The year 2023 saw heightened cybersecurity activity, with both security professionals and adversaries engaged in a constant cat-and-mouse game. The dynamic landscape of cyber threats and the ever-expanding digital attack surface have compelled organizations to refine and fortify their security architectures. Despite the collective hope for a reprieve from the onslaught of daily phishing, ransomware, and credential stuffing attacks, cybercriminals are poised to leverage successful tactics from this year to orchestrate more sophisticated campaigns in the coming year. To stay ahead, it is crucial to anticipate the key themes likely to dominate the cybersecurity space in 2024.
The following predictions serve as strategic insights for IT and security professionals, guiding them in prioritizing efforts to navigate the ever-changing threat landscape:
A Never-Ending Story: Compromised Credentials
The perpetual use of usernames and passwords for access control and authentication has made compromised credentials a recurring vulnerability. Post-mortem analysis of data breaches consistently identifies compromised credentials as the primary point of attack. In fact, a study by the Identity Defined Security Alliance (IDSA) reveals that credential-based data breaches are both ubiquitous (94% of survey respondents experienced an identity-related attack) and highly preventable (99%).
Despite this, many organizations lack essential identity-related security controls. Those that have implemented proper access controls often focus on human users, neglecting the multitude of non-human identities arising from digital transformation initiatives (e.g., DevOps, cloud transformation, Internet of Things). As a result, compromised identities, both human and non-human, are expected to fuel cyberattacks in 2024. Organizations are urged to intensify efforts in implementing Zero Trust principles to reduce dependency on passwords.
Ransomware Attacks Continue to Wreak Havoc
The ransomware business thrives as cybercriminals exploit vulnerabilities in organizations, as witnessed in attacks on entities such as the Kansas Court System, Yamaha Motors, and Western Digital. In fact, the Ransomware-as-a-Service model has made launching attacks that much easier. Over the past year, ransomware attacks have evolved into multifaceted extortion schemes where data is exfiltrated and threatened to be publicly released if a ransom is not paid. The recent SEC complaint filed by the Alphv/BlackCat ransomware group against MeridianLink adds a new dimension to this tactic. With the new SEC disclosure ruling coming into effect on December 15, 2023, requiring companies to report “material” cybersecurity incidents within four days, this tactic is expected to become commonplace in ransomware attacks. Enterprises need to focus on ransomware preparedness, particularly in recovering endpoints and critical infrastructure such as Active Directory.
Global Conflicts and Elections Lead to a Rise in Hacktivism
The intersection of global conflicts and the 2024 Presidential elections in the US provides fertile ground for the emergence of hacktivism. Hacktivists, viewing themselves as champions of free expression, may counteract tightened control over information flow during times of conflict or elections by exposing information or launching attacks. Governments may covertly support hacktivist groups, blurring the lines between state-sponsored hacking and hacktivism. As elections are not only about ballots but also narratives, hacktivists can play a role in shaping public opinion through various cyber operations. The ease of using underlying tools may lead to material attacks involving deepfake voice and/or video content in 2024.
White House Cybersecurity Strategy Triggers Revival of Vulnerability Management
With cyber adversaries exploiting zero-day vulnerabilities, the White House’s National Cybersecurity Strategy, released in March 2023, shifts liability to organizations that fail to take reasonable precautions to secure their software. This strategy emphasizes the need for robust vulnerability management, involving the identification, assessment, prioritization, and mitigation of security vulnerabilities. The potential increase in liability for independent software vendors is expected to drive technological advancements in vulnerability management tools, leading to a revival of this otherwise dormant security category.
The Emergence of Next-Gen Security Awareness Programs
Security awareness training, a cornerstone of cybersecurity, is set for a transformation in 2024. The widespread adoption of generative artificial intelligence within the realm of cyber threats will render traditional training obsolete. Next-gen programs will embrace continuous breach and attack simulation (BAS) to validate user-focused controls’ efficacy and provide real-time guidance to prevent falling victim to contemporary social engineering attacks. Specialized tools will also focus on helping software developers learn secure coding practices to prevent vulnerabilities before they occur.
Conclusion In summary, 2024 emphasizes the critical need to strike a balance between cybersecurity and cyber resilience. As IT and security professionals gear up for the year ahead, prioritizing the ability to see, protect, and manage the entire attack surface continually is paramount. Safeguarding mission-critical assets and developing the capacity to anticipate, withstand, recover from, and adapt to cyberattacks remain central to organizational cybersecurity strategies.