Virtualization Technology News and Information
Immersive Labs 2024 Predictions: Anticipating Cyber Threats in 2024 Before They Happen


Industry executives and experts share their predictions for 2024.  Read them in this 16th annual series exclusive.

Anticipating Cyber Threats in 2024 Before They Happen

By Max Vetter, VP of Cyber at Immersive Labs

It's undeniable that the events of the past year have had a profound impact on the cybersecurity industry. From GenAI to increasingly brazen ransomware attacks, security teams and leaders have been forced to reconsider their approaches to cyber resilience. Many are likely now wondering what's still to come. While we can't know for sure, and some may even think attempting to predict future trends is an arbitrary exercise, we believe in any case it's  beneficial to keep security teams agile and avoid blind spots in their security programs.

First, I anticipate conversations surrounding compliance to continue evolving. More organizations will realize that cyber compliance does not mean cyber security. Compliance is a necessary evil for an organization's security posture. Without compliance, organizations are operating with little structure and accountability, yet a compliant organization is often one with a false sense of security. That said, organizations that prioritize resiliency within their workforce's cybersecurity efforts provide a more secure environment for their organization. High-profile examples of the past year, like the MGM breach and the SolarWinds CISO lawsuit, should provide a springboard for security and IT leaders to prioritize workforce cyber resilience in 2024 rather than merely prioritizing compliance. The bottom line is that more compliant organizations are not necessarily the most secure organizations.

A couple of my colleagues at Immersive Labs have also been closely monitoring other aspects of the security landscape and have considered the following:

Dave Spencer, Director of Technical Product Management, Immersive Labs

Uptick of sophisticated nation-state attacks: "As we head into the new year, it's nearly certain that malicious nation-state cyber attacks will continue to rise. Some cyber criminals are deploying destructive malware, and more sophisticated attacks are expected which poses major threats to the supply chain. This will, and should, be a major risk factor for all security leaders in 2024. It's positive to see regulatory efforts such as the Digital Operational Resilience Act (DORA) - which will come into effect in January 2025 - and points to more countries introducing and collaborating on like-minded efforts."

Kev Breen, Director of Cyber Threat Research, Immersive Labs

Ransomware isn't going anywhere, so be prepared: "One can hope that organizations have learned from the major data breaches we've seen over the last year, but we unfortunately continue to see a lot of organizations who are simply not ready to handle the impact of a ransomware attack. Organizations still fall victim to the tried and true tactics that cyber criminals use to gain access to their most sensitive information and despite government advisories saying otherwise, they continue to pay the ransom - which is why this attack style is still popular. We should expect to see ransomware groups leveraging new techniques in Endpoint Detection & Response (EDR) evasion, quickly weaponizing zero days and as well as new patched vulnerabilities, making it easy for them to bypass common defense strategies. As a result, security teams can't rely on an old security playbook. Companies should not worry about how they can detect everything, and instead just assume at some point it will go badly so you should have plans in place to best respond."

Preparing for the threats of tomorrow today

While it can be difficult to predict exactly when, or how, we'll witness the next major cybersecurity threat, we must continue to build upon our skills so that teams remain nimble and feel empowered to face any attack they may encounter. Through regular cybersecurity drills, employees across organizations can prepare for threats, whether ransomware, attacks on supply chains or other threats that target the human element.

By keeping a pulse on these emerging threats, and ensuring that teams are consistently exercised and battle tested, organizations can ensure that regardless of what's to come in 2024, they are ready to face it in stride. That's true cyber resilience.



Max Vetter 

Max Vetter joined Immersive Labs in 2018 and has helped customers to identify, assess, recruit, develop and retain cybersecurity talent. He has expertise in ethical hacking, open source intelligence (OSINT) and internet investigations specializing in darknets and cryptocurrencies.

Published Thursday, December 28, 2023 7:05 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2023>