What's the biggest challenge for 2024, and how can it be met? We put the question to a dozen cybersecurity experts.
1 min
As attack techniques develop and evolve, cyber challenges are constantly changing.
In 2023, the use of vulnerable drivers has increased, by cybercriminals and not only by states, and advanced players developed supply chain attacks, such as 3CX software.
As we’re in the habit of taking stock and making predictions at the start of the year, we took the opportunity to ask a dozen cybersecurity experts the following question: “What do you see as the biggest cyber challenge for the coming year, and how can we meet it?”.
Tools, processes, training, AI, supply chain, NIS2, Olympic Games… They share their vision of what could well mark cybersecurity in 2024.
“One of the major challenges ahead is rationalization and optimization. Security tools and devices are multiplying, and defense chains are becoming more complex. Today, we’re reaching the stage where organizations need simplification to save time and optimize what already exists.”
Florent Grosso"One of the major challenges ahead is rationalization and optimization. Security tools and devices are multiplying, and defense chains are becoming more complex. Today, we're reaching the stage where organizations need simplification to save time and optimize what already exists."
“In my opinion, one of the major challenges for 2024 will be the use of artificial intelligence by cybercriminals to orchestrate more sophisticated attacks that are harder to detect and counter. To meet this challenge, it’s crucial to invest in cybersecurity solutions powered by AI and machine learning, as HarfangLab is doing. These technologies can help anticipate attacks, identify suspicious behavior patterns, and strengthen defenses in real time.”
Sofiane BenouCRO – Scalair
The biggest challenge ahead is to succeed in integrating a holistic approach to protection, including all the entry points to a network. It’s about extending the protection perimeter beyond the organization, for example, the public cloud, service providers, industrial and logistics environments, the supply chain… Generally speaking, anything external to the network, which is not controlled by an organization, and which becomes an attack vector.”
Guillaume DjourabtchiCMO of Managed Services - Advens
“For the coming year, the biggest challenge, in my opinion, is to establish protection offerings against cyber threats that are adapted and accessible to SMBs, with the help of a dedicated support.
There are also real challenges around training courses. In my opinion, it’s impossible to provide training in a field such as Cybersecurity for junior profiles with no IT experience. Most young graduates don’t even have the basics in IT (mastery of operating system(s), file systems, or even knowledge of computer components/devices). So it’s hard to imagine these profiles being able to effectively monitor our information systems, by qualifying complex security events, without this essential knowledge. In my opinion, cybersecurity should remain a specialist field, accessible following a first experience in system or network administration.”
Cédric MaurugeonHead of SOC & CSIRT – Filhet Allard
“In today’s cyber environment, it’s no longer a question of if you’re going to be attacked, but when. We need to anticipate and prepare as much as possible for different attack scenarios, even the most unimaginable. Technology isn’t everything, and today’s security offerings are mature, but processes are often less so, and teams need to be trained on an ongoing basis.”
Stéphane LocatelliDirector of IT Security - Hexanet
“With the transposition of the NIS 2 Directive into French law at stake, many organizations in historically unregulated industries will have to grasp cybersecurity issues that are often new, or not in the DNA of this type of structure. It will be a significant challenge to ensure that these issues are properly understood, and to adopt a proportionate approach to support the process. In this respect, the level of control and mastery over the security of its partners and suppliers is a key point to consider in an organization’s overall security strategy, focusing on critical service providers who represent a real risk.”
Johann AlessandroniInformation Security Governance Team Leader - Excellium (Thales)
“One of the cyber challenges for the coming year is to continue to embed in people’s minds that protecting an IT estate is a major issue, whatever the size of the organization!”
“With advances in the field of AI attackers are increasingly automating their attacks. The challenge ahead is therefore to know how to bank on security solutions that can cope with these developments, and put teams or partners trained on these solutions in front of them.”
“In 2024, the Olympics are going to be not only a sporting challenge, but also a challenge for cyber experts. The pace of attacks is already tending to intensify: phishing, ransomware… And being in the spotlight will reinforce this phenomenon. Large organizations, public services, very small businesses, SMBs – everyone is concerned.”
Nicolas Zisswiller Managing Director and Partner - Aktea
“We have to be ready. In addition to solutions and processes, we need to be ready to deal with a cyber crisis, and to prepare the entire organization. In this sense, organization is paramount in the event of an attack: who makes up the crisis unit, how to communicate, who to call on for investigation and with what tools, how to surround yourself with the right resources and experts in order to remediate, rebuild and strengthen your information systems.”
Jonathan MeraoubiCybersecurity Manager - Atheo
“Many publishers and service companies are flourishing on the cyber market. Right now, it’s not always easy for customers to know who’s doing what, between service companies, publishers, the functionalities that are being developed within the tools themselves… The landscape is expanding, and I think the market is bound to become more structured in the time to come, which will make it easier to understand.”
Damien Vignault CEO – Scalair
“The next challenge is to update defense equipment and techniques to cope with new emerging threats, especially those linked to AI.”
Anasse GhiraSOC Manager - Monaco Cyber Sécurité
“We have to go way beyond raising awareness. Obviously, we need to continue to do so, but we’re reaching the limits. We’re seeing this with AI, which is going to make it increasingly difficult to separate the truth from the fake, and that’s why we need to reprioritize surveillance.
It’s essential that organizations train themselves to manage crises. But if we can train ourselves to get out of a building in the event of fire, we also need to equip ourselves with an alarm system that sounds before the building is devastated by fire, at the time of the incident and not of the crisis. In this sense, surveillance is the key to a defense system that is adapted to today’s and tomorrow’s attacks.”
Benjamin SerreCDO - Orange Cyber Defense
Are you ready to face these challenges? So ready that you’ve mapped your IS perfectly? We remind you why it’s essential:
Florent Grosso "One of the major challenges ahead is rationalization and optimization. Security tools and devices are multiplying, and defense chains are becoming more complex. Today, we're reaching the stage where organizations need simplification to save time and optimize what already exists."
Sofiane Benou CRO – Scalair
Guillaume Djourabtchi CMO of Managed Services - Advens
Cédric Maurugeon Head of SOC & CSIRT – Filhet Allard
Stéphane Locatelli Director of IT Security - Hexanet
Johann Alessandroni Information Security Governance Team Leader - Excellium (Thales)
Valentin Paolicelli Micro SOC Analyst - Orange Cyberdefense
Florian Ledoux Principal Security Engineer – Advens
Nicolas Zisswiller Managing Director and Partner - Aktea
Jonathan Meraoubi Cybersecurity Manager - Atheo
Damien Vignault CEO – Scalair
Anasse Ghira SOC Manager - Monaco Cyber Sécurité
Benjamin Serre CDO - Orange Cyber Defense
