By: Andy Ng, Vice President and Managing Director for Asia South and Pacific Region, Veritas Technologies

As we close out 2023, the fog of war on business outlook remains. Against the backdrop of ongoing challenges, spanning from geopolitical conflicts, inflation, data breaches to multi-cloud complexity, Andy Ng, Vice President and Managing Director of Asia South and Pacific Region at Veritas Technologies, offers his top tech predictions that would impact organisations in 2024.

Adaptive data protection will autonomously fight hackers without organisations lifting a finger.

More than two-thirds of organisations are looking to boost their cyber resiliency with the help of AI. However, given AI’s dual nature as a force for both good and bad, the question going forward will be whether organisations’ AI-powered protection can evolve ahead of hackers’ AI-powered attacks. In the current hybrid work model, the growing data sprawl means more vulnerabilities with greater attack surface. Part of that evolution in 2024 will be the emergence of AI-driven adaptive data protection. AI tools will be able to constantly monitor for changes in behavioural patterns to see if users might have been compromised. If the AI tool detects unusual activity, it can respond autonomously to increase the level of protection. For example, initiating more regular backups, sending them to different optimised targets and overall creating a safer environment in defense against bad actors.

Generative AI-focused data compliance regulations will impact adoption.

For all its potential use cases, generative AI also carries heavy risks, not the least of which are data privacy concerns. Organisations that fail to put proper guardrails in place to stop employees from potentially breaching existing privacy regulations through the inappropriate use of generative AI tools are playing a dangerous game with potential detrimental impact. Over the past 12 months, the average organisation that experienced a data breach resulting in regulatory noncompliance shelled out more than US$336,000 in fines. Right now, most regulatory bodies are focused on how existing data privacy laws apply to generative AI, but as the technology continues to evolve, expect generative AI-specific legislation in 2024 that applies rules directly to these tools and the data used to train them.

For every organisation that makes the jump to the cloud, another will develop an on-premises data centre as hybrid cloud equilibrium sets in.

The percentage of data stored in the cloud versus on-premises has steadily grown to the point where it is estimated that 57% of data is now stored in the cloud with 43% on-premises. That growth has come from both mature companies with on-premises foundations making the shift to the cloud, and newer companies building their infrastructure in the cloud from the ground up. According to IDC, around 70 to 80 percent of companies are repatriating at least some data back from the public cloud each year. But both categories of organisations are learning that, for all its benefits, the cloud is not ideally suited for all applications and data. Data security, scalability and the need to comply with the plethora of data sovereignty regulations across different jurisdictions are the key considerations for cloud repatriation This is leading many companies that made the jump to the cloud to partially repatriate their data and cloud-native companies to supplement their cloud infrastructure with on-premises computing and storage resources. As a result, we’ll see hybrid cloud equilibrium in 2024 —for every organisation that makes to the move to the cloud, another will build an on-premises data centre.

The repercussions of not hiring CISOs in 2023 will impact many organisations and will be catastrophic for some.

The role of chief information security officer (CISO) is often viewed as a poisoned chalice—a lofty position, but one that very often comes with heavy consequences. Recent headlines have highlighted several CISOs who were ultimately held responsible for security breaches, facing employment termination and even litigation. It is no surprise that many organisations struggled to fill vacant CISO roles in 2023. At the same time, data security is the top risk facing organisations globally today—outranking even economic uncertainty and competition—and the risk is rising. In Singapore, phishing and ransomware continue to be the two major cyber threats faced by companies. In 2024, the consequences of vacant CISO roles will exact a heavy toll as cybercrime, such as ever-evolving ransomware threats, continue to target unprepared organisations—more than a third (38%) say that they have no data recovery plan in place or have only a partial plan. So much so that 15% of executives and IT leaders think their organisations may not even survive to the end of 2024. The potential catastrophic outcomes associated with security breaches should provide an impetus for organisations to hire CISOs — all before it’s too late.

The first end-to-end AI-powered robo-ransomware attack will usher in a new era of cybercrime pain for organisations.

Nearly two-thirds (65%) of organisations experienced a successful ransomware attack over the past two years in which an attacker gained access to their systems. While startling in its own right, this is even more troubling when paired with recent developments in artificial intelligence (AI). Already, tools like WormGPT make it easy for attackers to improve their social engineering with AI-generated phishing emails that are much more convincing than those we’ve previously learned to spot. In 2024, cybercriminals will put AI into full play with the first end-to-end AI-driven autonomous ransomware attacks. Beginning with robocall-like automation, eventually AI will be put to work in identifying targets, executing breaches, extorting victims and then depositing ransoms into attackers’ accounts, all with alarming efficiency and little human interaction.

Tool sprawl will force a “one in, one out” approach to enterprise security.

Estimates put the average enterprise security toolset at 60-80distinct solutions, with some enterprises reaching as many as 140. Too much of a good thing is a bad thing—enterprise security tool sprawl leads to a lack of integration, alert fatigue and management complexity. The end outcome is a weakened security posture, the exact opposite of what was intended. Recognising this paradox, in 2024, many enterprises will hit their maximum capacity, forcing either a “one in, one out” mindset to their enterprise security toolsets or consolidating to more comprehensive integrated solutions that bring together data protection, data governance, and data security capabilities.