What will 2024 hold for the world of cybersecurity? The experts at Rapid7, the US based cybersecurity firm founded in 2000 ranked as a top application security company, share their predictions and advice for the coming year.
Ransomware actors burning through zero-days
“RDP (remote desktop protocol) has long been the initial entry vector of choice for ransomware groups, closely followed by the less-so sophisticated email. However the MOVEit and SysAid campaigns show change is brewing.
“Rapid7 has observed an increasing number of zero-day vulnerabilities being exploited by ransomware groups, and it’s unlikely this trend will abate. Forget the mindset that ransomware actors just go after “the low hanging fruit”; they are now exploiting zero-day vulnerabilities at mass scale.
“This trend is seeing criminal groups that to date have not demonstrated any real capable skills in gaining access to previously unidentified vulnerabilities, exploit them and gain a foothold into victim networks. This demonstrates that potentially something is afoot in the ransomware ecosystem. For organisations, the message is simple: get your vulnerability management and patching procedures in place and do it now. Being proactive when it comes to dealing with vulnerabilities that are being exploited in the wild is imperative.”
“The cloud will continue to be a critical cyber battleground. And in the coming year, an emerging concern will likely be the misuse of commercial cloud service providers (CSPs). That’s because cybercriminals are no longer relying on known command-and-control servers; instead, they're turning to commercial CSPs for cover to host malicious content.
“It’s a clever trend, and it comes back to the game of hide-and-seek, with attackers exploiting the cloud's anonymity and legitimacy, and blending their activities with legitimate services. Combatting this threat requires more innovative solutions, such as those leveraging AI and advanced automation techniques — as well as heightened vigilance — in the cloud. Organisations need advanced risk scoring across cloud environments, so security teams get complete visibility that eliminates blind spots and enables them to effectively prioritise remediation actions.”
Rise of global public-private cyber partnerships
“The regulatory dance floor will definitely become more crowded in 2024, especially with AI cutting in.
“This new dance partner will be adding to the complexity of tools needed to deal with cyber risk mitigation and will lead to more robust and global public-private partnerships. We might see something like a global cybersecurity flash mob in 2024. Instead of just sharing the usual threat intelligence of cyber threats and cyber risks, governments and businesses will join hands to share threat intel, resources and bolster defenses in concentrated ways to deal with specific threats. Ultimately, moving beyond the historical PPP’s of quarterly meetings, to a more real-time sharing approach in order to deal with the diminishing timelines between initial entry vectors to final stage payloads.
“It will be interesting to see if more action oriented partnerships bolster capacity and cyber defenses. In order for such an approach to be successful, a mentality of “information sharing” and an open door of communication must be developed.”
“Innovations in AI and automation promise to effectively address an ever-increasing volume of attacks. Seeing threat intelligence is one thing, but it’s a completely different ball game to be doing something about it. This is where more automated responses come into play. With AI coming and more advanced automation techniques, the majority of detection and remediation or prevention work will occur automatically.
“But, let's not get ahead of ourselves. The inevitable rush to market for some solutions means that some AI capabilities will miss the mark. Therefore, organisations that adopt AI solutions must ensure that they truly improve cyber resilience without presenting new cyber risks.
“Over the next year, a growing AI use case will be the use of AI synthetic media (i.e., deep fakes) and identity management. Governments will have the challenge of navigating the tricky space between the problematic use case of biometric technology and synthetic media, while businesses will have to understand how to manage the risks with identity and access management.”
“With the growing number of regulatory disclosures for cyber risk management practices and incidents, the emergence of GenAI as a potent tool for cyber attacks, more ransomware hijacks, and the lack of common lexicon around cyber risk, businesses are truly going to have to spend more time than ever determining their risk profile, and subsequently thinking about the tools and services that they will need to address the risks.
“This means that more leaders will be deciding between whether to deal with compliance risk mitigation and/or creating agile cyber risk management strategies. The leaders that understand this moment as a rallying call to uplevel the conversation about systemic risks will set their business up for success by not getting sidetracked by playing compliance whack-a-mole, but by investing in a strategic vision for dealing with cyber business risks. Those businesses will also be able to withstand the scrutiny related to more global requirements for disclosure of both cyber risk management and cyber incident response and procedures. More disclosure may not necessarily lead to clarity in the short term on what are best practices, but over the long term we will see more consolidation on best practices on cyber disclosures and risk management practices.
“At the same time, governments will also be struggling to find the right balance on how to incentivise risk management rather than compliance risk mitigation whack-a-mole if they continue to introduce regulations that are not driven by harmonisation around best practices and product security instead of first to market on regulations.
“Here's the catch: as regulations become more comprehensive, they may inadvertently nudge the industry towards a more consolidated structure - a double edged sword.”
“It seems like every CISO has spent 2023 getting up to speed on AI. Certainly AI will play an important role in 2024, both in the opportunities it presents to defenders as well as the security challenges it brings.
“From a cybersecurity standpoint, however, it’s still important to keep your business focused on the basics such as correctly implemented multi-factor authentication (MFA). That’s because in 2024, a business is significantly more likely to be breached due to weak MFA than it is by an advanced-AI cyber attack.
“Our 2023 Mid-Year Threat Report found that 40% of incidents in the first half of the year stemmed from non-existent or poorly enforced MFA. Our message is simple: implement MFA now, particularly for VPNs and virtual desktop infrastructure. It’s the best and most important accomplishment you can make if you haven’t yet done so.”
“Without a doubt, 2023 was the year of file transfer vulnerabilities, with MOVEit Transfer dominating headlines. However, we expect 2024 to be slightly different based on our experience with these vendors’ response processes.
“The file transfer software providers Rapid7 researchers disclosed vulnerabilities to were extremely responsive, fixing vulnerabilities in half the time it usually takes and proactively looking at ways to mature their vulnerability disclosure programs.
In fact, some of these organisations now have more established patch cycles and vulnerability disclosure mechanisms in place (hooray!), as well as security programs implemented where products are reviewed more frequently. These proactive cycles should result in more mature, security-bolstering software development practices — at least for these solution providers and those who have learned from them — in 2024.”
Using data for security analysis
“Lots of data does not equal effective security analysis. We all get fatigued and miss things when we feel overwhelmed and overstretched. And well, the same happens to security teams when they are just given enormous amounts of raw data. Context is everything! It’s the missing piece of the puzzle to improving security posture and the effectiveness of solutions.
“Spending more money or gathering more data is not going to improve your cybersecurity posture, but understanding data and, more importantly, what kind of data is needed to make better decisions will. Less is more is our credo for 2024. For example, take time to understand what data you are already collecting from a log perspective. Understand what type of data is inside those logs and how that data might indicate a possible attack technique. If you have only partially the right information, what type of data would you need to enrich that for enough context to decide or prioritise events?”
Cyber Magazine is a BizClik brand