By Yiyi Miao, Chief Product Officer, OPSWAT
In the ever-changing domain of cybersecurity, organizations continue to face multifaceted challenges with protecting their digital assets and infrastructure. A new report, written by MIT professor Stuart Madnic and funded by Apple, showed 20 percent more data breaches in the first nine months of 2023 than the entire year prior. As people increasingly conduct their lives online, more personal data is collected — creating an ever-more appealing target for cyber criminals.
Among these breaches are ransomware attacks, which have increased in volume, sophistication, and aggression. The U.S. and U.K. governments have together accused Russian intelligence of a global hacking campaign over the past eight years. They assert that these attackers have targeted British lawmakers, journalists, and civil society organizations in an attempt to interfere in British elections. In the U.S., cyberattackers allegedly aimed their efforts at U.S. energy networks and American spies. These are just a few of the pervasive attacks that show a clear need for businesses to re-examine their cybersecurity strategies and prepare for the evolving tactics of threat actors in 2024. As we head into the new year, several key trends and emerging threats highlight the need to review and strengthen overall cybersecurity and perimeter defense strategies.
Key Trends in Cybersecurity
Evolving Tactics
The cyber threat landscape continues to evolve in tandem with technological advancements, making it increasingly difficult for organizations to effectively protect themselves from cyber threats. Cybercriminals are leveraging artificial intelligence (AI) and machine learning (ML) to launch more sophisticated attacks. This requires defense strategies to evolve at the same pace, using AI and ML to enhance threat detection and response capabilities.
Supply Chain – The Critical Role of SBOMs
Supply chain attacks continue to be an appealing attack vector for threat actors. By compromising trusted vendors, it becomes simple for attackers to infiltrate numerous organizations at once, as the MOVEit vulnerability continues to prove. To prepare for such attacks, organizations must implement strict vendor risk management practices, perform security audits regularly, and analyze the integrity of all software in use. A software bill of materials (SBOMs) provides detailed inventories of software components, which can help organizations identify vulnerabilities and dependencies within their supply chain.
IoT Expansion
Internet of Things (IoT) devices continue to introduce new attack vectors, expanding the potential attack surface. The Office of Management and Budget (OMB) recently announced it will establish an enterprise-wide inventory of the agency’s covered IoT assets “to enhance the U.S. Government’s overall cybersecurity posture and to help ensure integrity of systems.” In any organization, such an inventory is key to securing IoT networks and devices effectively and helping to prevent unauthorized access and potential breaches in this interconnected world.
LLM-Based Threat Detection Startups
The rapid rise and evolution of Language Learning Models (LLMs) creates a new way to detect threats, offering new methodologies for quickly identifying and responding to cyber threats. However, as LLM-based startups emerge in the cybersecurity sector, it is important to evaluate these innovative technologies carefully as well as ensure that they integrate effectively into the existing security infrastructure.
Human Error
Despite many advancements in technology, humans remain a significant risk factor. Indeed, Verizon’s 2023 Data Breach Investigations Report attributed 74 percent of security breaches to human error. While technology is essential and should be used to shield people from as many attacks as possible, comprehensive security awareness programs remain vital. Educating employees about the newest threats, teaching them how to identify phishing attempts, and ensuring responsible behavior online can help them both at work and in their personal lives.
People, Process, and Technologies
Together, people, processes, and technology all combine to help you build a more robust cybersecurity strategy. People are the first pillar of such a strategy. To support this, security awareness programs must include simulated cyberattacks and phishing simulations. This provides employees with firsthand experience in identifying, thwarting, and mitigating potential risks. Regular penetration testing, vulnerability assessments, and personalized security training all contribute to increasing an organization’s defense systems.
Processes are the second pillar to the strategy, because they define how an organization manages and mitigates risks. Organizations must adopt consistent policies for both information technology (IT) and operational technology (OT) security. Policies going forward will require SBOMs, the analysis of those SBOMs, and how that may impact other software and systems. Policies may also require a deeper understanding of security tools to ensure that they are being used effectively. As regulatory bodies increasingly become involved in OT cybersecurity, processes must include the review of compliance with relevant regulations. And as leadership teams and boards of directors require more cybersecurity expertise, processes help increase cybersecurity maturity and effectiveness.
The third pillar, technology, will play a crucial role in the rapid identification and neutralization of potential threats as organizations adopt advanced technologies. By leveraging the power of AI and ML, organizations can more rapidly discern patterns, anomalies, and potential risks in real-time, allowing for proactive threat mitigation. Organizations must stay up to date with evolving tactics and defenses to mitigate risks effectively.
Looking Ahead
Increased Partnerships and Mergers
The OT security sector is undergoing a transformation driven by increased partnerships and acquisitions. This reflects the need for specialized expertise in securing the operational technologies that are critical in manufacturing, energy, and utilities. Partnerships and mergers bring together diverse expertise and enable organizations to develop more comprehensive security solutions for OT environments. Cybersecurity firms and OT experts must address the complex threats faced by critical infrastructure systems.
Firewalls, Intrusion Detection Systems, and Secure Gateways
Traditional cybersecurity measures, such as firewalls, intrusion detection systems (IDS), and secure gateways continue to be critical in perimeter defense strategies. These technologies are evolving to provide more sophisticated and integrated solutions. Advanced firewalls now provide deeper insights into network traffic, enabling more effective detection and prevention of malicious activities. Similarly, IDS can identify complex attack patterns using AI and ML. Secure gateways now offer deep packet inspection and threat intelligence integration to improve security.
Better and Faster Sandboxes
Traditional sandboxes may be considered obsolete to be applied to combat evolving threat landscape, however, with newer technologies and implementation, sandboxes are still highly effective to provide a safe and isolated environment to test and analyze untrusted programs and code, preventing potential threats from impacting the primary network or system. This enables security teams to conduct dynamic analysis and identify critical indicators of compromise (IoCs), such as network IPs, URLs, and domains. The increased use of sandboxes enables a shift towards more proactive cybersecurity strategies.
Proactive Threat Detection
Proactive threat detection is a key component of perimeter defense strategies. Rather than responding to threats after they emerge, proactive threat detection aims to predict and prevent attacks before they occur. By leveraging predictive analytics, AI, and ML to analyze patterns and anomalies that could indicate impending attacks, organizations can respond proactively to reduce the likelihood of and fallout from security breaches.
Prepare for New Challenges
In the years ahead, cybersecurity must move beyond defense and adopt an evolving strategy to stay ahead of new threats and challenges. Comprehensive employee training, automated threat detection and mitigation, and consistent policies for IT and OT security can help organizations build a cybersecurity system that is responsive to changing technologies and regulations. The cyber landscape is unpredictable, but as society becomes increasingly digitalized, organizations must invest in cybersecurity, starting with perimeter defense, in order to achieve and sustain success.
About the Author
Yiyi Miao, Chief Product Officer, OPSWAT. Yiyi Miao is the Chief Product Officer at OPSWAT, a global leader in critical infrastructure cybersecurity solutions. He joined OPSWAT in 2009 as a Software Engineer in the company’s Research and Development Engineering Team. Yiyi started managing the Product Engineering and Product Management teams in 2017 and is responsible for the overall product design, engineering, and delivery processes. Yiyi earned a Bachelor’s degree in Biomedical Engineering from Shanghai University in China and a Master’s degree in Computer Science from San Francisco State University.
Yiyi can be reached online on LinkedIn: https://www.linkedin.com/in/yiyi-m-4362096/ and at our company website https://www.opswat.com/