As we close out 2023, the fog of war on business outlook remains. Against the backdrop of ongoing challenges, spanning from geopolitical conflicts, inflation, data breaches to multi-cloud complexity, Andy Ng (Vice President and Managing Director of Asia South and Pacific Region at Veritas Technologies) offers his top tech predictions that would impact organizations in 2024.

For all its potential use cases, generative AI also carries heavy risks, not the least of which are data privacy concerns. Organizations that fail to put proper guardrails in place to stop employees from potentially breaching existing privacy regulations through the inappropriate use of generative AI tools are playing a dangerous game with potential detrimental impact. Over the past 12 months, the average organization that experienced a data breach resulting in regulatory noncompliance shelled out more than US$336,000 in fines. Right now, most regulatory bodies are focused on how existing data privacy laws apply to generative AI, but as the technology continues to evolve, expect generative AI-specific legislation in 2024 that applies rules directly to these tools and the data used to train them.

The percentage of data stored in the cloud versus on-premises has steadily grown to the point where it is estimated that 57% of data is now stored in the cloud with 43% on-premises. That growth has come from both mature companies with on-premises foundations making the shift to the cloud, and newer companies building their infrastructure in the cloud from the ground up.

According to IDC, around 70 to 80 percent of companies are repatriating at least some data back from the public cloud each year. But both categories of organizations are learning that, for all its benefits, the cloud is not ideally suited for all applications and data. Data security, scalability and the need to comply with the plethora of data sovereignty regulations across different jurisdictions are the key considerations for cloud repatriation This is leading many companies that made the jump to the cloud to partially repatriate their data and cloud-native companies to supplement their cloud infrastructure with on-premises computing and storage resources. As a result, we’ll see hybrid cloud equilibrium in 2024 —for every organization that makes the move to the cloud, another will build an on-premises data center.

The role of chief information security officer (CISO) is often viewed as a poisoned chalice—a lofty position, but one that very often comes with heavy consequences. Recent headlines have highlighted several CISOs who were ultimately held responsible for security breaches, facing employment termination and even litigation. It is no surprise that many organizations struggled to fill vacant CISO roles in 2023. At the same time, data security is the top risk facing organizations globally today—outranking even economic uncertainty and competition—and the risk is rising.

In Singapore, phishing and ransomware continue to be the two major cyber threats faced by companies. In 2024, the consequences of vacant CISO roles will exact a heavy toll as cybercrime, such as ever-evolving ransomware threats, continue to target unprepared organizations—more than a third (38%) say that they have no data recovery plan in place or have only a partial plan. So much so that 15% of executives and IT leaders think their organizations may not even survive to the end of 2024. The potential catastrophic outcomes associated with security breaches should provide an impetus for organizations to hire CISOs — all before it’s too late.

Nearly two-thirds (65%) of organizations experienced a successful ransomware attack over the past two years in which an attacker gained access to their systems. While startling in its own right, this is even more troubling when paired with recent developments in artificial intelligence (AI). Already, tools like WormGPT make it easy for attackers to improve their social engineering with AI-generated phishing emails that are much more convincing than those we’ve previously learned to spot. In 2024, cybercriminals will put AI into full play with the first end-to-end AI-driven autonomous ransomware attacks. Beginning with robocall-like automation, eventually AI will be put to work in identifying targets, executing breaches, extorting victims and then depositing ransoms into attackers’ accounts, all with alarming efficiency and little human interaction.

Estimates put the average enterprise security toolset at 60-80 distinct solutions, with some enterprises reaching as many as 140. Too much of a good thing is a bad thing—enterprise security tool sprawl leads to a lack of integration, alert fatigue and management complexity. The end outcome is a weakened security posture, the exact opposite of what was intended. Recognizing this paradox, in 2024, many enterprises will hit their maximum capacity, forcing either a “one in, one out” mindset to their enterprise security tool sets or consolidating to more comprehensive integrated solutions that bring together data protection, data governance, and data security capabilities.

As organizations plan out 2024, security concerns remain top of list as more businesses and users jump onto the AI bandwagon. While AI/Gen AI proves it’s more the next “Cloud”, rather than “Cryptocurrency”, organizations should take precise and accountable steps in ensuring data security and compliance are not compromised.

Hence, having a Chief Information Security Officer role is fast becoming necessity rather than need. Finally, we ask Andy what he thinks organizations should look for in a successful CISO, and why.