As we wrap up another year, we look ahead now to 2024 and what experts say will be the most crucial areas of potential risk in the rapidly changing world of cybersecurity, where cyber threats continue to become more and more sophisticated.
A recent Cyber Threat Intelligence Index report cited on the Sentinel One blog reported that “threats like ransomware, data breaches, and software vulnerabilities” have had major impacts in cybersecurity this year. In addition, end user attacks have become more sophisticated by taking advantage of vulnerabilities within privileged computers, smartphones, and internet of things (IoT) devices. This expanded attack area also increases the potential efficacy of phishing scams, zero-day exploits, fileless malware, and Denial-of-Service (DoS) attacks. Major companies and critical infrastructure impacted by these include San Francisco’s Bay Area Rapid Transit (Vice Society), Reddit (BlackCat Ransomware), and the United States Marshals Service, among others.
One of the most egregious attacks – “Smooth Operator” - happened in March, when the infrastructure of the 3CX Private Automatic Branch Exchange (PABX) platform was compromised by actors affiliated with the regime in North Korea, inserting malicious code into endpoint clients, which were then downloaded as upgrades by unsuspecting users. This attack put the software development company’s 12 million daily users across multiple industries (manufacturing, hospitality, and others) at risk. Another May ransomware attack by CL0P targeted cloud storage services, impacting more than 2,000 organizations and compromising sensitive data of more than 62 million people.
As reported in Electric, the mass hack of file transfer tool, MOVEit, “impacted more than 200 organizations and up to 17.5 million individuals as of July 2023.” The Department of Energy, Department of Agriculture, the Department of Health and Human Services were affected, and “it’s believed the majority of schools across the U.S.” were also targeted by this sophisticated attack. The far-reaching event led to confirmed security breaches at Shell, Siemens Energy, Schneider Electric, First Merchants Bank, City National Bank, and other international targets. In this large scale attack, “hackers…gained access to hordes of sensitive data.” Facebook and T-Mobile were also high-profile companies that fell prey to cyberattacks.
All told, 2023 saw a dramatic rise in data breaches. Lewis Maddison, reporting for Tech Radar in August, writes that “Research from VPN provider Surfshark found that 110.8 million accounts around the world were breached in Q2 2023, as compared to 41.6 million in the first quarter of the year.” A blog on Parachute lists specific details about the scale of cyberattacks and the subsequent price to stop them across industries.
In light of what happened last year, what are the biggest anticipated threats for next year, and how can the cybersecurity industry prepare itself?
AI is all over the news as a potential disruptive force across industries and agencies, including entertainment, education, and government entities. Access to machine learning by malicious actors makes exploitation of vulnerabilities easier, particularly as organizations utilize cloud service, and develop a larger attack surface area which makes monitoring and the prediction of potential threats much more challenging. For example, an article in LinkedIn warns that AI can engage in “deepfake social engineering and adaptive malware” on a highly sophisticated level.
Zachy Hennessey, writing for The Jerusalem Post about the cybersecurity forecasts of the global cyber threat intelligence provider, Cybersixgill, predicts that “the evolution of artificial intelligence” will continue to trend. The proliferation and increasingly widespread use of AI also heightens concerns around data privacy. Some companies are developing protective policies, while also waiting for more regulatory legislation in the US and other countries. The misuse of AI, reports Hennessey, is of primary concern. AI can “automate large-scale cyberattacks, craft duplicitous phishing email campaigns, and develop malicious content with pinpoint accuracy.” In addition, the emerging trend of “shadow generative AI” would enable employees to use AI tools without organizational approval, increasing expanded attack surface areas, heightening vulnerabilities that may lead to data leaks and/or other compromises to security.
Although AI poses considerable threats, the solutions to the problems it creates are potentially found in the technology itself, as it is an adaptable and ever-evolving technology.
In its list of 10 biggest cybersecurity issues forecast for 2024, an article on LinkedIn predicts that “the persistent shortage of cybersecurity professionals is a pressing concern for 2024.” This is an issue we’ve covered in previous newsletters, including the need for training programs, skill development and professional retention. The article goes on to say that “the majority of cyber specialists think the skills gap has gotten worse.”
An article in Electric reports that both large and small companies are experiencing alarming upticks in cybersecurity breaches. With businesses of all sizes increasingly vulnerable to attacks, the need for trained and motivated cybersecurity professionals has never been greater.
In addition, the increased connectivity of devices continues to open up vulnerabilities for cyber attackers. Remote work, even in the wake of the COVID-19 pandemic, continues, and so too does the security risk related to improperly monitored devices and their broad connectivity capabilities. Security standards will need to be tightened, but employees will need to be educated and trained as well.
Sentinel One reports that the instability in the geopolitical landscape due to war, conflict, and other factors involving nation states leaves room for cyber criminals to slip in, disrupting critical infrastructure and risking the security of sensitive data. Cyber risks can have devastating impacts on economic stability and national security, a reality about which governments and corporations are becoming increasingly aware. LinkedIn reminds readers of the “ongoing cyber warfare in Ukraine” as proof of the willingness of nation states in conflict to “deploy cyberattacks,” with “phishing and distributed denial-of-service attacks as common tactics,” particularly during elections in the US, the UK, and India.
Cybersixgill’s fifth prediction for cybersecurity trends in 2024 suggests that as “geopolitical tensions and other issues come to the forefront, the motivations of threat actors are expected to broaden to target entities beyond financial gain,” anticipating “an uptick in attacks targeting entities without profit centers, such as schools, hospitals, public utilities, and other essential services.” This has also led to a “growing trend” of cybercriminals-for-hire; criminals who offer ransomware and malware services. Cybercriminal “gangs” are also able to franchise their hacking technology, leading to more extortion and more money pulled from businesses being blackmailed. Forbes reports that “cyber-crime is growing exponentially.” In fact, as cited by Cybersecurity Ventures in the same article, “the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025.
Just as the concept of resilience has become a common way to frame problems faced by communities, families, and even individuals, it has now been adopted by the cybersecurity field. This is a phrase that will appear many times, as cyber threats in 2024 will undoubtedly become more advanced, and the threats that emerge will evolve quickly and require fast-moving solutions. Cybersecurity seeks to protect systems from a catastrophic breach, while cyber resilience helps those who have been victimized to bounce back more quickly and salvage as much crucial data as possible. Just as technology connects us, cybersecurity too is now seen by many as an interconnected enterprise, with communication and problem solving needed between the government and the private sector. We’ve mentioned in prior newsletters that the government and the private sector seem to be moving in this direction, prodded by a more comprehensive framework of regulation, and this should help as a key component in building resilience to face the threats of potential attacks. As stated in Techbullion, “Collaborative efforts and information sharing among business, government agencies, and cybersecurity experts are crucial for developing effective defense strategies.” Private companies and government agencies “must work hand in hand to establish robust regulatory frameworks, share threat intelligence, and foster an environment where the collective knowledge and resources can be leveraged for the greater good of cybersecurity.”
The persistent shortage of cybersecurity professionals is a pressing concern for 2024. As reported in several articles in this story, most cyber specialists think the skills gap has gotten worse recently. According to some reports, there are as many as 600,000 unfilled cybersecurity jobs in the U.S., and about 3.5 million open roles globally. It’s not just the open jobs, it’s also the need to upskill the current workforce and make sure they are really prepared for new strikes, new actors, and the advent of AI as one example of new threats impacting the industry.
It’s clear from this report and others that there are two major concerns in the cybersecurity industry – lack of workers and the need to upskill existing workers. Fortunately, CYRIN can help on both fronts. For the education market, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce.
For industry we continue to work with our partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face.
Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.
In an increasingly digitized world, training, and experiential training is critical. Unless you get the “hands-on” feel for the tools and attacks and train on incident response in real world scenarios, you just won’t be prepared for when the inevitable happens. A full-blown cyberattack is not something you can prepare for after it hits. The best time to plan and prepare is before the attack.
Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!