Virtualization Technology News and Information
Coviant Software 2024 Predictions: An Awakening for Supply Chains, Regulations, and (Hopefully) Bigger Budgets


Industry executives and experts share their predictions for 2024.  Read them in this 16th annual series exclusive.

An Awakening for Supply Chains, Regulations, and (Hopefully) Bigger Budgets

By Greg Hoffer, CEO, Coviant Software

2023 was a(nother) bad year for cybersecurity and the organizations targeted by threat actors. Attacks continued to rise, and the cost of those attacks reached new highs. The Ponemon Institute says the average cost of a data breach is now $4.45M, and those costs are much higher for organizations in industries like healthcare ($10.93M) and financial services ($5.90M). Cybercrime was estimated to have cost the global economy more than $8 trillion in 2022 and the tally for 2023 is likely to be much higher. More troubling, attacks against hospitals may be putting lives at risk.

Reports of hospitals re-routing ambulances and moving patients because ransomware attacks knocked healthcare systems and medical equipment off-line are becoming more common. And when healthcare facilities execute "code dark" measures to stop the spread of malware, it can delay or deny needed care and put lives in peril. In fact, Ponemon researchers found a statistical correlation between cyberattacks and an increase in negative patient outcomes.

Coviant Software's industry niche found itself in the crosshairs when some vendors' products were exploited by ransomware gangs in a series of digital supply chain attacks that have proven devastating for those organizations affected. Researcher Bert Kondruss' KonResearch site has been compiling the numbers associated with one of the managed file transfer product attacks and has it at 2,401 organizations directly affected (not the partners downstream), and as many as 77.1 million individuals whose data has been compromised as a result. It's almost enough to make someone want to leave it all behind and live like a hermit in the woods.

Prediction One: A Great Awakening

That's why our first prediction for 2024 is that there will be a significant increase in conversions to the Amish and Mennonite sects as many individuals currently involved in the digital realm give up hope that there will be a meaningful breakthrough in cybersecurity. As they conclude that the bad guys will continue to hold the upper hand, and seeing no other alternative, a new Great Awakening will take place as thousands of former digital denizens unplug from modernity and settle into a simpler, agrarian way of life. Today's coders will become tomorrow's barn raisers and buggy riders, effectively air-gapping themselves beyond the reach of the likes of Cl0p and REvil.

Prediction Two: Moving the Chains

From the conversations we've been having, it's likely that 2024 will see a lot of organizations rethinking their approach to digital supply chain security and the systems they use to move and manage data. The MOVEit attack has raised awareness of the ways in which common processes like managed file transfers can be exploited to devastating effect. That has caused a lot of organizations to take a closer look at the tools they use and the way they are deployed. When they find weak links, they will invest in replacements that are secure-by-design. And for organizations that have been diligent in their own processes, they will look downstream at their partners and that will cause many to require contractual security standards as a condition for continuing a relationship.

Prediction Three: More Regulations

Okay, this is probably less a prediction and more a continuation of a long-term trend, but we're confident that there will be more regulations added to the lawbooks in 2024. In fact, there are already several proposed regulations pending, including in New York State where Governor Kathy Hochul will soon require hospitals to hire a CISO and beef up cybersecurity capabilities. A November 13 announcement signaled new requirements for beleaguered hospitals, demanding that they "establish a cybersecurity program and take proven steps to assess internal and external cybersecurity risks, use defensive techniques and infrastructure, implement measures to protect their information systems from unauthorized access or other malicious acts, and take actions to prevent cybersecurity events before they happen," and to establish "written procedures, guidelines, and standards to develop secure practices for in-house applications intended for use by the facility."

Prediction Four: A Question of Budgets

Over the years we've seen threat actors show their ability to be creative and resilient in response to the countermeasures deployed against them. They've also flexed innovative muscle adopting new technologies and techniques to make their onslaught of attacks more effective. But we've also seen that the good guys are excellent at developing better and better products that can help organizations close their security gaps and respond to attacks faster and more effectively. Our final prediction is that industries will begin to evolve their own strategies, abandoning older tools and adopting those that are built to address the threats they face. The only question is whether they will be given the budget to make those needed investments.

Here's to a prosperous new year for all the good guys.



Gregory Hoffer 

Gregory Hoffer is CEO of Coviant Software, makers of the award-winning and secure-by-design Diplomat MFT manage file transfer solution.

Published Friday, December 01, 2023 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2023>