2024 Cyber Trends and Predictions: Global IT Outage and More

In this episode, John Funge, Managing Director at DataTribe, and I discuss the Global IT Outage caused by a flawed update to CrowdStrike's cloud-based security software. We also review DataTribe's recently published report on cybersecurity trends and predictions for 2024. Finally, John shares some tips and recommendations for those seeking cybersecurity funding.

Action Items and Discussion Highlights

Organizations need to incentivize and spend more time and effort hardening the QA cycles.
Continue to focus on building secure software through tools/processes that embrace best practices.
Assess the concentration of risks and take proactive mitigation steps.
Take malware at scale, reverse engineer it, and look inside the malware to use that as training for AI models that can detect and mitigate entire classes of malware.
Create a set of tooling that can monitor what happens in CICD (Continuous Integration & Continuous Delivery) pipelines, create the necessary evidence to help enforce process and risk management compliance, and make the software development process much more transparent.
Cybersecurity trends include quantum computing, security for serverless architecture, operational technology (OT) security, autonomous defenses, passwordless authentication, AppSec 2.0, and AI SOC Analyst.

Time Stamps

00:02 -- Introduction

01:44 -- Guest's Professional Highlights

06:33 -- Global IT Outage Fiasco -- Lessons

08:11 -- Hardening QA Cycles

10:41 -- Software Malfunction in an AI-Driven World -- Corrective Action

15:50 -- Reviewing Cyber Trends -- Quantum Computing, AI-Enabled Autonomous Defenses, AI SOC Analyst, AppSec Scans, etc.

25:30 -- Cybersecurity Governance Process Improvements and Innovations

31:18 -- What does DataTribe, a cyber foundry, look for when evaluating potential investment opportunities?

34:35 -- Cyber Predictions

36:44 -- Closing Thoughts

Memorable John Funge Quotes/Statements

"Software is just really brittle and creaky. Over time, there's been a combination of incentives toward speed of delivery and time to market rather than spending more effort hardening QA cycles."

"Within the security industry, there's this sort of patch advice: Just keep your systems patched, etc. There isn't much discussion in that conversation about how we can engineer the software so it's more secure with fewer bugs."

"It's unclear whether we are increasing the hardness of many software tools and systems at the same time that their responsibility is increasing."

"At the end of the day, AI is really a tool for consolidating training data and creating a decision mechanism based on that."

"Security is just so rich with data. So, if you follow the data, you really do start to see interesting opportunities to potentially create predictive models that allow you to increase your security performance and efficacy."

"There is this opportunity to create a set of tooling that can monitor what goes on in CICD (Continuous Integration and Continuous Deployment) pipelines and create all the necessary evidence that can help enforce process and give confidence to auditors risk management compliance, and essentially take what's going on inside the software development process, and making it much, much more transparent."

"AI models and the data science teams that work on them represent a bit of a black box, and it can be challenging to collaborate and understand the risks that the organization is taking without having some tooling to help capture and communicate that. So that's another interesting area."

"When we look at an opportunity, it's not just the opportunity itself, but is there a fit between the founder and the opportunity? The really exciting ones tend to have what we would describe as domain masters, people who are maybe top ten in the world in that particular subject area."

"At the really early stage, the team is really, really critical because there is very little actual product existing at the time we enter the investment."

"Video is one thing, but audio deep fakes are a really big deal."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712

Latest Publications:

"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.

Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024

Preventing Security Breaches Must Start at the Top

Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic

Latest Webinars & Podcasts with Dr. Chatterjee as the Guest

Non-profits and Cybersecurity, a CAPTRUST podcast