Get in Touch
Get in Touch

Blog

Navigating the Cybersecurity Landscape in 2024: Trust is Key.

December 13, 2024

Vaibhav Dutta   

Associate Vice President and Global Head-Cybersecurity Products & Services at Tata Communications.

As we approach the end of the year, it’s a perfect moment to reflect on the evolving security landscape we’ve witnessed, along with the innovative approaches now required to ensure businesses are cyber resilient.

Earlier this year, Gartner identified influential cybersecurity security trends for 2024, ranging from growing third party risk management to innovation in Artificial Intelligence (AI). As the world becomes even more connected, cybersecurity has become a business imperative, with enterprises more committed to staying ahead of the curve. So, it’s time to evaluate how these trends have unfolded and what the future holds.

Identity-First Security and the Power of Zero-Trust 

Identity is the new perimeter. With users accessing data from multiple locations and devices, robust identity and access management (IAM) is vital. Zero Trust architecture, requiring continual user identity validation before granting access, is key to making this strategy work. We encourage integrating IAM across infrastructures for a seamless, secure user experience while ensuring stringent protection. Behavioural analytics is also crucial to the Zero Trust model. By consistently monitoring user behaviour, we can identify irregularities and address any suspicious actions, thereby upholding Zero Trust principles. 

Metrics for Success and Return on Investment 

Gartner points out an increasing emphasis on outcome-driven metrics for cybersecurity success. Though it’s not a new concept, this approach has gained greater importance in recent years. We’ve had many conversations with customers, exploring and explaining ROI on their security investments. Key metrics like reduced mean time to detect and respond, and false-positive reduction rate, help measure success. 

However, the challenge is in conveying technical metrics to non-IT leaders. Instead of discussing mean time to detect (MTTD), explain it as ‘the average time it takes to identify a potential threat.’ Recent high-profile cybersecurity incidents such as the CrowdStrike outage demonstrates that, even as we have advanced so far within the industry, the importance of communicating strategies and situations clearly in the boardroom still needs to be stressed.  

Balancing Risks and Opportunities of GenAI 

Generative AI (GenAI) remains a major area of interest in technology, with companies across every sector looking to leverage the benefits. In cybersecurity, GenAI offers remarkable potential for automating tasks like threat detection, incident response, and vulnerability management. AI-enabled incident response is especially exciting, as ‘virtual analysts’ replicate human actions to respond more quickly and efficiently.  

However, the same technology that empowers defenders also fuels attackers. GenAI has the capability to enhance advanced phishing tactics and automate the creation of malware, increasing the level of threat complexity. Considering the questions around the privacy of GenAI is vital to ensuring businesses can leverage its benefits safely. Organisations must have the suitable governance mechanisms to handle emerging technologies so that they are able to identify and measure the risks with agility. We must balance the benefits of AI while addressing its risks, with privacy being a top priority to ensure AI systems protect sensitive data. 

Human-centric Security 

Cybersecurity presents a challenge that is both human and technological. Gartner’s call for human-centric security design aligns with our long-held belief; that most breaches stem from human error, whether misconfiguration or phishing. At Tata Communications, we’ve fostered a culture of cybersecurity awareness through comprehensive employee training. 

“Security responsibility must extend beyond the Chief Information Security Officer (CISO) to every business unit. By embedding ‘Security Champions’ across departments, organisations can decentralise efforts, spread accountability, alleviate pressure on leaders and address the growing skills gap.” 

Addressing Unavoidable Third-Party Risks 

One of Gartner’s compelling viewpoints is that third-party cybersecurity risks are almost unavoidable. In today’s hyperconnected world, no business can function independently and every ecosystem is tightly linked. Through assessing the level of access organisations are giving to third party systems, such as analysing the processes for authenticating and sharing data, businesses, can isolate cybersecurity threats.  

At Tata Communications, we conduct continuous third-party assessments, ensuring vendors adhere to rigorous security standards. Still, no system is foolproof, and strong internal controls are essential to minimise the damage from third-party vulnerabilities. 

Cybersecurity today extends beyond safeguarding systems; it revolves around maintaining trust. As industries merge IT with traditional OT systems and adopt emerging technologies like GenAI, the landscape of threats grows increasingly intricate. Tackling these issues, such as human errors and risks posed by third parties, is crucial as we progress toward 2025 and future horizons.  

Find out more about our Cybersecurity solutions here.