SECURITY BREACH? CALL 888.234.5990 EXT 9999

5 Things CIOs and CISOs Should Think About in 2024

It’s a new year, which means replaying time-tested traditions—with New Year’s resolutions in hand, people are flocking to gyms, trying out weight-loss programs, and vowing to adopt healthy new habits—at least for now. But it’s also the case that new horizons are opening up. Never again will the precise balance of technological transformation, popular excitement, and innovation that exists today present the same exact set of opportunities that it does right now.

Pioneering developments in generative AI made headlines throughout 2023, with Microsoft announcing the expansion of its partnership with OpenAI, creator of the high-powered large language model (LLM) chatbot ChatGPT, in January of that year. GenAI quickly found applications in business, healthcare, customer service, and many other areas, and the buzz about it has yet to die down.

Throughout the year, Microsoft has worked to integrate GenAI-driven capabilities across its product suite, starting with Bing Chat (which attracted over a million users to its waitlist within two days of its release) in February, and then expanding to Microsoft 365 Copilot (embedded within Microsoft 365 apps like Word, Excel, PowerPoint, Outlook, and Teams and able to harness an individual organization’s data to answer questions, summarize content, and enhance productivity). Microsoft continues to build and release new Copilots that will work in an ever-expanding set of use cases ranging from autocompletion of code to helping IT security analysts triage incidents more quickly. Microsoft continues to build and release new Copilots that will work in an ever-expanding set of use cases ranging from autocompletion of code to helping IT security analysts triage incidents more quickly, including the January 15 announcement expanding CoPilot availability to small businesses and education, and removing the 300-seat purchase minimum for all M365 E3 and E5 customers.

The hype surrounding AI—as well as the real business value that it promises to deliver—will likely be top-of-mind among future-focused CIOs and CISOs for many months if not years to come. But we believe that new questions will come to the fore as businesses make progress along their AI adoption journeys. At the same time, old familiar challenges like skills shortages, shadow IT, and maximizing the value of business data (while minimizing cybersecurity risks) will continue to make themselves felt.

The jobs of CIOs and CISOs have never been easy. They’ll probably only become more complicated in 2024 as business and technology leaders wrestle with new questions raised by the growing adoption of AI, all while continuing to confront many longstanding issues.

Here are the top five things we believe CIOs and CISOs should be thinking about in 2024.

#1: Preparing their data estates for an AI-driven world.

This is the most obvious answer to the question of “what will technology leaders be thinking about in the coming months?” but it remains important. Throughout 2023, as genAI made a series of spectacular advances, many business leaders were wondering what, exactly, this new technology was, and how it could help their enterprises operate more efficiently and effectively.

The questions they’ll be asking in 2024 will likely be more nuanced. There will be more widespread recognition that AI is simply another tool—albeit a powerful one, with novel and potentially transformational capabilities—and not the solution to every business problem. Yes, there will be opportunities (in just about every industry and vertical) to gain value from implementing AI or automated systems, but organizations that want to realize that value will need to ensure that they have the necessary data platform and governance in place to support their adoption of these new tools.

In modern organizations, data is everywhere: it lives in the cloud, in Software-as-a-Service (SaaS) applications, in emails and documents, and in videoconference recordings. It’s no longer just cells in a spreadsheet or values in a database. All of that data—including the unstructured data that hasn’t always been thought of as “data”—needs to be managed strategically so that it can be harnessed in a manner that’s purposeful, to help the business save time, reduce effort, or make better decisions.

By definition, AI is technology that mimics human intelligence. When used appropriately, it can help employees (including application developers) work with greater scale and efficiency to achieve enhanced productivity.

But finding the right use cases will involve starting with the business problems that you want to solve, and then figuring out how to leverage your data to solve them. Starting here—and then asking which tools to implement—rather than starting with the question of “how can I leverage AI?” will be the key to seeing a rapid return on your investments in AI in the year to come

#2: Attending to the risks that come with AI adoption.

Every worthwhile investment opportunity brings both risks and benefits, and AI is no exception. While there’s no doubt that AI and automation can increase efficiencies and fill in gaps (including skills gaps), there’s also little doubt that its adoption creates new risks.

Cybercriminals are already using generative AI to write malicious code and highly-convincing phishing emails. But major cybersecurity vendors like Microsoft are also leveraging its power to make their solutions more effective and efficient—and easier to use—than ever before. This is quickly becoming an arms race, one that should be familiar to anyone who’s followed the news of the latest cyberattack trends in recent years, in which both defenders and threat actors are battling to take advantage of technology’s evolution to gain a leg up on their opponents.

Small and midsized businesses may find themselves disadvantaged in this race, since they lack the resources to afford the highest-priced solutions. Working with a managed security services provider (MSSP) who understands their unique needs can help them overcome these challenges and find the solutions that will provide the greatest value for their investment.

All businesses—large and small—will also need to consider the ethical issues surrounding the responsible use of AI. Data leakage may also become a prominent concern, since it’s all too easy for individual employees to take it upon themselves to share sensitive corporate data with publicly-available genAI tools without fully understanding the implications of doing so.

#3: Zeroing in on Zero Trust.

The idea of Zero Trust certainly isn’t new. In fact, the term was coined more than a decade ago, but as hybrid and remote work continue to grow in popularity, Zero Trust is gaining increased currency among board members and other stakeholders. The core concept—of eliminating an area inside the network perimeter where all traffic can be trusted, and instead implementing robust identity and access management (IAM) controls to verify user and device identities—may be even more relevant in an AI-powered world.

Zero Trust may matter more today because AI’s adoption raises new questions about data’s value, its appropriate governance, and what data-related risks mean to the organization as a whole. But it may also be becoming more important because the last year has seen a resurgence in shadow IT. With more people working from home, there’s a greater tendency for employees to simply choose the solution, application, or vendor they like best, often going around IT when they do so. This limits the organization’s visibility and control, and stakeholders may be pushing for Zero Trust adoption in order to compensate, at least in part.

#4: Increasing the focus on vulnerability management.

As more and more organizations mature their cybersecurity programs, we’re seeing growing interest in cyber risk and vulnerability management. This is a key step in moving from a reactive approach (“let’s respond to events as quickly as possible”) to a proactive one (“let’s reduce the number of unpatched vulnerabilities before an event takes place”).

A number of emerging vendors are now offering consolidated solutions that promise to centralize visibility across multiple different areas (vulnerabilities in web applications, endpoints, and APIs, for instance) within a single consolidated dashboard. This approach will make it easier to achieve greater visibility within one user interface, making it possible for lean teams to achieve more.

#5: Keeping an eye on the future of data privacy laws.

While no one knows what regulators will do in 2024, it’s a safe bet that more states will follow in the footsteps of California and Colorado (among others), and implement GDPR-style data protection laws. It’s also possible that a federal data privacy mandate will be passed within the next three to five years.

As these regulatory shifts take place, it will become increasingly important for stakeholders across the organization and at the board level to stay ahead of the changes. This may be a reason that growing numbers of corporate boards are now including at least one member with a cybersecurity background or focus. In our opinion, this would have been beneficial long ago, and it’s nice to see it finally happening.

No one knows what 2024 will bring. If the past few years have taught us anything, it’s to expect the unexpected. But if you want to learn more about how a future-minded technology partner can help you guard against risks—and take full advantage of the latest innovations—get in touch with us today.


Rich Lilly

Rich Lilly is Security Director at Netrix Global. He has more than 20 years of experience implementing and managing complex security programs leveraging Microsoft solutions.