The CISO wish list: What we hope to see in 2024

2023 was a year marked by escalating cyber regulations and high-impact threats. Now, the spotlight on CISOs has never been more intense. From security teams to executives to boards, everyone has been leaning heavily on cybersecurity leaders over the past few months, and undoubtedly will need their expertise even more next year. As we step into 2024, let's pivot the lens and talk about what CISOs want to see happen. Here are some key themes that are topping the CISO wish list for next year.?

Get cloud identities under control

Top on the CISO wish list is mastering cloud identity management. This is especially crucial considering the heightened risks associated with compromised cloud credentials, where attackers are able to escalate privileges and gain access to massive amounts of user data. Microsoft recently found that more than 50% of cloud identities are super admins, and only about 1% of granted permissions are actually used. To truly secure identities, companies will need to focus on intelligently identifying unusual behaviors that signal potential threats. AI and machine learning make it possible to continuously monitor both human and automated activities, quickly identifying and responding to unusual behaviors that may signal an ongoing attack. Lacework is leading this charge with unsupervised machine learning models. Our recent innovations in anomaly detection specifically target advanced adversarial techniques such as active scanning, SSH brute force, and DGA.?

Bring cyber expertise to the boardroom

The new SEC cybersecurity guidelines continue to be top of mind for CISOs as they work with companies to understand and address the nuances associated with the new rules. This includes determining which security incidents are considered “material” and therefore must be disclosed publicly, and it also means that executives and boards need to understand the extent and basis under which a cybersecurity breach impact is measured. Boards need to be ready to both prevent and respond to cyber attacks, and to do so, they’ll need board members or advisors with the right cybersecurity expertise.?

Lacework just released the second edition of the CISO Board Book, which gives companies access to a network of cybersecurity professionals with a deep understanding of cybersecurity and its intersection with business strategy.?

Find accessible, easy-to-use security tools

CISOs and their teams want security tools that are easy to use. Complex tools that require expert handling aren't just inefficient; they're a barrier to effective security. This is especially a problem today with the shortage in cybersecurity talent, as seen in a recent ISACA report that stated 71% of cybersecurity roles still remain unfilled. This has driven the development of solutions like Lacework code security, designed for simplicity and accuracy, and Lacework AI Assist, designed to help you better understand cloud environments and level up your team’s cybersecurity skills. These have potential to help close the gap between cybersecurity demand and available expertise.?

Identify better ways to secure open-source communities?

Another critical area is the security of open-source communities, which form the backbone of many cloud services. CISOs are seeking better ways to track and manage the security of these components, especially considering the interconnected nature of open-source software and its vulnerabilities. The cybersecurity landscape is always on the brink of the next major open-source vulnerability.

“There will always be a next ‘log4j.’ Security and open-source communities are intertwined in really healthy ways, but they also require ongoing maintenance and repair,” our Field CISO Merritt Baer said. To keep up with the constantly changing environments and ongoing maintenance, CISOs seek solutions like dynamically generated software bills of materials (SBOMs) that offer up-to-date visibility into third-party and open-source software libraries, including indirect dependencies. Tools that illuminate the vulnerabilities in these libraries are essential for the proactive and effective management of open-source security in cloud ecosystems.

Harmony and collaboration between developers and security pros

It's no secret that developers and security folks often speak different languages. Next year, we hope to foster a more collaborative environment between developers and security professionals where both teams learn from each other. As security teams, it’s important to make an effort to understand how developers work. This doesn’t mean getting overly technical but rather appreciating their build processes, and the challenges that come along with those. Make an effort to set realistic, mutually beneficial goals and work together to achieve those. It can make a world of difference.?

What’s on your wishlist for next year? Let us know in the comments.?

That's a wrap on our 2023 editions of the Code to Cloud Digest, your monthly roundup of valuable cybersecurity tips, articles, and resources. In January, we’ll be back to kick off another awesome year of podcast episodes, Q&As, blogs, and much more with some of the best cybersecurity leaders in the business. Don't miss out — subscribe now to stay in the loop with all the latest!