Check out all our 2024 predictive blogs →
Cyberattacks are now a foremost consideration of both public and private entities. The need to secure assets and environments from bad actors isn’t a fringe position, but a requirement for everything from public agencies to enterprise to private homes with smart environments. 2023 brought promising progress when it comes to improving cybersecurity from a U.S. public sector standpoint. Take the Biden-Harris administration’s National Cybersecurity Strategy, the U.S. Cyber Trust Mark Program and CISA’s 23-02 binding operational directive as examples of positive traction.
It will be critical that we continue this momentum in 2024, building upon it and scaling it to meet growing challenges. We need to continuously work to identify, anticipate, and plan for what we’re unprepared for so we don’t find ourselves “chasing the train” forever. With this in mind, these are my top cybersecurity predictions for the future of the U.S. public sector in 2024.
1. As the attack surface continues to evolve and grow, public sector IT and security professionals will prioritize comprehensive asset intelligence to better manage cyber risk exposure.
In 2024, it will be critically important to identify and remediate the vulnerabilities that have been introduced by the newer technologies, both physical and virtual, that power the complex conveniences we’ve become accustomed to. The convergence of technologies across IT and OT and the introduction of new technologies and applications onto the agency network, such as TikTok, is reinforcing the need for agencies to see, protect and manage their entire attack surface to continuously safeguard their mission-critical assets from cyber threats. The public sector needs to more heavily prioritize comprehensive asset intelligence to better protect the evolving attack surface, especially in light of the uncertainties of an evolving threat landscape.
2. New federal policies will encourage organizations and agencies to incorporate Artificial Intelligence (AI) in their proactive cybersecurity strategy.
As outlined by Nadir Izrael, our CTO and Co-Founder, AI is going to play a much larger role in cybersecurity next year. But from an operational standpoint, AI also introduces new challenges for security and IT professionals due to the sheer volume and types of attacks. AI enabled attack vectors like deepfake voice and video content are now tools for existing and emerging threat actors to deploy. At this time, there aren’t any policies in place to determine how we handle AI in the cyber realm. I believe there is a need for policies and regulations that provide guidance on how organizations and individuals can use AI in a proactive way and that we’ll see these guidelines from legislators in 2024.
3. There will be more public-private partnerships.
Protecting the U.S. from cyber criminals and nation state attacks takes a “whole of nation approach” which calls for even more public-private partnerships. What’s needed is a consistent, proactive, collaborative effort that brings the government and private sector together as much as possible. The private sector can’t wait for the government to lead, and vice versa. The time is now for holistic action by both. Fortunately, we are already seeing progress here when considering CISA’s Shields Up program and NIST’s initiative to improve cybersecurity in supply chains.
The benefits of stronger public-private collaboration can even spill over into better awareness of the risks posed by artificial intelligence, which represents a new expansion of the attack surface. Given the clear need and potential impact, I believe we’ll see more public-private partnerships in the year ahead, with information sharing both ways for the betterment of society overall.
4. Public sector agencies will work to modernize the procurement path for cybersecurity solutions.
It’s critical in the new year that public sector agencies such as CISA encourage lawmakers to help change procurement processes to expedite the purchase and implementation of newer technologies purpose-built for today’s evolving attack surface.
More often than not, legacy contracts and programs with existing providers and solutions are routinely extended. This may save time, but it also prevents the innovation and collaboration needed to address modern threats. Agencies shouldn’t be limited by trying to align to directives by merely turning to legacy vendors who they may have worked with for years, but instead look at best of breed technologies that integrate into the broader fabric of key federal cybersecurity programs.
In the year ahead, I anticipate the public sector will take steps forward in an effort to fix the procurement path for cybersecurity solutions to enable agencies to better prepare for the uncertainties of tomorrow.
5. Given the growing challenge to fill open positions within the cybersecurity workforce, public sector leaders will drive change to secure top talent and address churn to private sector organizations.
The cybersecurity skills shortage is felt globally across both the public and private sectors. However, it’s especially challenging for public sector organizations, considering the deep pockets of the private sector these agencies are competing against for talent. There’s certainly top concerns and changes needed in various areas that will impact team member job satisfaction and employee retention, and these areas will be top-of-mind for security and IT leaders next year. In order to address this challenge, I believe we’ll see public sector leaders addressing efforts to secure top talent and address churn to private sector organizations. This may come in the form of more flexibility to work from home, increased funding and training to address the talent gap and tenure of security teams, shifts in work culture, implementation of innovative technologies to support staff, and more.
Securing Governments’ Most Valuable Assets
We do not know and will not know the threats that are coming, so it’s critical that we do not rely on what worked yesterday (or last year), as that leaves us in a vulnerable position. Now is the time to reflect and forecast, strengthening our lines of defense. Looking ahead, the only constant we can count on is change.
At Armis we remain committed to staying ahead of the curve, ensuring the world’s leading governments and their people stay safe and sound. More recently we have evolved to become THE Asset Intelligence Cybersecurity Company and continue to build on our foundation with an AI Powered Platform Armis Centrix™. You can read more about what this means in Conor Coughlan, our CMO’s blog here.
2024 Cyber Predictions
- A CISO’s 2024 Predictions
- What 2024 Could Have in Store for Healthcare Organizations
- The Evolution of Al, Cyberwarfare, and the Future of Work in 2024
- Adapting to the Ever-Evolving Threat Landscape
- The Future Roadmap to Vulnerability Management Intelligence
- Safeguarding Our Most Critical Systems – Predictions for 2024
- An Election Year – U.S. Government Cyber Considerations for 2024 👈 you are here
- Federal Spotlight: Priorities for the Year Ahead
- Regulations, Quantum Computing and AI – Cyber Changes Ahead for Organizations in 2024
- 2024 Cybersecurity Predictions for State & Local Agencies and Educational Institutions (SLED)
- Global Observations and Market Outlook for 2024
- Reflecting on 2023, A Year in Review
- Cyber Regulation and Responsibility: A Compelling Focus for 2024