Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
2024 Cybersecurity and Tech Predictions
By Darren
Guccione, CEO and Co-Founder, Keeper Security
Cybersecurity is an
arms race. Bad actors are constantly evolving their tools to circumvent
detection, while defenders are trying to adapt.
Today, we are facing
an onslaught of new attack vectors using Artificial intelligence (AI). AI in
the hands of adversaries has the potential to amp up a plethora of attack
methods, including one of today's top scamming tactics: social engineering. The
potential impact to enterprises is significant; with the right AI solutions,
voices can easily be mimicked, and if the voices of an organization's leaders
are widely available, successful phone and voicemail scams will increase. This
is just one example.
Novel Attack Vectors
In 2024 and beyond,
AI will continue leading to novel attack vectors that may be out of a security
or IT leader's control. However, by implementing cybersecurity solutions that
limit lateral movement and protect privileged accounts, organizations can control
what a bad actor can do if these novel attacks do lead to unauthorized access.
Deploying a Privileged Access Management (PAM) solution is critical to
protecting an organization's most valuable assets.
Even though AI will
lead to novel attack vectors, the cybersecurity solutions organizations need to
deploy to fortify their defenses and protect against the evolving threat
landscape remain the same.
Here are a few others
predictions for 2024:
Importance of SIEM
With increasing
attack vectors and a larger attack surface, organizations need to diligently
monitor events that pose the biggest threats to their organization for timely
and effective Incident Detection and Response (IDR) and to ensure adherence to
policies. In order to protect their organization's crown jewels, organizations
need better insight into password practices and privileged users.
Security Information
Event Management (SIEM) tools log all types of events that happen within a
system and consolidate information from disparate cybersecurity solutions into
one central location for logs, reporting and alerts, which is becoming increasingly
important as the volume of cyberattacks increases, threats intensify and
organizations implement a variety of different solutions to keep pace.
In 2024, we'll see
SIEM tools increasingly utilize AI to enhance the ability to detect anomalies
and correlate security events. This will
revolutionize SIEM detection capabilities and provide even richer insights to
help improve an organization's security posture.
Ubiquitous Cybersecurity Platforms
As organizations
continue shifting to the cloud and seeking affordable, pervasive solutions,
we'll see an uptick in the adoption of ubiquitous platforms that provide full
visibility and reduce security gaps. As users become less tolerant of
expensive, disparate security solutions, investment in solutions that provide
the full spectrum: visibility, security, reporting and control will increase.
Organizations will
seek solutions that address the most prevalent threats, moving toward
cloud-based solutions that can scale with the organization's size and
cybersecurity maturity. This will reduce
the number of IT staff required to manage on-premises platforms while
simultaneously helping to close security gaps and reduce operating risks.
Passkeys and Passwords Will Coexist
Passkeys will
continue to grow in popularity, but will not entirely replace passwords. New
and expanding hybrid work environments will make it critical to ensure the safe
storage of user login credentials, necessitating organizations and individuals
learn how to use both passkeys and traditional passwords. Despite the
advantages of passkeys, there will continue to be significant barriers to their
mass adoption. Implementing passkey-based authentication systems requires
changes to the login, MFA and account-recovery processes on existing websites,
which is a major roadblock for some service providers.
Consistent support
from major platforms and browsers will be needed to promote widespread adoption
of passkey technology, but support through the transition will be limited and
hinder user adoption. This is due to a) underlying platform support and the necessary
changes to existing websites and; b) the fact that it's not a default setting,
so the user must take action to configure or set it up. Out of more than a
billion websites that exist, only a few dozen currently support passkeys. That
number may jump into the tens of thousands by 2025 and, aided by Google's
recent adoption of passkeys, we expect more websites and service providers to
adopt passkey-based authentication as interest grows. However, that's a
miniscule fraction of the password-reliant websites that exist today.
User hesitancy will
be another barrier to the adoption of passkeys. Passwords have reigned supreme
for so long that users will be hesitant to adopt a new authentication method,
especially if they are not familiar with the security benefits. The use of an
encrypted password manager that supports passkeys is critical to ensure
adoption and use across different devices, while preserving security for
existing authentication methods including traditional passwords.
##
ABOUT THE AUTHOR
Darren Guccione is
an entrepreneur, technologist, business leader, as well as the CEO and
co-founder of Keeper Security, the leading provider of zero-trust and
zero-knowledge cybersecurity software used globally by millions of people and
thousands of businesses. Guccione is actively involved in fostering a culture
of innovation in his field, having served as an advisor and board member with
multiple technology organizations, as well as an advisor for two Chicago
mayors. Guccione was named the 2022 Editor's Choice CEO of the Year and 2020
Publisher's Choice Executive of the Year by Cyber Defense Magazine's InfoSec
Awards, as well as Cutting Edge CEO of the Year in 2019.