Cloud, AI, Quantum+, and Cybersecurity in 2024

MFA to passwords to passkeys, from on-premise to cloud-based deployments and distribution. While so many things change around us, especially in technology, the more things remain the same. As security, risk, and governance professionals, our core tasking remains very close to what we were attempting to accomplish 5 to 10 years ago. I recently read an article, and a particle point hit home: "ruthlessly prioritize what's critical." 

Most security professionals work with finite budgets, so working with accurate risk-weighted plans and strategies goes a long way to ensure we maximize our spending as much as possible and in the right areas. Data breaches are not seeing a cost reduction (the US average is approximately around 8M each and rising) and will continue to climb along with associated IOT technology costs and protection measures. (up by about 400% in IOT attacks) 

Collaboration with our risk partners is critical today in 2024, and recent events to legally hold CISOs to an accountable standard are new and unique to our profession in its use and deployment. We have two primary camps in 2024. Those who believe it is dangerous to hold CISOs accountable for poor security practices and those who think it's about time. I am of the latter mindset. To hold security leaders responsible, we need to allow them to be effective. Empowerment is at the core of our success.