{"id":21042,"date":"2024-03-14T21:30:23","date_gmt":"2024-03-14T16:00:23","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-in\/?p=21042"},"modified":"2025-04-25T13:12:24","modified_gmt":"2025-04-25T07:42:24","slug":"cautionary-tales-of-2023-and-gartners-cybersecurity-trends-for-2024","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/cautionary-tales-of-2023-and-gartners-cybersecurity-trends-for-2024\/","title":{"rendered":"Cautionary Tales of 2023 and Gartner’s Cybersecurity Trends for 2024"},"content":{"rendered":"

2023 was a real inflection point in the realm of cybersecurity and cybercrime. While the year saw companies give more importance to the role of cybersecurity in their organization, the fact of the matter is that cybercrime continued to be on the rise. The average cost of a data breach in 2023 was $4.45 million<\/a>, highlighting a 15% increase over the last three years. In addition, Statista<\/a> also reported that 72.7% of all organizations fell prey to a ransomware attack in 2023.\u00a0<\/span><\/p>\n

To that end, Gartner recently identified the top 6 cybersecurity trends that will shape 2024<\/a> – a <\/span>great read<\/span>, if you haven\u2019t checked it out already. What we wanted to do was bring to light several cautionary tales that occurred in 2023, and how each incident\u2019s learnings are linked to Gartner\u2019s 6 trends for 2024.<\/span><\/p>\n

Trend #1:<\/b> Turning short-term skepticism for Generative AI into long-term hope<\/b><\/h3>\n

Generative AI is a relatively new technology, and all of those tend to have teething problems.\u00a0<\/span><\/p>\n

Last year, Samsung banned the use of ChatGPT and other AI-powered chatbots because of how precariously 3 different employees used it:<\/span><\/p>\n

    \n
  1. One engineer entered source code to find out how to resolve a software bug.<\/span><\/li>\n
  2. One executive recorded a confidential meeting, used a transcribing software and fed it to ChatGPT to conjure up meeting notes.<\/span><\/li>\n
  3. A third employee used it to optimize the test sequence for identifying defective chips.<\/span><\/li>\n<\/ol>\n

    The tricky part is, that once this data is fed, it gets stored on those servers with no easy way to access and delete them. Furthermore, prior conversations are used to train these AI models, so there\u2019s every chance that your sensitive data could be served up to other users.<\/span><\/p>\n

    Therefore, through proactive collaboration with business stakeholders, organizations must build the foundations for ethical, safe, and secure usage of this highly disruptive tech. Encourage experimentation and manage expectations, especially when it comes to employees outside your security team so that they know the power (and danger) of these transformative tools. Incidents like the Samsung-ChatGPT one will continue to pop up, yet that shouldn\u2019t distract from the ultimate fact that AI could be transformative for both your business operations and your cybersecurity strategy.<\/span><\/p>\n

     <\/p>\n

    Trend<\/b>\u00a0#2:<\/b> The Rise of Cybersecurity Outcome-Driven Metrics (ODMs)<\/b><\/h3>\n

    Incidents like the aforementioned scenario bring relevance to the increasing adoption of outcome-driven metrics (ODMs) to an organization\u2019s cybersecurity strategy. The frequency and negative impact of cyberattacks have seen organizations question their strategy and regularly test if it is being continuously improved upon.\u00a0<\/span><\/p>\n

    To that end, ODMs create a clearer path between the investment in cybersecurity and the results it generates in the form of delivered protection levels, in language easily understood by non-IT executives. What\u2019s interesting is that cybersecurity teams are now increasingly being evaluated during appraisals on these metrics.<\/span><\/p>\n

    Gartner identifies 16 key metrics that are required for cybersecurity measurement, reporting, and investment.<\/span><\/p>\n

    \"Gartner's
    Gartner’s 16 key metrics that are required for cybersecurity measurement, reporting, and investment.<\/figcaption><\/figure>\n

    Trend #3:<\/b> SBCPs to Reduce Human Error<\/b><\/h3>\n

    Gambling can sometimes be fun, but not when it comes to your customers\u2019 private data. That\u2019s exactly what happened when attackers from the group Scattered Spiders obtained MGM employee info on LinkedIn and impersonated them while speaking to MGM\u2019s IT help desk to get credentials.<\/span><\/p>\n

    A ransomware attack ensued, MGM\u2019s systems were completely shut down, and there were reports of malfunctioning slot machines and room keys, followed by a reveal a few days later that customer names, contact info, gender, DOB, and even Social Security Numbers, were leaked as part of the breach.<\/span><\/p>\n

    Don\u2019t gamble with your organizational data like that. This breach wouldn\u2019t have happened if MGM\u2019s IT team had been sufficiently trained in ideal cybersecurity practices. The only way to avoid human error, which forms the basis of <\/span>so <\/span><\/i>many cyberattacks, is to have a focus shift from \u2018increasing awareness\u2019 amongst your employees to \u2018fostering behavioral change\u2019.<\/span><\/p>\n

    Effective security behavior & cultural programs (SBCPs) are crucial to achieving that leap. Through these programs, you can successfully create better employee adoption, reduce slack behavior, and thus increase speed & agility. Through the efficacy of these measures, employees become competent at making independent cyber risk decisions.\u00a0<\/span><\/p>\n

    Read more on how Human Errors are the weakest link in the cybersecurity fabric<\/a>, a POV by Mitish Chitnivas, CTO, iValue Group.<\/p>\n

    Trend #4:<\/b> Resilience-Driven,\u00a0 Resource-Efficient TPRM<\/b><\/h3>\n

    Third parties shouldn\u2019t be your organizational crutch. Instead, by establishing mutually beneficial relationships with third parties that ensure that your most valuable assets are continuously safeguarded, they can be valuable assets.<\/span><\/p>\n

    The London Metropolitan Police found that out the hard way when its IT supplier, Digital ID, experienced a ransomware attack in August 2023.\u00a0<\/span><\/p>\n

    Through this, sensitive information of nearly 47,000 law enforcement officers & staff was exposed. We\u2019re talking names, photos, ranks, and identification numbers for all these officers. Seriously dangerous real-world ramifications possibly ensued when you consider that some officers were undercover or involved in counter-terrorism ops.<\/span><\/p>\n

    The key to choosing the latter is an enhanced third-party risk management (TPRM)<\/a> strategy, that moves away from front-loaded due diligence activities to a strategy involving continuous monitoring and improvement. Some essentials your TPRM strategy should contain include:<\/span><\/p>\n