Today’s cybersecurity threats are growing at a rapid pace, and the challenge going forward for CISOs is to balance the competing objectives of widening access to information (which people want) with increasing security (which people need).

To successfully overcome the challenges that new technologies continue to present, businesses must: (1) prioritize threats with a risk mitigation plan; (2) be innovative in how they safeguard against more sophisticated attacks; (3) close gaps in security, and (4) see new regulations as an opportunity to prepare for greater cybersecurity transparency for the future. 

Critical industries like healthcare, education, and local governments have all reported significant increases in attacks in recent years. The FBI’s Internet Crime Complaint Center (IC3) received more than 800,000 cybercrime-related complaints in 2022, with losses totaling more than $10 billion, up from 2021’s total of $6.9 billion. Globally, the estimated cost of cybercrime is forecast to increase almost 70% between 2023 and 2028, to a total of $5.7 trillion. 

David White, VP of Security Engineering of Comcast, observed that rising cybercrime rates are exacerbated by the fact that technology like generative AI will make the tools of cyberattacks even more accessible to bad actors with little technical skill. "That is scary,” said White. 

White was speaking on a panel discussion held by Comcast Business at THE PLAYERS® Championship, where the importance of more rigorous enterprise security programs and data security were the focus. And insofar as new AI models are being implemented by IT teams, there must be stricter governance policies in place to help safeguard both the data and usage of it. 

Companies should think outside the box in their search for more robust security solutions. This involves not only alternative technology—for example, rethinking SMS for multi-factor authentication but turning instead to authentication apps—but also people with the requisite skills to deploy what’s new. 

“Cybersecurity is a cat and mouse game where your adversary is trying to hide from you what they’ve done,” said White. At the end of the day, effective defense calls for the ability to parse large amounts of data, think critically, and solve problems creatively—all qualities that the nimble tech teams of tomorrow should possess. 

Another priority is to narrow the field of attack and educate customer-facing members of organizations to handle increasingly sophisticated and disguised threats. The bigger the organization, the more touchpoints it has with customers, which represent more nodes of vulnerability at which cybersecurity attacks can happen. Installing safeguards to help protect network endpoints should be a key investment focus for firms, experts advise.

Good cybersecurity infrastructure also calls for partnership between the public and private sector, say experts. Such multi-pronged response efforts include adherence to legislation such as the Cyber Incident Reporting for Critical Infrastructure Act ( CIRCIA) and the SEC’s cyber-disclosure rules, which increase transparency and shared learnings for both the public and private sectors in the areas of cybersecurity risk management, strategy, disclosure, and governance.

To overcome the cybersecurity threats of tomorrow, firms must balance investing in their threat intelligence and security with the increasing demands for digital experiences and seamless connectivity. They should utilize all available resources, both in talent and technology, to implement the most effective security strategies to help with overall network protection.