Virtualization Technology News and Information
Article
RSS
CrowdStrike 2024 Predictions: Navigating The Shifting Cybersecurity Landscape

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Navigating The Shifting Cybersecurity Landscape

By Eyal Mamo, VP of Engineering at CrowdStrike

Navigating the cybersecurity landscape demands both foresight and adaptability. As threats intensify in 2024, organizations will recognize the importance of API security, experience an uptick in M&A activity, and begin to move away from CVSS scoring. The ability to adapt quickly to threats, coupled with a forward-thinking approach, will be crucial for security leaders and the bottom line in the coming year.

Read on for my predictions on how businesses should navigate the shifting cybersecurity landscape:

The Imperative for CISOs to Fortify API Security Posture

Looking back at 2023 data breaches, it's clear that vulnerable APIs were the preferred attack vector for hackers - much as Gartner predicted. Part of the reason why APIs are such an attractive entry point for breaches like Twitter, Optus, and CircleCI is the fact that other companies host third-party APIs: it means that a developer can't see the source code, so they cannot possibly know how their data is used and stored and most importantly, these assets are not within the traditional perimeter, meaning that traditional security controls don't apply to them.

In 2024, CISOs and front-line security professionals will start to truly recognize the importance of a mature API security posture - featuring a complete inventory of APIs and the data they transmit, followed by an automated test program and continuous monitoring. This emphasis on API security will be a stark change from the past three to four years, which focused more on infrastructure-based attacks.

Cloud Emerges as the Next Battlefield for DSPM Dominance

The uptick in M&A activity within the cyber sector in 2023 will continue into 2024 as major players in the space try to put their stake in the DSPM game. The cloud is cybersecurity's new battleground, with tool sprawl and solution siloes creating backdoors for threat actors. Expect industry leaders to borrow the wisdom of tool consolidation and seek acquisitions that will bolster their platforms and achieve data visibility at scale.

Having just sold my company - ASPM vendor Bionic - to CrowdStrike, I'm intimately aware of the necessity for cloud security vendors to expand their proactive and reactive offerings for security teams fending off sophisticated AI-powered attacks.

Moving Beyond CVSS in Vulnerability Assessment

Since 2016, new vulnerabilities reported each year have nearly tripled. With the number of discovered vulnerabilities increasing at an exponential rate, organizations need to move past CVSS for vulnerability prioritization in 2024 and toward context risk scoring. While CVSS demonstrates how easily a package can be hacked, it fails to provide more detail on how an organization uses an application, where it's deployed, data connections, and exploitability. That context is crucial for rapidly prioritizing and fixing critical threats before they impact the business.

By moving toward context risk scoring in 2024, businesses will be able to turn down the noise from irrelevant security alerts and refocus professionals' attention on the 5-10% of alerts that are exploitable and create business risk. This is especially important as the surge in applications and shift to continuous delivery in the coming year will introduce new attack surfaces and attack vectors at an unimaginable rate.

##

ABOUT THE AUTHOR

Eyal Mamo 

Eyal Mamo is VP of Engineering at CrowdStrike. Prior to joining CrowdStrike, Eyal co-founded and served as CTO at application security posture management (ASPM) company Bionic, which was acquired by CrowdStrike in 2023. Prior, Eyal served as entrepreneur-in-residence at YL Ventures, an American-Israeli venture capital firm that specializes in seed stage cybersecurity investments. He also was VP R&D for cyber deception startup Cymmetria, and served six years in the Israeli Defense Force's Unit 8200, the country's largest and most renowned intelligence corp that specializes in signal intelligence, cybersecurity and code decryption.

Published Monday, January 22, 2024 7:34 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2024>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910