5 Things You Can Do Today to Prepare for 2024’s Security Threats

It’s a brand-new year, yet security threats never end. Here’s what you can do to stay a step ahead of attackers over the next 12 months.

John Edwards, Technology Journalist & Author

December 22, 2023

4 Min Read
Cyber security operator or hacker works with data in dark room, generative AI. Futuristic computer monitors.
Vyacheslav Lopatin via Alamy Stock

There are not many things in IT that are entirely predictable, yet it’s a sure bet that network attackers will continue their nefarious activities throughout 2024. Fortunately, by being proactive, it’s possible to fortify your organization against cyberattacks. Here are six key insights, collected via email interviews, of the actions you can take right now to gain an upper hand on cybercriminals.

1. Build a holistic cyber resilience plan

If you haven’t already done so, create a holistic cyber resilience plan. “The primary focus of a cyber resilience plan is ensuring that the organization is prepared to adapt and respond to cyber threats,” says Jason Stading, principal cybersecurity consultant with global technology research and advisory firm ISG. The plan should cover the organization’s entire cyber capabilities and needs, including protection, prevention, detection, response, and recovery.

Equally important, Stading notes, is regularly testing and refining the plan. “This ensures the right parties are involved in the process, key dependencies are identified, and kinks are worked out prior to a real incident occurring.”

2. Anticipate and practice

Build and maintain a strong handle on business continuity and disaster recovery plans and engage in regular tabletop exercises to understand how you would react in specific scenarios, says Dan Trauner, senior director of security, at cyber security asset management firm Axonius.

Related:What Cybersecurity Gets Wrong

Many enterprises aren’t as prepared as they should be because they’re falsely confident they already have all the necessary measures in place. “They don’t know how they’ll actually fare amid the stress and potential chaos of a cyber incident,” Trauner explains. “Companies that can confidently state that they will be able to recover fully in a short amount of time, or that they have everything under control, will be in the best position over the coming year to survive cyberattacks, especially in the eyes of investors and stakeholders.”

3. Create a risk analysis framework

Risk analysis can be used to address specific technology threats, including ransomware and data breaches, along with procedural menaces, such as employees sharing information improperly or partnerships with data privacy implications, says Seth Robinson, vice president, industry research, at IT certifications firm CompTIA. “Risk analysis can also address the emergence of new threats that may not be an issue at this time due to technology development or technology adoption.”

A strong risk management process allows IT leaders to help other decision makers understand the nature of various threats as well as the best mitigation responses. “Since there’s no perfect cybersecurity approach, and building ideal defenses can become cost-prohibitive, risk analysis highlights the most critical areas and the best way to spread cybersecurity investments,” Robinson says.

Related:Cybersecurity Must Focus on the Goals of Criminals

4. Build confidence

Work to build and optimize knowledge and confidence in your organization’s defenses. “Leaders need to uplift employee skills to integrate new technologies, such as generative AI, into their digital environments, ... to improve cyber resilience,” observes Rick Driggers, cyber practice lead at Accenture Federal Services.

IT leaders continue to face significant challenges in a rapidly evolving threat landscape, with malicious threat actors advancing their tactics through emerging technologies, Driggers says. Perhaps most important, threat actors no longer operate independently. “They take advantage of marketplaces that offer easily deployable exploits that add significant speed to the cyberattack cycle.”

5. Think proactively

The fusion of cyber threats, alliances, hacktivism, and geopolitical issues demands a proactive and adaptive approach to cybersecurity, says Shmuel Gihon, security research team lead at threat intelligence firm Cyberint. Proactive security requires a comprehensive understanding of the evolving threat landscape and active engagement in risk mitigation strategies. “By staying ahead of emerging threats, IT leaders can ensure that their security systems are not only reactive but preemptive, capable of thwarting potential risks before they escalate into serious breaches.”

Related:10 Reasons for Optimism in Cybersecurity

Adopting a proactive stance is crucial for anticipating and countering the dynamic nature of security challenges. “Through a combination of threat intelligence, continuous risk assessment, and strategic planning, an IT leader can fortify their organization’s defenses, mitigating the impact of security threats and maintaining a robust security posture,” Gihon explains.

Proactive security measures provide an unequivocal defense against escalating cybersecurity threats, Gihon says. “For all kinds of organizations, the financial toll and reputational risks of payments due to cybersecurity breaches are considerable,” he notes. Investing in preventative measures is the only effective response to increasing cyber risks, offering a two-and-a-half-fold increase in cybersecurity efficacy and substantial cost savings. “As cyber threats continue to evolve, prioritizing preemptive security practices remains the linchpin for safeguarding organizations against ransomware.”

About the Author(s)

John Edwards

Technology Journalist & Author

John Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights