Virtualization Technology News and Information
Interpres Security 2024 Predictions: More Hyper-Targeted Attacks, Changing Role of the CISO, AI Hype, and the Next Generation of Cybersecurity


Industry executives and experts share their predictions for 2024.  Read them in this 16th annual series exclusive.

More Hyper-Targeted Attacks, Changing Role of the CISO, AI Hype, and the Next Generation of Cybersecurity

By Scott Roberts, Head of Threat Research at Interpres Security

As we reflect upon 2023 and look forward to 2024, we can't help but acknowledge what a tumultuous year it was for the cybersecurity industry. To paraphrase legendary basketball coach Jim Valvano, if you laugh, you think, and you cry, that's a heck of a day (or in this case, year).

It's safe to say that our industry experienced all three of those cardinal behaviors this year. Economic headwinds and regulatory changes created challenges many of us have seldom experienced, causing many of us to think deeply, and in some cases, albeit metaphorically or literally, cry. Simultaneously, continuous innovation and creativity has made cybersecurity as intriguing of a field as ever, with some innovation making us laugh but the overwhelming majority of it sparked by incredibly creative thinking by brilliant individuals.

Heading into 2024, let's examine what we can expect in terms of the evolving threat landscape, the changing role of the CISO, AI and its ever-lasting hype, and the next generation of cybersecurity.

Prepare for Hyper-Targeted Attacks

Overall, the spread of baseline security practices has been a great positive force in raising the bar for hackers and making their jobs harder. On the flip side, hackers have been forced to narrow the scope of their attacks and become more targeted as "spray-and-pray" methods are less effective. We saw this just as recently as the MGM casino hack. Typically, financially focused organizations tend to have better security practices in place because they can quantify what the impact of an attack looks like, but in this case, the hackers used social engineering and even threats of physical violence to execute a non-technical hack that cost the company more than $100 million.

Expect this trend to continue into 2024. As we continue to revise and improve cybersecurity hygiene across the board, hackers will continue to look for the weak link: people.

The Role of the CISO Gets More Complicated

With the sentencing of Uber's CISO and the charges against SolarWinds' CISO in 2023, the CISO job description is looking to get a bit more complicated. Part of a CISO's job, love it or hate it, is to take the hit for the board when they get hacked, lose their job, take a nice payout and take another CISO job six months down the road. If that hit now potentially includes legal trouble and even jail time, it is going to change the role's entire dynamic in many ways - some good, but also some unforeseen bad ways.

Users Won't Care About AI. Results Are What Matter

The bottom line is that cybersecurity practitioners don't care that your product uses AI. They are way more concerned with the user experience and the results they are able to deliver. Using it as a tool instead of a crutch, they are looking to see how AI enables them to either do something they couldn't do before, or do their existing job better.

I wouldn't be surprised to see some of these companies that have gone all in on AI dial back once they hear the feedback on how the AI has been useful, how it hasn't, and how they can implement it further. The reality is that AI does have its uses, and so does automation and the human aspect of cybersecurity. What I've seen, from the attacker and defender standpoint, is that AI really only raises the floor, not the ceiling.

The Next Generation of Cybersecurity is Promising

As an academic and university teacher, I am hopeful for this next generation of cybersecurity. My students possess an awareness around cybersecurity that I frankly did not have at their age. In 20 years, the people who are doing cybersecurity are going to be very, very good. To end this on a high note, the kids are alright.



Scott Roberts 

Scott Roberts is asecurity leader, analyst, software developer, and author. He is the Head of Threat Research for Interpres Security and has led security teams and projects in the defense industrial base, GitHub, Apple, Splunk, and most recently, Argo AI. He is also a researcher at Utah State University, where he is focused on Anticipatory Intelligence -- tackling emergent problems in national and cyber security. Roberts has served as an advisory committee member for SANS CTI & DFIR Summits. He co-authored O'Reilly's Intelligence Driven Incident Response and has spoken at numerous industry events on incident response and cyber threat intelligence. Roberts is passionate about improving security via automation, especially on macOS, and developing open and closed source tooling in Python, Go, and Swift. 

Published Thursday, December 28, 2023 7:02 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2023>