Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
December 19, 2023
8 Min Read
Maksym Yemelyanov via Alamy Stock
At a Glance
- Generative AI is going to fuel more sophisticated cyberattacks as well as more advanced defense and detection capabilities.
- Threat actors are taking advantage of complex supply chains and targeting third-party vendors to achieve their goals.
- As more embrace a cloud-first approach, threat actors are looking for ways to target hybrid and multi-cloud environments.
Cybersecurity leaders are faced with a vast threat landscape, expanding technology stacks and limited budgets. The start of a new year is an opportunity to assess the biggest security risks and determine how to utilize the available resources to best defend their enterprises. What are some of the top security trends for CISOs and other security leaders to consider as 2024 approaches?
Four security experts share their forecasts and how security leaders can prepare themselves for the upcoming year.
AI Threats and Defense
The explosion and rapid adoption of generative AI was a defining trend of 2023, and it shows no signs of slowing. This technology is going to fuel more sophisticated cyberattacks as well as more advanced defense and detection capabilities.
“We’ve barely scratched the surface in terms of what potential capability enhancement that these kind of tools could give to both attackers and defenders,” Kelli Vanderlee, senior manager at threat intelligence solutions provider Mandiant Intelligence, a part of Google Cloud, tells InformationWeek.
Google Cloud calls out ways in which AI will be used to power professionalized and scaled phishing attacks and scalable information operations in its Cybersecurity Forecast 2024. AI is going to make it easier for threat actors to create clean, convincing social engineering campaigns at scale. The technology will also be used to generate fake news and deepfake photos and videos.
As attackers ramp up their AI capabilities, so must defenders. “The integration of AI tools must remain at the forefront of cyber defense–integrating with cyber threat intelligence, attack surface management and detection and response to address the overwhelming number and sophistication of attacks,” Yuval Wollman, chief cyber officer and managing director, Israel at UST, a digital technology solutions company, tells InformationWeek in an email interview.
Cybersecurity teams will be able to use AI to expand threat analysis capabilities. Wollman also expects that generative AI will be able to create predictive content using behavior and attack patterns, giving cybersecurity teams the ability to take a proactive approach to defense.
While AI is evolving quickly, it is not yet capable of replacing human cybersecurity talent. Andrius Useckas, CTO and CISO at ThreatX, an API and web application protection company, emphasizes that AI is still rules based. “If you want your environment to be secure, you still need that annual pen test,” he explains. “You still need the actual ethical hacker, [an] actual human, on the other side to try and break into your system to the replicate the exact way an actual attacker would try to break into your system.”
Geopolitical Tension and Nation State Actors
Cyberattacks led by nation-state threat actors, as well as politically motivated hacktivist groups, will continue in relation to the active conflicts in Ukraine and Gaza. Vanderlee points out that attacks in these regions may have a higher likelihood of kinetic impact. For example, Sandworm, a threat actor linked with Russia, disrupted the power in Ukraine and caused a power outage in late 2022.
“Those are definitely things to watch out for, particularly if you do business in those regions or in countries situated around those regions,” says Vanderlee.
Nation-state cyber threat activity goes beyond these two conflicts. Google Cloud’s Cybersecurity Forecast 2024 highlights the “Big Four” nation state actors: China, Russia, North Korea, and Iran.
China has developed a sophisticated cyber threat operation to achieve various long-term priorities. China-based espionage actors are expected to continue finding ways to remain undetected and avoid attribution. “We expect Chinese threat actors to continue to find very innovative and interesting ways to target edge devices, to find ways to minimize opportunities for detection,” says Vanderlee.
Ukraine will remain a primary target for Russian cyber threat activity, but sanctions continue to hurt Russia. As a result, it could pursue more intellectual property theft to compensate, according to the Google Cloud report.
Cyber threat activity from North Korea is often financially motivated. “North Korean threat actors are really remarkable for their persistence and creativity,” says Vanderlee. “They've been particularly good at executing supply chain compromises in the last year … by running interesting and complex social engineering campaigns.”
Threat activity associated with Iran will likely be driven by intelligence gathering, information operations and potentially disruptive and destructive attacks, according to the Google Cloud report.
Supply Chain Attacks
Threat actors are taking advantage of increasingly complex supply chains and targeting third-party vendors to achieve their goals. While supply chain complexity is the reality for many organizations, Wollman indicates that there are efforts being made to reduce risk.
“There’s been a marked trend toward supply chain visibility and vendor consolidation to minimize risk from increasingly sophisticated cyber threats,” he explains.
As third-party risk remains a significant factor, security leaders will be tasked with conducting due diligence on external vendors. What does their cybersecurity posture look like? If a vendor is compromised, how does that impact your organization? Having an adequate understanding of third-party risk is an important step toward minimizing the potential damage of a supply chain attack.
Prioritizing Cloud Security
Cloud migration continues to be a significant theme in the IT space. As more organizations embrace a cloud-first approach, threat actors are looking for ways to target hybrid and multi-cloud environments.
Mandiant observed threat actors targeting cloud environments and seeking ways to gain persistence and move laterally in 2023, according to Google Cloud’s Cybersecurity Forecast 2024. That trend is likely to bleed over into 2024; threat actors are going to look for ways to exploit cloud misconfigurations and move laterally across multi-cloud environments.
“Cloud security posture management (CSPM) is emerging as an integral component in cloud security architecture, especially as visibility is becoming increasingly harder to achieve in multi-cloud environments,” Wollman shares.
Ransomware remains a profitable business for threat actors, and they are going to continue seeking vulnerabilities that allow them to execute these attacks. Useckas shares that these attacks will not stop, and there is actually a trend of dual ransomware attacks.
“When somebody is attacked with ransomware, they might recover from backups or they might pay the ransom and then they get another attack right after that because … the attackers are still embedded in the system,” he explains.
The FBI’s Cyber Division released a Private Industry Notification in September warning of the growing trend of dual ransomware attacks, which involve deploying two different ransomware variants within a short period.
Phishing is a common way to launch a ransomware attack, and the malicious use of AI is likely to make phishing scams more challenging to detect. “You definitely have to…educate your people as much as possible and then obviously have defense in layers as well,” says Useckas.
A total of 87 zero-day vulnerabilities have been discovered in 2023, up from 52 in 2022, according to the Zero-Day.cz Tracking Project.
“For the last several years, China is fielding more zero-day exploits than any other nation. And we do expect that to continue, and that should be a big threat for a variety of organizations,” says Vanderlee.
While nation-state sponsored groups have historically been the primary threat actors behind zero day exploits, that is changing, according to the 2024 Key Forecasts report from cybersecurity company ZeroFox. The report points out that ransomware groups like CL0P are also exploiting zero-day vulnerabilities.
AJ Nash, vice president and distinguished fellow of intelligence at ZeroFox urges security leaders to take a broader view on zero days and recognize the potential threats they pose in today’s interconnected world.
“Stop thinking about all these things in little silos and little buckets. If you're a manufacturer in the US and there's a zero-day exploit against [a] financial services company in Asia, stop assuming that doesn't bother you, that it shouldn't be your problem,” he cautions.
In 2023, a number of cybersecurity executives have found themselves under the regulatory microscope. Former Uber CSO Joseph Sullivan was sentenced to three years of probation and ordered to pay a $50,000 fine for his role in responding to a 2016 data breach at the company. SolarWinds CISO Tim Brown is also facing legal action. The Securities and Exchange Commission (SEC) filed a lawsuit against him and SolarWinds, alleging a failure to maintain adequate cybersecurity controls prior to a 2019 cyberattack.
These high-profile cases could signal the potential for more accountability at the personal and corporate levels. “I think we're putting CISOs in a very difficult position where they have to make choices between their own personal wealth and compensation plan, which often is very heavily leveraged on keeping the stock price up and keeping your spending down, versus doing what's best for security,” Nash expands.
Continued regulatory scrutiny could change the way enterprises approach cybersecurity. “I think as we start to see more accountability, that may change how organizations choose to prioritize their spending and how they choose to communicate to their own leadership and to the public as to how secure they are,” says Nash.
Preparing for the Year Ahead
Ransomware, zero-day exploits, nation state actors, supply chain attacks, cloud security and regulations are not novel concepts for security leaders. And the advent of generative AI has been front and center in IT discussions for much of 2023. The start of a new year gives security leaders the opportunity to look at all these trends and consider what they mean for their enterprises. Is your tech stack prepared for the most pressing threats? Do any elements of your environment need to be updated? Is your patching program and infrastructure management process up to date? Do you have a ransomware incident response plan? Do you have the team you need? How is your organization using AI, and what are the risks?
“How do I rank the things that I want accomplish, and how [do] we want to spend our resources to better defend our organization in the next year?” asks Vanderlee.
About the Author(s)
You May Also Like