Security priorities for 2024: Skills development, AI and more, says report

Developing and optimizing cybersecurity staff has been listed by a research firm as the top security priority for organizations over the next 12 months for the second year in a row.

The recommendation came in the release this week of Info-Tech Research Group’s Security Priorities 2024 report.

The five priorities were chosen from a combination of the results of surveys and interviews with leaders, plus Info-Tech Research’s decisions.

The other priorities that management, IT, and infosec leaders should set this year are:

— securing the AI revolution;

— embedding security risk management with the enterprise;

— putting a zero trust strategy into operation;

— and automating security processes.

The choice to make talent development and hiring the number one priority should come as no surprise. It topped the cybersecurity concerns named by 573 leaders surveyed last year — the third year in a row it led the survey.

This year it was closely followed by the rising cost and high requirements of cyber insurance, vulnerabilities in the IT systems of suppliers and executives or boards not sufficiently aware of cyber risks.

“Security leaders still emphasize the priority of spending on training and development, but there’s still a shortage of workers in the industry,” Ahmad Jowhar, lead analyst for the report, said in an interview.

“Investing in your employees will yield long-term cost savings.”

The report concedes that there has been some progress for organizations in finding the right security talent. However, it adds, “the constant concern indicates the need for an innovative approach that organizations should adopt to assist in mitigating the talent shortage gap.”

The right talent could be closer than you think, the report notes, Many organizations have employees whose skills and interests equip them to be developed into cybersecurity professionals.

The report points out that a recent survey of more than 14,000 infosec pros by ISC2 (the International Information System Security Certification Consortium) found 52 per cent of respondents said they began their careers in a non-cybersecurity IT position.

“This indicates an opportunity to leverage those transferable skills in a security role, which would enable organizations to stay competitive while also enabling continuous personal development for their employees,” the report says.

The report estimates 58 per cent of worker shortages can be mitigated by upskilling competency gaps.

To help with the talent shortage the report says organizations should:

• define the competencies needed to support the security program;

• assess employees’ current proficiency levels across defined competencies;

• prioritize competencies against known organizational priorities;

• acquire competencies through available learning and development tools and resources;

• and enable continuous improvement of employee proficiency by periodically reviewing competency gaps.

Asked why some organizations may not yet have a zero-trust strategy although the approach is several years old, Jowhar said these firms may feel a lot of work is needed to make the concept reality. That’s why Info-Tech recommends IT leaders break up the work into four manageable chunks, he said.

The purpose of the report is to give organizations a high-level idea of where their security investments should go this year, Jowhar said.

Infosec leaders could also take the recommendations to their stakeholders to either obtain some buy-in or give them an idea of what an advisory firm says should be their priorities, he added.

The full report is available here Registration is required.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now