Technology is rapidly redefining how we live and work. As CIO at CyberArk, I often get asked about the themes and realities shaping today’s tech agenda. Some of them—I’m looking at you, AI—are shiny and hyped, while others are familiar and fundamental yet equally important.
Here’s a look at five on the top of my list:
1. AI for Better …
Riding the wave of its 2024 “iPhone moment,” AI continues to dominate the market and everything around it. When implemented thoughtfully, it has the potential to transform processes and fulfill business strategies.
One of the most significant challenges tech leaders face today is striking the right balance between delivering measurable value and investing in capabilities for a successful future—all while considering the underlying need for responsible AI to build trust. After all, trust is the most important currency we have in cyberspace.
… and AI for Worse
Of course, AI is a double-edged sword. Attackers increasingly leverage AI to scale their attacks with greater speed, precision and automation. This has lowered the bar to entry and made it easier to get into the game. The bulk of AI threats to date involve weaponizing AI, for instance, launching highly convincing phishing or vishing attacks, deepfakes or analyzing vast datasets to identify weak points.
Most attacks targeting AI systems themselves haven’t become mainstream … yet. It won’t be long before LLM jailbreaking and data poisoning are all too common as agentic AI—tools that can engage in autonomous, multi-step problem solving—give cybercriminals a powerful new upgrade.
As AI continues to evolve, IT and security leaders are focused on strengthening their cybersecurity with AI-driven defense mechanisms to counter these threats. In turn, security solutions must evolve to meet these needs by leveraging AI capabilities at scale.
2. Identity Security
AI bots and agents have contributed to the rapid growth in the total number of identities across the enterprise, as I recently described in this CDOTrends article. In many cases, these machine identities are privileged users: 68% of security leaders indicate that up to 50% of all machine identities have access to sensitive data, which creates a massive attack surface. As they move forward, IT and security leaders must prioritize machine identity security and governance to the same degree as human identities.
And I’m not just saying this because I happen to be in the identity security business. Recent high-profile attacks such as MOVEIt, Okta’s credential compromise and the multi-phased Microsoft email breach have highlighted the importance of identity security fundamentals in advancing a Zero Trust architecture and safeguarding business.
3. Cloud Architecture Modernization
Today, only 38% of CIOs and CTOs say their company’s technology is entirely prepared to support a new business model, according to PwC.
As enterprise AI adoption accelerates, many technology leaders are taking a hard look at their cloud strategies—reviewing cloud spending and utilization patterns, forecasting AI/ML workloads and identifying modernization opportunities to optimize costs and outcomes.
Investing in a strong digital foundation is worthwhile: Accenture research shows that enterprises with digital core investments accelerate their reinvention and innovation, achieving up to 60% higher revenue growth rates and a 40% boost in profits.
4. Third-Party Access
Remote workers, third parties and external vendors who require access to company systems and information create an intricate, ever-expanding web of potential vulnerabilities. As we saw with the Snowflake customer attacks, a compromise on one party can lead to a compromise on all.
Third-party risk management (TPRM) is critical to an organization’s overall risk management strategy and must be a top priority for tech and security leaders. This starts with mapping the organization’s third-party ecosystem and extending fundamental identity security controls to all users and identities requiring business-critical systems access. Techniques such as conditional access and Secure Access Service Edge (SASE) can be employed to enhance this management and aid in enforcing Zero Trust principles.
5. Corporate Resilience
Last year, 90% of organizations were targeted by ransomware at least once—a sobering reality that continues, though attacker tactics are shifting. Rampant ransomware is just one of the many reasons why tech and security leaders must continue to prioritize resilience as we move forward, preparing their organizations to function with limited digital capacity in the event of an attack or outage and protecting confidential and sensitive data above all else. As the saying goes, plans are nothing; planning is everything. Evaluate existing disaster recovery and business continuity plans with fresh eyes. Run and stress-test playbooks regularly for a wide range of scenarios. Go through the entire exercise of bringing backups online to see what’s working and what isn’t. Then, do it all over again and again.
Evolution Isn’t Optional
The technology landscape is evolving faster than ever, bringing immense opportunities and significant challenges for IT and security leaders. While some have been able to postpone cloud migration due to security, financial, and operational challenges over the past few years, the AI tsunami is harder to ignore and put on hold. Leaders who won’t leverage AI won’t survive the long game. With smart prioritization and openness to reinvention and learning, they can drive organizational agility, innovation and resilience.
Omer Grossman is the global chief information officer at CyberArk. You can check out more content from Omer on CyberArk’s Security Matters | CIO Connections page.
