Security Operations, Threat Intelligence, Managed Security Services

2024 cybersecurity forecast: Regulation, consolidation and mothballing SIEMs

Crystal ball on a desk, AI driven visions of sophisticated algorithm. Blurred tech office in the background, intense cyber security operations

Layoffs, bankruptcies and macroeconomics created choppy waters for cybersecurity businesses in 2023. It was the year that the sector, which once seemed unsinkable, wavered. But unlike the Titanic, industry pros say 2024 will be a comeback year for the sector. However, those blue skies won’t come before strong headwinds that include consolidation, technology churn and innovation that will challenge the cybersecurity old guard.

What follows is a SC Media round robin of informed opinions from industry thought leaders on what to expect in 2024 when it comes industry consolidation, pending regulations, software supply chain issues and new tech supplanting old tech.

Economy and industry consolidation

Industry shift toward cost-effective cybersecurity solutions and consolidation, says Oren Koren, Veriti CPO and co-founder: 

Amid these economic pressures, cybersecurity vendors are expected to increasingly consolidate and bundle their products. This approach, aimed at offering comprehensive security solutions through bundled packages, is predicted to provide cost-effectiveness for organizations. However, this trend also raises concerns about the risks associated with vendor lock-in and the potential over-dependence on single providers for comprehensive security needs.

Trend toward best-of-breed solutions, says Husnain Bajwa, VP of product strategy, Beyond Identity:

Husnain Bajwa

The previous year's trend towards bundled cybersecurity solutions will face a correction in 2024. Companies will realize that a one-size-fits-all approach does not effectively address their unique security needs. This will lead to a renewed interest in best-of-breed solutions, with organizations selectively integrating specialized tools for more tailored and effective cybersecurity strategies.

Larger tech companies will acquire small SaaS startups and a market recovery, says Olivia Rose, CISO and founder at Rose CISO Group, faculty at IANS Research:

Olivia Rose

2024 will see larger tech and cybersecurity companies acquiring smaller SaaS startups. These smaller entities have flocked to the cloud, offering similar services, and often lack a distinct value proposition. As a result, they will be absorbed by larger organizations seeking to supplement their offerings with innovative technology.

We’ll see the consolidation of passwordless and credential management companies, says Bassam Al-Khalidi, co-founder and co-CEO, Axiad:

We’ll start to see mergers between passwordless and credential management companies, which will create a new category in the authentication space: think “passwordless plus.” This movement will be similar to the consolidation we saw a few years back between identity management and access management companies, which resulted in the identity and access management (IAM) industry.

Regulations and corporate responsibility

Cybersecurity can’t stay silent any longer, says Mike DeNapoli, director and cybersecurity architect, Cymulate:

A massive precedent was set in 2023, with the conviction of Uber’s former CSO for two felonies by U.S. federal courts, and SolarWinds being given not one but two Wells Notices. It is anticipated that senior leadership and even board-level discussions around cybersecurity will accelerate dramatically in 2024 in response. These conversations will be on what is required to meet the SEC’s new regulations, but also what is required to keep leadership and board members from being indicted and charged with federal crimes.

Legal and regulatory stakes are higher, says Kayla Williams, CISO, Devo:

CISOs’ jobs are getting harder. Many are grappling with an onslaught of security threats, and now the legal and regulatory stakes are higher. The new SEC cybersecurity disclosure requirements have many CISOs concerned they’ll be left with the liability when an attack occurs. As we’ve seen with the charges against the SolarWinds CISO, these fears have merit — and we need to prepare ourselves for this. CISOs can’t just be technical experts anymore. Their skillset must be more well-rounded in enterprise risk management, requiring a deeper understanding of the laws and regulations in the jurisdictions and industries where their companies operate. They must also tie compliance tightly to corporate objectives. It’s also going to require CISOs to (more often) form alliances with other executives who will have to play a bigger role as cybersecurity becomes a board-level issue.

Better executive accountability for cyber failures, says Igor Volovich, vice president of compliance strategy, Qmulos:

Regulators in the U.S. and abroad are demanding better accountability from enterprise executives, focusing on cybersecurity in general, and cyber compliance specifically, as the means of incentivizing better decisions and greater transparency about enterprise security posture. Executives are beginning to question the integrity of their compliance reporting, as they recognize how much of what they believe they know about their risk posture is based on subjective opinion as opposed to objective, data-driven evidence. As regulators ratchet up their scrutiny of corporate cyber resilience, concerns mount about the validity of compliance reporting and the risk of personal civil and criminal responsibility for leaders who falsify compliance reporting, especially in the context of federal grants and contracts. Expect to see additional efforts by the SEC, FTC, DHS, and CISA to bring to account firms and leaders found to be misrepresenting their cyber posture.

Expect to see new regulations for reporting breaches, says Bobby Cornwell, vice president strategic partner enablement and integration, SonicWall:

Bobby Cornwell

In 2024, incoming cybersecurity regulations will force businesses to be more transparent about their breaches and attacks. Forthcoming legislation such as the EU's NIS2 Directive and the Cyber Resilience Act will impose more stringent standards for cyber protection and establish clear reporting timelines in the event of a breach. As these directives take effect, businesses will be made to share with their partners and suppliers early identifications of system vulnerabilities or face fines. The aim of this is to prevent cybercriminals from inflicting widespread damage across multiple businesses. In 2024, it will be crucial to optimize the transparency afforded by these regulations, and by dragging cybercriminals out into the open, authorities can more effectively curtail their illicit activity.

Regulations will be more strict, says James Campbell, CEO and co-founder, Cado Security:

Regulatory bodies, especially the SEC, will likely impose stricter cyber regulations as cyber incidents increasingly influence stock markets and investor sentiments. These impending regulations respond to the growing cyber challenges with financial and societal implications. It's expected that more stringent oversight and guidelines will emerge to protect investor interests and ensure market stability.

Supply chain and third-party vendors

Attackers will continue to seek ways into the ground floor, infecting devices before they are even onboarded, says Michael Heywood, business information security officer, HP Inc.:

In 2024, we’ll see the attention on software and hardware supply chain security grow, as attackers seek to infect devices as early as possible — before they have even reached an employee or organization. With awareness and investment in cybersecurity growing each year, attackers have recognized that device security at the firmware and hardware layer has not maintained pace. Breaches here can be almost impossible to detect, such as firmware backdoors being used to install malicious programs and execute fraud campaigns on Android TV boxes.

The increasing sophistication of AI also means attackers will seek to create malware targeted at the software supply chain, simplifying the process of generating malware disguised as secure applications or software updates. In response to such threats, organizations will need to think more about who they partner with, making cybersecurity integral to business relationships with third parties. Organizations will need to spend time evaluating software and hardware supply chain security, validating the technical claims made by suppliers, to ensure they can truly trust vendor and partner technologies. Organizations can no longer take suppliers' word on security at face value. A risk-based approach is needed to improve supply chain resilience by identifying all potential pathways into the software or product. This requires deep collaboration with suppliers — yes or no security questionnaires will no longer be enough.

Organizations must demand a deeper understanding of their partners' cybersecurity posture and risk — this includes discussing how incidents have changed the way suppliers manage security or whether suppliers are segregating corporate IT and manufacturing environments to shut down attackers' ability to breach corporate IT and use it as a stepping stone to the factory.

A risk-based approach helps ensure limited security resources are focused on addressing the biggest threats to effectively secure software and hardware supply chains. This will be especially important as supply chains come under increasing scrutiny from nation-state threat actors and cybercrime gangs.

Automated vendor assessments and enhanced security measures will become the norm, redefining how companies interact with third-party vendors, says Adi Dubin, vice president of product management, Skybox Security:

In 2024, we can expect a significant shift in how companies interact with third-party vendors and assess their security measures. The traditional checklist approach to mitigating third-party breach threats will evolve as businesses increasingly transition from manual assessments to automated procedures.

Similar the adoption of external attack surface solutions, many companies will adopt automated vendor assessments for a more comprehensive approach. This approach is expected to become the norm, especially in industries like insurance. Additionally, customers will take a more active role in assessing their vendors, conducting extensive evaluations, and implementing a wide range of automation-driven solutions to enhance code controls and security measures. This will ultimately strengthen the vendor-customer relationship.

Convergence of cyberspace, supply chain and international conflicts, says Tyler Moffitt, senior security analyst, OpenText Cybersecurity:

Tyler Moffitt

Concurrently, the escalation of geopolitical tensions in regions such as Eastern Europe and the Middle East are likely to spur a rise in cyber-espionage campaigns and targeted malware attacks, underscoring the growing convergence of cyberspace and international conflicts. A notable development in the supply chain landscape is the Cl0P ransomware gang's successful exploitation of a zero-day vulnerability in MOVEit Transfer, a managed file transfer solution. This significant cyberattack, one of the largest in 2023, signals a pivotal shift towards targeting supply chain and third-party software vulnerabilities, a trend I predict will intensify and be leveraged by nation states. I expect we may see an increase in similar attacks in the upcoming year.

Shifts in design and services

Adoption of security-by-design, says Mike Linksvayer, VP of developer policy, GitHub:

After the Cyber Resilience Act, policymakers and developers drive adoption of security-by-design. The CRA wisely avoided breaking the open source software ecosystem, but now the hard work starts: helping manufacturers adopt modern software development practices that will enable them to ship secure products and comply with the CRA, and driving public investment in open source software security to efficiently raise all boats. Implementation of the U.S. national cybersecurity policy will have similar themes and show this is a worldwide trend that spikes in 2024.

CNAPP and XDR as "table stakes," says Andre Rall, director of cloud security, Uptycs:

Identity is emerging as the new perimeter in cybersecurity. With the evolution of threats and increased scrutiny on Cloud Service Providers (CSPs), the Identity and Access Management (IAM) market is poised to flourish. The burgeoning adoption of digital IDs and the extension of IAM into customer identity underline this trend. I believe we will see more startups focusing on incorporating biometrics and behavioral analytics into IAM.

SIEM as we know it will disappear, says Elia Zaitsev, CTO, CrowdStrike:

Legacy SIEMs have failed the SOC. They are slow, costly, and were designed for an era when data volumes, adversary speed, and sophistication were a fraction of today. Teams have been forced to spend more time and resources setting up, maintaining, and trying to extract effective security insights from their SIEMs, rather than stopping breaches. With breakout times approaching 7 minutes for the fastest adversaries, legacy SIEM just isn't up to the challenge anymore. Defenders need an edge that’s orders of magnitude faster, easier to deploy, and far more cost effective than current approaches.

To stop modern adversaries in 2024, the SIEM needs to be rebuilt from the ground up for the SOC around the security analyst experience. The market will dictate a need for solutions that unify all capabilities, including SIEM, SOAR, EDR and XDR, into one cloud-native, AI-powered platform to deliver better, faster, and more cost effective outcomes.

Microsegmentation will be a foundational element of cyber defense, says Agnidipta Sarkar, VP CISO Advisory, ColorTokens:

With the increase in digital business-as-usual, cybersecurity practitioners are already feeling lost in a deluge of inaccurate information from mushrooming multiple cybersecurity solutions coupled with a lack of cybersecurity architecture and design practices, resulting in porous cyber defenses. In 2024, business leaders will realize that investments in microsegmentation will force the IT and security teams to begin developing digital business context-based cybersecurity architecture and design because microsegmentation is the last line of defense during a cyberattack. Security and risk leaders will leverage the pan-optic visualization capability of microsegmentation to build immediate cyber defenses to protect digital business as usual, even during severe cyberattacks.

There will be increased reliance on zero-trust architectures, says Chandrodaya Prasad, executive vice president of product marketing, SonicWall:

The zero-trust model will likely become a default stance for many organizations, driven by a combination of an increase in sophisticated cyberattacks, the ubiquity of remote work, and the adoption of cloud services. Implementing zero trust will necessitate a shift from traditional perimeter-based security models to more identity-centric ones, with multi-factor authentication (MFA), continuous authentication, and least-privilege access becoming widespread. This will include increased adoption of a distributed firewall, aka hybrid mesh firewall. All organizations public and private need to secure their entire network, including location, device, content and applications by implementing a network-wide security policy such as zero trust.

Passwords and identity

Passwordless authentication will accelerate, says Zubaid Kazmi, managing director of identity and access management, MorganFranklin Consulting:

The adoption of password-less authentication will grow rapidly to improve digital identity security. This evolution highlights the need for organizations to understand FIDO, implement policies that enforce limited trust, and have an acute awareness of the risk across their application landscape to potentially the entitlement level.”

Identity will continue holding the keys to the kingdom for cybercriminals, says Rishi Bhargava, co-founder, Descope:

Cyberattacks are complex, involve multiple vectors, and often need a lot of recon and preparation to succeed. However, the smoking gun in the vast majority of cases is the same: stolen credentials (usually passwords). The 2022 Verizon DBIR found that 86% of basic web application attacks stemmed from stolen credentials.

More acceptance of passkeys, says Anna Pobletts, head of passwordless, 1Password:

This past year, tech giants like TikTok, Google, Amazon, and Uber, among others, drove a substantial uptick in passkey adoption, laying the groundwork for billions of people to explore the security and convenience of passkeys, and for many other sectors to follow suit in the coming years. 2024 will be the year that more highly regulated services embrace passkey technology — including fintech and banking, particularly among consumer apps. Historically, these industries have been slow to embrace new technologies, but adopting passwordless authentication will give them with a unique competitive advantage — there’s the proven security of public key cryptography upon which passkeys are built on, and for the end user, the passkey sign-in experience will be one that’s simple and familiar.

Cyber insurance

Insurance will cover less and cost more, says Eli Nussbaum, managing director, Conversant Group:

In response to an influx of claims from massive breaches [since] 2022, the cyber insurance industry, which has a lower visibility to risk than other sectors of insurance, will likely continue to raise rates, limit coverage, and reduce capacity. While we haven’t yet heard of carriers denying claims on the basis of organizations asserting certain controls were in place in their application — but clearly lack these controls once a breach is discovered — I would not be surprised if we begin to see this in the year ahead.

On the topic of cyber insurance carriers, organizations will continue to allow their cyber carriers’ and compliance requirements to drive their security investment decisions, as opposed to responding to the actual security needs of the organization. Since neither compliance frameworks nor insurance carriers can keep up with the threat activity that's currently happening (and since security controls must evolve in response to real-time and real-life data from threat events, which most organizations do not have access to), we anticipate that IT will continue to spend in a way that does not actually secure the organization.

Cybersecurity certification and cyber insurance will converge, says Pascal Menezes, CTO, MEF:

Organizations are expected to increasingly align their cybersecurity efforts with insurance policies, resulting in a holistic approach to risk management. As companies invest in certified cybersecurity services, they aim not only to fortify their digital defenses but also to secure more favorable policy rates from cyber insurance providers. This integration represents a paradigm shift where cybersecurity measures directly impact insurance premiums, encouraging businesses to adopt robust security measures to mitigate potential financial risks associated with cyber threats.

Insurance will demand breach and attack solutions for coverage, says Andrew Barnett, chief strategy officer, Cymulate:

While some insurance companies have already updated their policies to state that organizations must have a breach and attack simulation (BAS) tool in place and provide reports to receive any payouts after an attack, a stronger stance is coming soon. With additional pressure from the SEC and other regulatory bodies to report attacks within a short period, organizations must begin to adopt BAS en masse if they want to continue to receive cyber insurance — there’s no way around it anymore.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds