Freely subscribe to our NEWSLETTER

• The Rise of Shadow AI Means New Risks for Companies:
In 2024, generative AI’s widespread workplace use will bring new cybersecurity challenges, notably Shadow AI. Employees integrating AI tools into workflows without leadership knowledge create cybersecurity and data privacy risks. A Bitwarden survey shows 78% of developers recognize AI’s security risk but still input sensitive data into AI platforms. Without governance, organizations can’t see what tools employees use and how much sensitive information is at risk. Companies will start embracing a Managed AI policy that can reduce Shadow AI risks. Educating teams on safe AI practices, setting clear usage policies, as well as implementing monitoring for AI tool usage, and updating security protocols as AI technology evolves will be vital for harnessing AI’s benefits while minimizing data security risks.

• Evolving AI Security Posture Testing & Deterrence:
AI cybersecurity will advance in the next year with a stronger focus on AI red teaming and bug bounties. Following industry leaders like Google, who now include generative AI threats in their bug bounty programs, the practice will expand to identify and address unique AI vulnerabilities, such as model manipulation or prompt injection attacks. AI red teaming will continue to employ diverse teams for comprehensive AI system assessments, focusing on empathy and detailed testing scenarios. The blend of AI red teaming and incentivized bug bounties will be crucial in securing AI systems against sophisticated cybersecurity threats, reflecting a proactive, industry-wide approach to AI security.

• Doubling Down on Secure By Design:
In the coming year, software development teams will increasingly prioritize secure-by-design principles, shifting left to integrate security early in the development process. This change aligns with growing emphasis from the US government on secure by design, encouraging the adoption of these security principles. Based on the U.S. National Cybersecurity strategy and evolving guidance from CISA, a greater focus on a secure-by-design approach will ensure that security becomes a foundational aspect of software development instead of an afterthought. By embedding security from the start, teams will be better able to identify and prevent vulnerabilities to meet government standards and enhance overall cybersecurity resilience throughout the technology supply chain. This trend represents a proactive and strategic approach to software security, adapting to evolving cyber threats in a more integrated and strategic manner moving forward.

• Accelerated Passkey Adoption Despite Industry Challenges:
In 2024, the adoption of passkeys will gain momentum, becoming increasingly vital for cybersecurity resilience. Industries like healthcare and financial services, often targets of credential theft, will adopt passwordless authentication to counter social engineering and phishing. This shift will also be driven by a focus on user convenience, supported by major tech companies’ integration into hardware and software ecosystems. However, challenges like integrating passkeys with legacy systems and the necessity for comprehensive user education must be addressed. A balanced approach prioritizing both security and user experience will be key in advancing these security measures.

• More Board & CEO Buy-In/Empowering the CISO:
In 2024, as Boards and CEOs increasingly recognize the financial and reputational fallout of cyber threats, there will be a significant shift to focus on proper organizational security measures. A 2023 IBM report found that a data breach can cost companies upwards of $4.5MM per incident. Those costs coupled with the SEC’s new regulations on risk oversight make proper cybersecurity measures a business priority. The CISO role will continue to expand as well, moving beyond an advisory capacity towards becoming instrumental in implementing cybersecurity policy throughout the organization from the top-down, including overseeing third party vendor risks, enforcing better security policies, and championing comprehensive cybersecurity education and awareness initiatives.

• Open Source Prediction:
Looking ahead to 2024, open-source will become a driving force for innovation in the security industry. More companies are leveraging open-source software to create unique end-to-end solutions, cutting upfront costs. The absence of licensing fees speeds up innovation, empowering organizations to strategically allocate resources. Bitwarden anticipates an even more collaborative ecosystem where security professionals, government and organizations join forces to democratize technology and advance the industry. When all is said and done, expect 2024 to be a pivotal year for accessible, cost-effective, and collaborative security solutions powered by open source technologies.