Amidst looming economic uncertainty and an ever-evolving threat landscape, enterprises are grappling with the dual challenge of meeting regulatory mandates while fortifying their security measures. The 2024 Thales Global Data Threat Report (DTR) reveals that 93% of enterprises globally have noted a surge in cybersecurity threats.
Here are key insights from the report on how emerging technologies are impacting cybersecurity in 2024.
Data Breach Trends and Threats
- Among the identified threats, malware, phishing, and ransomware have emerged as the most prevalent, with 41%, 36%, and 32% of respondents respectively citing them as the fastest-growing attacks.
- The complexity of cloud resources is on the rise, with over 40% of enterprises now utilizing 50 or more Software as a Service (SaaS) applications, marking a significant increase from 27% in 2021.
- Managing cloud security is becoming more challenging with 55% of enterprises agreeing or strongly agreeing, up from 46% in 2021.
- 22% of respondents highlight human error as the single most concerning threat. Moreover, 74% of respondents prioritize addressing threats arising from human error.
- While 28% of enterprises experienced ransomware attacks in 2024, only 21% said they would adhere to a formal plan in the event of an attack.
- The emergence of generative AI has prompted increased budget allocations for AI-specific security tools, with 52% of respondents investing in such tools using existing budgets.
Risks to Emerging Technologies
- The integration of generative AI into products/services is set to surge, with 22% of enterprises planning integration within the next 12 months. Additionally, 33% intend to experiment with integrating the technology.
- Respondents identify rapid changes in AI as the most concerning security risks, with 68% expressing concerns about challenges to existing plans.
- Prototyping post-quantum cryptography (PQC) emerges as the primary approach for addressing the future compromise of classical encryption techniques, with 52% of respondents adopting this strategy. “Harvest now, decrypt later” attacks are driving interest in PQC, cited by 68% of respondents.
- IT security teams are increasingly venturing into operational technology (OT) realms to defend against IoT threats, with 75% adopting this approach.
- Despite greater connectivity options and integrations, physical or network isolation (“air gapping”) is the least-cited choice for securing IoT/OT environments. Respondents prefer not to depend solely on carrier security, reflecting the importance of zero-trust principles.
- Concerns about the security of data over 5G networks are high among respondents, with nearly two-thirds (65%) expressing apprehension.
Compliance and Sovereignty Concerns
- Security and compliance initiatives are merging within enterprise organizations, aligning inputs, processes, and outcomes.
- In 2024, 84% of respondents whose organizations failed a compliance audit reported a history of breaches, with 31% experiencing a breach in the last 12 months. In contrast, only 21% of those that passed compliance audits have a breach history, with a mere 3% experiencing a breach in the last 12 months.
- Customers, developers, and lines of business are increasingly prioritizing trustworthiness across new technologies such as GenAI, fintech, PQC, 5G, and IoT. Trust, safety, confidentiality, and privacy have become critical factors in a business’s brand.
- Almost 70% of enterprises can classify only 50% or less of their sensitive data, highlighting challenges in data classification and protection.
- Mandatory external key management emerges as the primary method for achieving sovereignty, favored by 28% of respondents.
- Respondents cite full future software compatibility as a key driver of digital sovereignty initiatives, with 31% selecting this option.
- Multicloud use is slightly declining, with the average number of cloud providers decreasing to 2.02 from 2.26 last year.
Identity Complexities and Compromise
- A vast majority of customers, totaling 89%, express a willingness to share their data with organizations. More than four in five customers, accounting for 87%, expect some level of privacy rights from the companies they engage with online.
- With heightened consumer expectations regarding privacy and the substantial volume of external user access, Consumer Identity and Access Management (CIAM) emerges as a top security priority.
- CIAM initiatives face challenges due to high user friction and poor user experiences, making identity verification (IDV) and Know Your Customer (KYC) fulfillment more challenging.
- Emerging threats like GenAI deepfakes further exacerbate these challenges, straining external identity management trust models that rely on user reputation rather than real-life identity.
- Achieving security consistency within CIAM initiatives stands out as the primary challenge, cited by 62% of respondents.
- The significance of workforce identities is growing, driven by recent initiatives focused on phishing resistance, distributed workforces, and automated access requests for governance access. Workforce Identity and Access Management (IAM) emerges as the most pressing current discipline, prioritized by 71% of respondents, with contextual awareness cited as the most frequent challenge.
- Despite the growing emphasis on security, legacy applications remain prevalent. Only 46% of respondents indicate that over 40% of employees at their organization use multi-factor authentication (MFA) for cloud-based applications.
- Respondents observe that workforce IAM is at a crossroads, with significant spending allocated to this area. Among the categories covered in the survey, workforce IAM ranks second for spending and is viewed favorably for its effectiveness against attacks.
Increasing DevOps Challenges
- Two-thirds of the data threat report respondents in 2024 prioritize DevSecOps and cloud as their top emerging security concerns.
- Secrets management ranks as the primary DevOps challenge, cited by 56% of respondents, followed closely by workforce IAM challenges, such as privileged user management, at 52%.
- Over half (53%) of respondents have implemented a formal security champions program as part of their DevSecOps initiatives.
- Operational complexity remains a security concern, with a slight decline in respondents reporting five or more key management systems, although the average number of key management systems only marginally decreases from 5.6 to 5.4.
Key Principles and Initiatives for Enterprise Security
The report outlines essential principles and initiatives for enterprises and security leaders to address emerging cybersecurity challenges effectively:
Principles:
- Alignment of Targets, Spending, and Effectiveness: Invest in robust programs like Workforce IAM and CIAM to tackle evolving threats such as phishing and identity infrastructure attacks.
- Transition to Proactive Defenses: Shift from reactive to proactive security measures, enabling safe adoption of new technologies like GenAI, cloud, IoT/5G, and quantum computing.
- Stakeholder Buy-In: Communicate the positive business impact of proactive security measures to stakeholders, fostering shared goals and outcomes.
- Facilitate Stakeholder Buy-In: Enable stakeholders to secure themselves through simpler onboarding and authentication processes, promoting secure development via security champion programs.
Initiatives:
- Growing Customer Trust: Implement security measures to build trust in customer experiences, enhancing overall trustworthiness.
- Growing Resilience: Regularly exercise response plans to enhance controls and identify gaps in ransomware response, given its coordinated responsibility and legal implications.
- Growing Readiness: Enhance understanding and control of data in light of emerging technologies, including cloud and GenAI, by identifying, implementing, and planning for data protections as a precursor to enterprise transformation.
Disclaimer: This is an editorial piece intended to provide information and analysis on a topic of interest for DHN readers. The content does not constitute advertising or endorsement of Thales services. Please note that all reports and other content referenced within this piece remain the copyright of Thales.
Read next: AI cybersecurity market to quadruple and hit a $133 billion value by 2030