Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
More Hyper-Targeted Attacks, Changing Role of the CISO, AI Hype, and the Next Generation of Cybersecurity
By
Scott Roberts, Head of Threat Research at Interpres Security
As we reflect upon 2023 and look forward to
2024, we can't help but acknowledge what a tumultuous year it was for the
cybersecurity industry. To paraphrase legendary basketball coach Jim Valvano,
if you laugh, you think, and you cry, that's a heck of a day (or in this case,
year).
It's safe to say that our industry experienced
all three of those cardinal behaviors this year. Economic headwinds and
regulatory changes created challenges many of us have seldom experienced,
causing many of us to think deeply, and in some cases, albeit metaphorically or
literally, cry. Simultaneously, continuous innovation and creativity has made
cybersecurity as intriguing of a field as ever, with some innovation making us
laugh but the overwhelming majority of it sparked by incredibly creative thinking
by brilliant individuals.
Heading into 2024, let's examine what we can
expect in terms of the evolving threat landscape, the changing role of the
CISO, AI and its ever-lasting hype, and the next generation of cybersecurity.
Prepare
for Hyper-Targeted Attacks
Overall, the spread of baseline security
practices has been a great positive force in raising the bar for hackers and
making their jobs harder. On the flip side, hackers have been forced to narrow
the scope of their attacks and become more targeted as "spray-and-pray" methods
are less effective. We saw this just as recently as the MGM casino hack.
Typically, financially focused organizations tend to have better security
practices in place because they can quantify what the impact of an attack looks
like, but in this case, the hackers used social engineering and even threats of
physical violence to execute a non-technical hack that cost the company more
than $100 million.
Expect this trend to continue into 2024. As we
continue to revise and improve cybersecurity hygiene across the board, hackers
will continue to look for the weak link: people.
The
Role of the CISO Gets More Complicated
With the sentencing of Uber's CISO and the
charges against SolarWinds' CISO in 2023, the CISO job description is looking
to get a bit more complicated. Part of a CISO's job, love it or hate it, is to
take the hit for the board when they get hacked, lose their job, take a nice
payout and take another CISO job six months down the road. If that hit now
potentially includes legal trouble and even jail time, it is going to change
the role's entire dynamic in many ways - some good, but also some unforeseen bad
ways.
Users
Won't Care About AI. Results Are What Matter
The bottom line is that cybersecurity
practitioners don't care that your product uses AI. They are way more concerned
with the user experience and the results they are able to deliver. Using it as
a tool instead of a crutch, they are looking to see how AI enables them to
either do something they couldn't do before, or do their existing job better.
I wouldn't be surprised to see some of these
companies that have gone all in on AI dial back once they hear the feedback on
how the AI has been useful, how it hasn't, and how they can implement it
further. The reality is that AI does have its uses, and so does automation and
the human aspect of cybersecurity. What I've seen, from the attacker and
defender standpoint, is that AI really only raises the floor, not the ceiling.
The
Next Generation of Cybersecurity is Promising
As an academic and university teacher, I am
hopeful for this next generation of cybersecurity. My students possess an
awareness around cybersecurity that I frankly did not have at their age. In 20
years, the people who are doing cybersecurity are going to be very, very good.
To end this on a high note, the kids are alright.
##
ABOUT THE AUTHOR
Scott Roberts is asecurity leader, analyst, software developer, and author. He is the Head of Threat Research for Interpres Security and has led security teams and projects in the defense industrial base, GitHub, Apple, Splunk, and most recently, Argo AI. He is also a researcher at Utah State University, where he is focused on Anticipatory Intelligence -- tackling emergent problems in national and cyber security. Roberts has served as an advisory committee member for SANS CTI & DFIR Summits. He co-authored O'Reilly's Intelligence Driven Incident Response and has spoken at numerous industry events on incident response and cyber threat intelligence. Roberts is passionate about improving security via automation, especially on macOS, and developing open and closed source tooling in Python, Go, and Swift.