From the security challenges derived from the rise of artificial intelligence (AI) to the increasing legal liabilities placed on Chief Information Security Officers (CISOs), 2023 has been a busy year for the CISO community – and 2024 shows no signs of slowing down.
Our research and security experts at Sonatype anticipate the cybersecurity landscape to shift in the coming year as CISOs continue to grapple with the impact of AI on software development, new global cybersecurity regulations and ever-evolving malicious threats.
To help you stay on top of the latest trends (and keep your program safe), we tapped Sonatype's Stephen Magill, Vice President of Product Innovation, for a webinar on the "Top 5 trends every CISO needs to know for 2024." A summary of his predictions is below.
The first trend discussed was the increasing impact of AI on cybersecurity. Magill emphasized the rising concerns surrounding malicious attacks on AI systems, exemplified by a recent data leakage incident within ChatGPT.
While data breaches aren't new, researchers were able to extract training data from a production system that had controls in place to prevent such breaches, underscoring the critical need for CISOs to operationalize AI usage. As enterprises embrace AI technology for various applications, they need to carefully consider the data that is being fed into such systems, especially in risk-averse and regulated environments.
Building on the AI theme, Magill predicted that we'll see the use of AI in software development accelerate in 2024. While AI does offer a significant amount of time-saving for developers, there are increasing concerns about the security of code produced by generative AI. Studies indicate higher defect rates and security issues in code generated by AI technologies – meaning checks through code review processes, software composition analysis (SCA) tooling, and static application security testing (SAST) will become even more crucial.
The discussion also revealed the growing interest in and importance of software bills of materials (SBOMs), with recent regulations in the US and Europe helping drive their widespread adoption. A recent Sonatype survey found that 76% of enterprises have adopted an SBOM since the release of President Biden's Executive Order on Improving the Nation's Cybersecurity.
While the webinar acknowledged the increasing awareness and generation of SBOMs, Magill also emphasized that 2024 will see a shift toward managing and maintaining SBOMS effectively.
SBOMs aren't just checkboxes. They represent an ongoing commitment to ensuring the security of software, especially in long-lived systems like medical and Internet of things (IoT) devices. As more organizations demand SBOMs from their vendors and their usage becomes more standard, software vendors will need to develop robust processes for maintaining and monitoring these lists over time as part of a proactive approach to software supply chain security.
The final trend covered the persistent challenge of staying on top of software supply chain vulnerabilities. Magill presented data from the most recent State of Software Supply Chain report that shows 96% of vulnerable downloads are avoidable – the same percentage as last year. To truly produce better software, continuous efforts are needed to address how developers consume and use open source.
In conclusion, CISOs need to be vigilant and proactive in addressing these emerging trends to ensure robust cybersecurity postures for their organizations in 2024.
If you need help navigating the complex landscape of AI, SBOMs, and the ongoing challenges in software supply chain security, Sonatype can help. For more information, visit the Sonatype website or contact us to request a recording of the full webinar.