rethink this position. As SOCs have matured, SIEM tools have given way to SOAR tools, which are now being displaced by next-generation, AI-enabled security platforms. These newer systems can ingest, correlate, and analyze a broader range of data inputs than ever before, and the improved predictive accuracy rivals even the best human security analysts. The result is a safer, more resilient environment – something all CxO’s can see the value in.

Artificial Intelligence: The Good, the Bad, and the Ugly

While AI-enabled systems are being used to increase security, they are also being used more and more in traditional business processes. 2023 has seen widespread use of AI for research, data analytics, document creation, and process automation. Used properly, AI can be a boon to productivity, but like any nascent technology, users should exercise some caution while using it.

This past year has shown us that AI can yield unpredictable and potentially disastrous results when not used properly. For example, an attorney in the highly publicized Mata v. Avianca case used ChatGPT for research. Unbeknownst to the attorney, ChatGPT hallucinated and produced citations from cases that never existed. The result was national embarrassment for the firm, sanctions against the attorney and the firm, and a fine. 

Even more troubling is the use of AI by threat actors to conduct attacks on businesses. AI systems can quickly produce convincing audio, video, and text – often convincing enough to get unsuspecting targets to cough up valuable credentials. The use of AI for such nefarious purposes is often referred to as Dark AI. In 2023, Dark AI has proven so successful that it has given rise to a cottage industry called Dark-AI-as-a-Service. We expect Dark AI and Dark-AI-as-a-Service to become more prevalent in 2024.

Alternative Cloud Becomes Less Alternative

As in recent years, the Alternative Cloud market will continue to grow and mature. AWS, Azure, and Google collectively represent Big Cloud and continue to maintain the lion’s share (66%) of the overall Cloud Computing market. In 2023, several high-profile outages, unexpectedly high costs, and ever-increasing complexity have driven some businesses to consider Alternative Cloud providers. 

In 2024, we fully expect this trend to continue as Alternative Cloud providers focus on core functionality, security, and uptime rather than niche features and global domination. We wrote about the many advantages of Alternative Cloud a year ago, and those advantages are even more significant today.

Quantum Technologies Continue to Develop

In December of 2023, IBM made several significant Quantum Computing announcements. First, they rolled out Condor, a 1121 qubit processor, the first to exceed the 1000 qubit barrier. They also introduced the Heron processor, a 133 qubit processor that performs 300-500% better than its 127 qubit predecessor. Announcements such as these show the steady progress that Quantum Computing continues to make. As we look to 2024, expect to see increased processor counts, increased qubit density, and novel operating systems designed to take advantage of quantum hardware.

The continued development of Quantum Computing has given rise to concerns as we approach the computing power necessary to break today’s most resilient encryption algorithms. As a result, research into Post Quantum Cryptography (“PQC”) is heating up and standards such as the Commercial National Security Algorithm Suite (“CNSA”) are already taking shape. In fact, the NSA expects that all software and hardware signing for its systems will be done using CNSA by 2030.

In parallel to PQC for classical networks, development of Quantum networks is also very much underway. Whereas classical networks use photons or electrons for signaling, Quantum networks make use of Quantum phenomena such as entanglement and superposition. Doing so means that most classical network intrusion techniques, such as man-in-the-middle attacks, are no longer viable.

2024: A Different Kind of Year

While our 2023 reflections centered on a post-pandemic “new normal”, 2024 feels more like a step into the unknown, defined by big, unpredictable trends with major potential for disruption. Simultaneously, other longstanding but no less significant trends — like rising cybersecurity threats — continue to hum along their course. Although we are certainly grateful that the past year was more normal than not, we enter the new year with a healthy amount of caution for how these major technology trends may intersect with one another. 

Once again we look to the US Marine Corps’ unofficial slogan – “Improvise. Adapt. Overcome” – for inspiration on how best to maximize our opportunities in the year ahead.