As security leaders enter 2024, critical questions arise; Is the technology stack equipped to handle emerging threats? Are patching programs and infrastructure management processes up to date? Is there a robust ransomware incident response plan in place? How is AI utilised, and what are the associated risks?
As we step into the new year, cybersecurity leaders find themselves at the forefront of an ever-expanding threat landscape, managing complex technology stacks with limited budgets. The dawn of 2024 presents an opportunity for these leaders to assess the major security risks and strategise on utilising available resources for optimal defence.
AI Threats and Defence
One significant trend that dominated 2023 and is set to continue is the rise of generative AI, a technology that fuels both sophisticated cyberattacks and advanced defence mechanisms. Kelli Vanderlee, a senior manager at Mandiant Intelligence, part of Google Cloud, emphasise the untapped potential of AI tools for both attackers and defenders. AI’s role in powering scaled phishing attacks and generating convincing social engineering campaigns poses new challenges. As AI capabilities of threat actors increase, defenders must integrate AI tools into cyber defence strategies, working in tandem with threat intelligence, attack surface management, and detection and response.
While AI expands threat analysis capabilities, it is crucial to acknowledge that AI, as of now, cannot replace human cybersecurity expertise. Andrius Useckas, CTO and CISO at ThreatX, emphasises the importance of human-driven security measures alongside AI technologies.
Geopolitical Tension and Nation State Actors
Cyberattacks by nation-state threat actors and politically motivated hacktivist groups will persist, particularly in regions like Ukraine and Gaza. Vanderlee points out the potential kinetic impact of such attacks, citing past instances where threat actors disrupted power in Ukraine.
The “Big Four” nation-state actors—China, Russia, North Korea, and Iran—are expected to play a significant role in cyber threat activities. China, with a focus on long-term priorities, continues to develop sophisticated cyber threat operations. Russia’s cyber threat activity may target Ukraine, while sanctions could drive it towards intellectual property theft. North Korea’s financially motivated threat actors showcase persistence and creativity, often executing supply chain compromises. Iran’s cyber threat activity may involve intelligence gathering, information operations, and potentially disruptive attacks.
Supply Chain Attacks
Threat actors are exploiting complex supply chains, targeting third-party vendors to achieve their objectives. Efforts are underway to enhance supply chain visibility and vendor consolidation, minimising risks associated with sophisticated cyber threats. Security leaders must conduct due diligence on external vendors, understanding their cybersecurity posture and potential impact on the organisation in case of a compromise.
Prioritising Cloud Security
With the ongoing trend of cloud migration, threat actors are looking for ways to target hybrid and multi-cloud environments. Cloud security posture management (CSPM) becomes crucial, especially in multi-cloud setups, where visibility is challenging to achieve. Yuval Wollman, Chief Cyber Officer at UST, emphasises the emerging role of CSPM in cloud security architecture.
“The overall India public cloud services market is expected to gallop to $17.8 billion by 2027, exhibiting a formidable CAGR of 23.4% for the period spanning 2022-2027 (IDC). However, as organisations migrate their data, applications, and workloads to the cloud, the attack surface widens, providing a broader canvas for threat actors to exploit. Cloud environments, which are inherently dynamic and distributed, introduce identity and access management complexities. Organisations may also have less visibility and control over cloud resource access than in on-premises environments. This can make it difficult to detect and prevent unauthorised access. Cloud environments often rely on shared credentials, such as passwords or API keys, to access resources. This can be a security risk if these credentials are compromised” asserted Vaidya.
Ransomware Challenges
Ransomware remains a lucrative business for threat actors, with a trend towards dual ransomware attacks. Educational efforts and layered defence mechanisms are crucial to combat these attacks. The malicious use of AI makes phishing scams more challenging to detect, highlighting the need for robust cybersecurity awareness programs. Rohan Vaidya regional director, India and SAARC, CyberArk said “Ransomware attacks are expected to surge, surpassing the alarming 91 per cent reported in 2022. As India’s digital landscape expands and digital dependencies increase, we believe that organisations will pay significantly more to enable recovery. Organisations should gear up for an intensified wave, implementing robust backup and recovery strategies, and enhancing threat detection capabilities”.
Zero-Day Exploits
The discovery of 87 zero-day vulnerabilities in 2023, an increase from the previous year, underscores the evolving threat landscape. China continues to field more zero-day exploits than any other nation, posing a significant threat. The traditional association of nation-state actors with zero-day exploits is shifting, with ransomware groups exploiting these vulnerabilities.
AJ Nash, VP at ZeroFox, urges security leaders to adopt a broader perspective on zero days, recognizing their potential global impact. In an interconnected world, a zero-day exploit against one sector or region can have far-reaching consequences.
Regulatory Scrutiny
2023 witnessed increased regulatory scrutiny, holding cybersecurity executives accountable for breaches. High-profile cases, such as the legal action against SolarWinds CISO Tim Brown, suggest a trend towards personal and corporate accountability. The potential impact of regulatory actions on cybersecurity priorities and spending decisions is a consideration for organisations.
Preparing for 2024
As security leaders enter 2024, critical questions arise: Is the technology stack equipped to handle emerging threats? Are patching programs and infrastructure management processes up to date? Is there a robust ransomware incident response plan in place? How is AI utilised , and what are the associated risks?
Vanderlee encourages security leaders to prioritise and allocate resources effectively, considering the organisation’s unique challenges. The collaborative integration of AI tools with human expertise remains a cornerstone of effective cybersecurity strategies in the year ahead.