Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Top 3 Cybersecurity Predictions For 2024
By Craig Harber, chief security evangelist, Open Systems
As we move forward into 2024, a year in which there are
bound to be many cybersecurity firsts, it may be helpful to also examine what
we've observed and learned in cybersecurity throughout 2023, in order to
predict the road ahead.
With that in mind, here are some educated guesses at some of
the major trends and themes we expect will come into focus in 2024:
- Increasing
business systems cyber resiliency will emerge as a major growth area, and
we'll see senior executives investing in capabilities to ensure continuity
of operations even in the wake of a successful breach.
Cyber
threats today are more complex and damaging than ever. For most companies,
it is no longer a question of whether they will be breached but whether
they are prepared to operate in a contested environment. Senior executives
must expand their cybersecurity investment focus from cyber defense to
cyber resiliency to ensure business continuity during and after a
successful cyber breach. Cyber resilience is a strategy driven by senior
executives that considers every aspect of the company's business ecosystem
from its employees to partners to supply chain vendors to customers. It
must proactively manage risks, threats, vulnerabilities, and the effects
on critical information and supporting business assets across the entire
business ecosystem.
- Protecting
and defending converged ecosystems such as IT, OT and IoT, will surface as
an important area of focus as companies progress with business
transformation initiatives with the goals of boosting performance through
increased revenue, lowering operating costs, and improving both customer
satisfaction and workforce productivity.
As OT environments become more exposed via IT/OT convergence, we'll see
an increased need for modern cybersecurity solutions to defend critical
infrastructure from new threats and attack vectors that previously weren't a
concern for OT environments.
The ransomware attack
on Colonial Pipeline in 2021 demonstrates how an IT-focused attack
vector can shut down OT systems and as a result dramatically impact our daily
lives - in this case, by causing significant disruptions in gasoline supplies
across much of the US East Coast. Attacks have only become more sophisticated
in the over two years since the attack, so companies dealing with IT/OT
convergence will need to be more diligent than ever in their cybersecurity
efforts.
- Thwarting
AI-generated phishing attacks will become a major investment area, given the
increasingly widespread availability of generative AI tools capable of leveraging
deepfakes and personalizing messages with new levels of sophistication.
Without question, AI-generated phishing attacks will increase threat
actors' scale, scope, velocity, and success rates. It transcends traditional
phishing methods, utilizing AI tools for streamlined research and
reconnaissance activities. This sophistication enables highly targeted and
convincing phishing emails, with threat actors dynamically adjusting content
and tactics in near real-time. Language translation services extend the reach
and effectiveness of these phishing campaigns, especially within companies
operating in multiple countries.
Email compromise continues to be the primary source of
business vulnerability, and generative AI introduces new layers of complexity
to cyber defense against BEC. As generative AI becomes more mainstream - across
images, audio, video, and text - we can only expect trust in digital
communications to continue eroding. Business operations can't function
efficiently in this type of environment. Companies must reimagine cyber
defenses and user education to counter this new and emerging threat.
One thing we know for certain: 2024 is going to be full of surprises.
Organizations and their trusted partners will need to stay vigilant and
continuously adapt to keep up with today's and tomorrow's cyber threats.
##
ABOUT THE AUTHOR
Craig Harber is chief security evangelist, Open Systems. He has more than 37 years of experience in
national security with senior technical roles driving major initiatives with
far-reaching strategic impacts across the Department of Defense (DOD), the
Intelligence Community (IC) and Industry, including a tenure at NSA and
USCYBERCOM, where he directed technical and programmatic strategies to achieve
full spectrum cyberspace operations. He is also the president of Coastal Cyber
LLC, and previously was CTO and chief product evangelist at Fidelis
Cybersecurity.