Gil Kirkpatrick, Chief Architect, Semperis, picks six talking points.
In 2023, several big-name brands disclosed data breaches, from Twitter to T-Mobile.
The MOVEit vulnerability continues to claim victims, too.
Throughout the year, no sector was safe. Whether it was education institutions like the University of Minnesota or the hotel and casino industry with MGM, Caesars and Marina Bay Sands.
And don’t forget the countless government, critical infrastructure, enterprise, and vertical-specific organizations that suffered cyberattacks that managed to fly under the radar.
Cybersecurity is a topic top of mind in every enterprise and boardroom across the globe. As we reflect on the past year, it’s helpful to use those insights to look toward the future and prepare.
What trends should defenders be focusing on and addressing? What attacks are on the horizon? How can we better prepare for cybersecurity in 2024?
Here is my compilation of the most pressing trends, predictions and focuses for every IT and security team over 2024.
Leaders will be more concerned with their role in cybercrime
Businesses are finally starting to understand that cybercrime goes beyond the IT department and presents a risk to the entire enterprise.
Earlier this year, Uber’s former Chief Security Officer was sentenced for his role in covering up a data breach. Such headlines Drive home an important message: organizations are waking up to the fact that security and operational resilience need to be owned by the boardroom. Incoming regulations such as NIS2 and NCWES, as well as the general rise in cyber awareness reinforce this.
Businesses will experience huge budget pressures
The era of “free money” is well and truly over. Businesses will have to make tough decisions about their investments and many will seek to reduce overall costs with more efficient IT systems and processes.
Rather than investing in shiny new tools, we will see Chief Information Security Officers go back to the basics – such as underpinning the identity stack.
The supply chain is still a key risk area and organizations will likely consolidate suppliers not only to reduce the risk in their supply chain, but also to improve operational efficiency and decrease their overall spend.
Attackers are still exploiting basic vulnerabilities – with the help of AI
The core weak spots used by attackers haven’t changed over the years and are still being exploited successfully. Take Active Directory (AD) as an example, Microsoft’s core identity service which is used by hackers to gain user privileges and penetrate deeper into their victim’s network.
Attackers’ initial entry methods are evolving, though, with Artificial Intelligence (AI) allowing cybercriminals to create ever more sophisticated and convincing phishing campaigns that play tricks with users’ emotions.
Even users with a high level of security awareness can fall for an incredibly well-engineered phishing attempt. The highly anticipated 2024 release of Windows Server 2025 recognizes the need to reinforce identity security with the introduction of some additional security features in AD. For defenders, it is good to see that there is a bigger focus placed on identity protection.
AI security tools will get worse before they get better
While AI is helping fuel nefarious activity for bad actors, defenders are also leveraging the tool to fight back. Nearly every new (and many existing) cyber vendor infuse AI or large language models (LLMs) into their products to simplify protection, enhance defender capabilities and fight back against hackers.
While the algorithms are easy to generate, the solution is only as good as the data it’s trained on.
Expect to see stories of major breaches from businesses that trust AI tools to protect their data and sensitive systems. The coming year will separate the AI/LLM winners from the rest of the pack, and smart IT and security teams will proceed with caution.
CISOs double down on Active Directory protection
As traditional perimeter defenses fall short, organizations are taking an identity-first approach to security. AD is used in over 90% of enterprises to centralize the identities of an organization’s users, passwords, and devices.
However, it’s also involved in 9 out of 10 cyberattacks, and Microsoft estimates threat actors attack 95 million AD accounts a day (on the conservative side). The proliferation of attacks along with the ability to escalate privileges and move around the network once abused, means CISOs should double down AD protection to ensure that the most critical avenues into their business are tightened up.
Dual ransomware attacks pick of steam in 2024
Seventy per cent of organizations experienced a ransomware attack last year and there is no end in sight heading into 2024.
Interestingly, organizations that admitted paying ransoms were often hit a second time within one month of the first attack. And the ransom demands are usually higher.
The FBI is now warning companies to be on the lookout for dual ransomware attacks, where the criminals attack with two different variants of ransomware either at the same time or in close proximity.
Ransomware attacks can have catastrophic consequences on businesses, resulting in millions of dollars of losses and C-level resignations.
The FBI recommends that organizations maintain backup data files and maintain a recovery plan. Organizations need to also know what their critical systems are (including infrastructure such as Active Directory) before attacks occur and build resiliency into them.
With the sophistication of attacks and pace of vulnerabilities on the rise, it’s no secret that 2024 will have its fair share of headline-grabbing breaches.
For IT and security teams planning to address these challenges, it will be imperative to start conversations with the board early, gain better visibility into their environments, align on the most essential cyber tools, get control of their user identities and develop clear response and recovery plans in the event of an attack.
Click below to share this article
