Tim Liu
As we turn the page on another year, it’s a great time to review what we're likely to see in cybersecurity in 2024. From a high-level view, many things will remain the same—ransomware and data leakage will persist as the key concerns—but new technologies and threat vectors will ensure that security programs continue to be critically important. Here’s a brief recap of what we’re watching, in no particular order:
The Impact Of AI
Last year saw an explosion in consumer and business usage of artificial intelligence (AI), spurred by the release of ChatGPT in late 2022. AI is actually a fairly old technology; it’s been used in many industries, including by cybersecurity vendors, for a decade or more. The new availability for end-users through ChatGPT, Bing, Bard and others can be invaluable tools to boost creativity, propel productivity and enhance workflows in general.
AI remains a field in disarray, although regulation is underway. Meanwhile, there are multiple threat vectors of concern in AI. For example, data has to feed into the AI model, and that data just becomes a new target for hacktivists and other actors as well as potentially providing new points of entry into your network.
Phishing and other social engineering exploits are another area to watch. In the past, phishing scams were fairly easy to identify due to misspellings, bad grammar and stilted language. Now, with AI, these tactics have become more polished, accurate and targeted. For instance, imagine getting a deepfake voice message generated by AI from your "CEO" asking for confidential information. How would you respond?
And finally, consider that some AI bots can even be used to create malicious code to be deployed by hackers. Essentially, the new freely available chatbots have democratized AI for good—but also for evil. How it all plays out remains to be seen.
The Enduring Risks Of Cloud Security
Another trend we’re seeing is that cloud adoption continues unabated, driven in part by enterprise AI efforts. AI is extremely CPU-intensive, and the cloud makes it far easier to marshal the needed resources. However, while many organizations have made progress toward securing their cloud resources, there are a few caveats.
In general, the shared responsibility model for cloud security and compliance is not well understood, especially so at the C-suite and board levels. Cloud instances run by shadow IT groups (i.e., non-IT staff) may not adequately address security concerns, and even experienced IT teams may not have considered all of the attack surfaces that the cloud presents.
A Rapidly Expanding Attack Surface
We’ve talked about the proliferation of edge devices for a long time, beginning with SSL VPNs and BYOD (bring your own device). But recently, there’s been an acceleration of new endpoints such as IoT (internet of things) devices, 5G-connected remote facilities and workers and even network-interfacing EVs (electric vehicles).
All this brings an evolution of the cybersecurity threat landscape, with a new, target-rich environment for hackers. Of course, we still need to protect the existing infrastructure, but now those defenses need to extend far beyond the traditional network edge to cover new attack surfaces and new points of entry.
The Human Factor
With all the concerns about AI, cloud and endpoints, we can’t forget that people—employees, contractors and others with network access—remain one of the most common attack vectors. The largest breach of U.S. military systems occurred when someone inserted an infected flash drive into a single computer. More recently, MGM Resorts was hit with a crippling attack that purportedly began via a convincing but impersonated phone call (a.k.a. vishing).
That’s why it’s so important to focus on the basics first—keeping up to date with patches and providing training for staff and management. In other words, cybersecurity is really not just a technology discussion; it’s a people problem. And by consistently concentrating on people, policy, procedure and practice, cyberattacks can be averted.
Digital Trust And Security Transformation
More and more, business relies on digital transactions across the spectrum; thus, building digital trust has become vital. If the trust of customers, clients and others is damaged through a cyber incident or some other disruption, gaining it back can be difficult, if not impossible. Cybersecurity strategies and technologies contribute to digital trust, and while the aforementioned basics are essential, many organizations are looking far beyond them to a more holistic security posture.
Security operations, or SecOps, is beginning to receive far more attention as a means to move from a pre-breach to post-breach posture—from simply detecting attacks to strong response and mitigation. As a result, there’s been an increased emphasis on tools like SIEM (security information and event management) and XDR (extended detection and response), the latter of which aggregates data from other security devices, then normalizes, correlates and analyzes it to discover potential threats. Other big trends in this area include SASE (secure access service edge—pronounced "sassy") and SSE, the security service edge.
While security transformation and a holistic security posture are the holy grail, we’re really only at the beginning. Too often, security solutions are deployed in a siloed architecture, with little to no communication with other security devices. Ultimately, visibility across the entire digital estate is going to be required to quickly and accurately respond to threats and attacks.
All that said, technology now moves so fast that something may pop up that we didn’t even anticipate. Stay vigilant and stay safe.
No comments:
Post a Comment