Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Cyber in 2024: AI, Cyber Insurance, Passwordless and Beyond
By
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea
As we prepare to close the curtain on another year, it's
time to reflect on the significant developments within cybersecurity over the
past 12 months. While 2023 marked continuous escalation of cyber threats, it also brought waves of innovation
and improvements in cybersecurity technology.
Existing threats like ransomware continued, causing chaos and widespread
damage across the digital landscape. Many governments did step up throughout the year with efforts to
crack down on ransomware gangs, even leading to some arrests and prosecutions. Unfortunately, however, some
governments continue to provide safe havens for cybercriminals to operate beyond
the reach of authorities and ransomware gangs have upped their attack efforts to
focus on countries with less cyber capabilities and fewer laws around
ransomware payments.
This year, cloud computing also continued to shape the
modern business landscape, with organizations increasingly relying on cloud
services and infrastructure. As a result, we witnessed an uptick in cloud-based
cyberattacks targeting misconfigured cloud resources. API attacks also proliferated,
as the technology becomes the backbone of modern applications. In 2023, there was a surge in
API-related security breaches, with attackers exploiting vulnerabilities in API
endpoints to gain unauthorized access to data and systems.
Throughout 2023, the cybersecurity community was also alarmed
by the increasing threats to critical infrastructure, including power grids,
water treatment plants, and transportation systems. Ransomware attacks on these
systems and their suppliers underscore the importance of securing privileged
access to critical infrastructure assets.
This year, more organizations than ever also started
implementing passwordless authentication as a way to enhance security and
improve the user experience. The more we move passwords into the background and the less humans
need to interact with them, the better and safer our digital world will
become. Most significantly, in 2023, Google announced that they would be making passkeys
the default sign-in option across Google accounts, so users are no longer
required to remember or choose passwords. A massive step in improving security in
the authentication process.
As we look ahead to 2024, it's clear that cybersecurity will
remain a top priority for organizations and governments worldwide. But what are
some of the things that businesses should prepare for? Well, here are some
trends organizations should expect to see emerge in the new year.
AI-Driven
Attacks and Defenses
Cybercriminals will increasingly
use artificial intelligence (AI) to automate and enhance their attacks. In
response, cybersecurity defenses will rely more on AI and machine learning for
threat detection and automated incident response, creating a continuous battle
of algorithms.
Increased
Demand
for Cyber Insurance
The demand for cyber insurance
will surge as organizations recognize the financial risks associated with
cyberattacks. Insurance providers will also continue to refine their offerings
and assess premiums based on cybersecurity maturity. Our
recent cyber insurance survey at Delinea found that there is an increasing list of exclusions that
could make cyber insurance coverage void, including lack of security protocols
in place (43%), human error (38%), acts of war (33%), and not following proper
compliance procedures (33%). Even if organizations are able to get or renew
cyber insurance policies they can afford, their claim may get denied or reduced
because of the fine print - a trend expected to continue in 2024.
Geopolitical
Tensions in Cyberspace
Geopolitical tensions will
continue to spill over into cyberspace, leading to nation-state-sponsored cyber
espionage and disruptive attacks. Cybersecurity professionals will need to
monitor and respond to evolving geopolitical threats.
AI Compliance
Accelerate
In 2024, the landscape of cybersecurity compliance is
expected to evolve significantly, driven by emerging technologies, evolving
threat landscapes, and changing regulatory frameworks. Privacy regulations like
the GDPR and CCPA have
set the stage for stricter data protection requirements. We can expect more
regions and countries to adopt similar regulations, expanding the scope of
compliance requirements for organizations that handle personal data.
Artificial intelligence and machine learning will play a
more prominent role in cybersecurity compliance. These technologies will be
used to automate threat detection, analyze vast datasets for compliance
violations, and provide real-time insights, making it easier for organizations
to stay compliant.
Passkeys
Pave the Way for Passwordless Authentication
Multi-Factor Authentication (MFA) will become a standard
requirement for most online services and applications. Traditional methods like
SMS-based MFA will decline in favor of more secure options, such as time-based
one-time passwords (TOTP) generated by authenticator apps. The move toward passwordless
authentication will continue, reducing reliance on traditional passwords.
Methods like passkeys, biometrics,
hardware tokens, or public-key cryptography will replace or supplement
passwords for access to accounts and systems.
##
ABOUT THE AUTHOR
Joseph Carson
Joseph Carson is a cybersecurity professional with more than 25 years' experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.