via VentureBeat
Throughout its history, the cybersecurity industry has constantly reacted to attacker pivots as well as operational reality shifts, and the new year will be no different. The cat-and-mouse game between attackers and defenders is sure to intensify and become more complex as newer technologies like AI and the cloud change the cybersecurity landscape.
Add other factors, such as more aggressive government action on cybersecurity risks and the 2024 election, and the new year is shaping up as particularly dynamic.
Here are five trends to expect in the coming year.
1: The accelerating data explosion will force a security strategy rethink
The world has been talking about exponential growth in computer data for years, but reality is still managing to exceed the hype. One report predicts that the volume of data a typical organization needs to secure will jump by 42% in the next year and increase by a staggering 7X in the next five years.
I believe there are two main reasons for this: the ever-increasing prevalence of data-generating digital devices and surging adoption of AI systems that require huge amounts of data for their training and improvement.
In today’s multifaceted technology landscape, enterprises face a new challenge. Data generated in software-as-a-service (SaaS) systems climbed 145% in the last year, while cloud data was up 73%. By comparison, on-premise data centers saw a 20% rise. Oh — and don’t forget someone has to pay the cloud and SaaS bills, which are going up almost as fast as the data is growing.
What this all means is that in 2024, organizations will face a stiffer challenge in securing data across a rapidly expanding and changing surface area.
That will be a major cybersecurity focus for many organizations next year. More will recognize that the entire security construct has shifted: It’s no longer about protecting individual castles but rather an interconnected caravan.
2: Attackers will broaden their assaults on virtualized infrastructure
As organizations grow more sophisticated in protecting traditional targets such as computers and mobile devices, some bad actors have already pivoted to trying to penetrate other infrastructure components such as SaaS and Linux applications, APIs and bare-metal hypervisors.
In a telling sign of the threat, VMWare warned earlier this year that attackers exploited vulnerabilities in its ESXi hypervisor and components to deploy ransomware. Other reports during the year also showed that ESXi-related ransomware breaches are expanding.
Let’s not forget: Attackers read the news too. They are largely a “follower” economy that rapidly pivots to known successes.
Finally, these types of attacks present many attacker advantages around speed and scale for their intrusions. The technology cuts both ways.
These technologies represent greenfield opportunities for attackers, and I think we’ll hear more about these kinds of incidents in 2024.
3: Edge devices will grow as a target for “boutique” hacker groups
In September, U.S. and Japanese government agencies announced that hackers linked to the People’s Republic of China used stolen or weak administrative credentials to compromise Cisco routers with the installation of hard-to-detect backdoors for maintaining access.
The disclosure exemplified an emerging trend we’ll see more of in the new year: Government intrusion groups viewing attacks on edge devices as a way to differentiate themselves from garden-variety ransomware gangs.
Because these kinds of intrusions take considerable technological prowess, are often difficult to detect and can do a great deal of damage, they are almost undoubtedly a meaningful separator across cyber threats.
Edge devices almost certainly will be a major cybersecurity battlefront in 2024 and will provide an opportunity for hacker groups to show off their capabilities. There will be groups that can pull this off (and will). To push this prediction all the way to the edge (pun intended), government programs may even “defend” this edge access from other cybercrime groups and push them out to maintain their stealthy access.
4: AI will dominate the cybersecurity conversation
If you think you haven’t already heard a lot about AI’s potential for cybersecurity, just wait until 2024. AI will be front and center in a range of cybersecurity discussions.
Both attackers and defenders will step up their use of AI. The bad guys will use it more to generate malware, automate attacks and strengthen the effectiveness of social engineering campaigns. The good guys will counter by incorporating machine learning (ML) algorithms, natural language processing (NLP) and other AI-based tools into their cybersecurity strategies.
Meanwhile, the Brennan Center for Justice calls 2024 the first presidential election of the generative AI era. Candidates likely will need to address the “AI anxiety” that many voters feel. And, concern is rampant that the technology could be used to spread disinformation through deepfakes and AI-generated voices.
I believe there is almost no scenario where AI-driven deepfakes won’t be part of the pending U.S. Presidential election amongst others.
We’ll also hear more about the role AI can play in solving the persistent cybersecurity talent gap, with AI-powered systems taking over more and more of the routine operations in security operations centers.
When it comes to cybersecurity in 2024, AI will be everywhere.
5: CISOs (and others) will feel pressure from recent government actions
In late October, the Securities and Exchange Commission announced charges against SolarWinds Corporation — which was targeted by a Russian-backed hacking group in one of the worst cyber-espionage incidents in U.S. history in 2019 — and its chief information security officer, Timothy G. Brown.
The complaint alleged that for more than two years, SolarWinds and Brown defrauded investors by overstating SolarWinds’ cybersecurity practices and understating or failing to disclose known risks.
The charges came nearly six months after a judge sentenced Joseph Sullivan, the former CISO at Uber, to three years of probation and ordered him to pay a $50,000 fine after a jury found him guilty of two felonies. Sullivan had been charged with covering up a ransomware attack while Uber was under investigation by the Federal Trade Commission for earlier lapses in data protection.
But many critics of the verdict have questioned why Sullivan could be held criminally liable for negotiating a deal to pay off the ransomware attackers to protect his company’s reputation.
On top of all that, new SEC rules on cybersecurity and disclosure of breaches took effect Dec. 15. They require public and private companies to comply with numerous incident reporting and governance disclosure requirements.
All of this will have CISOs looking over their shoulder in 2024. As if defending their organizations from bad actors wasn’t challenging enough, now they will have to pay more attention to documenting absolutely everything. The CISO role will take on a heavier regulatory compliance flavor.
The entire C-suite will also likely have to recalibrate their private/public sector discussions in 2024.
Along with the points above and their ripple effects into other peer positions, the geopolitical landscape is changing. The last three years have shown unparalleled interaction and advocacy for working across private and public divides. These are due in large part to goodwill created from the community-wide SolarWinds response efforts and near-universal support for Ukrainian cyber efforts.
SolarWinds and the SEC will shift the former point — and the Israel-Hamas conflict is far more divisive than the Russian invasion of Ukraine. All of this may lead to a demonstrable shift in how senior leaders speak of, and with, governments.
As these five predictions show, 2024 should be an especially interesting year in the cybersecurity arena. The new year is upon us, and I’m buckling up for the ride.