LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

By Byron V. Acohido

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up, just as they have, year-to-year, for the past 20 years.

Related: LW year-end roundtable part 2 and part 3

With that in mind, Last Watchdog invited the cybersecurity experts we’ve worked with this past year for their perspectives on  two questions that all company leaders should have top of mind:

•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

•What should I be most concerned about – and focus on – in 2024?

The comments we received were uniformly insightful and helpful. Here is part one of three groupings. Parts two and three to follow on Thursday and Friday.

Eyal Benishti, CEO, IRONSCALES

Benishti

Generative AI (GenAI) reshaped cybersecurity in 2023. Hackers now leverage GenAI to launch targeted attacks that bypass traditional security systems.

In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. At the same time, we’ll see cybercriminals pivot to the use of QR codes and images to sidestep natural language processing (NLP) defenses. Organizations should likewise leverage GenAI to better detect AI-enhanced threats and counter the attack volumes that we expect to see in 2024.

Adam Burris, Senior Director of Threat Detection and Response, Gurucul

Burris

Recent research shows that more than half of organizations have experienced an insider threat in the past year and 68percent are “very concerned” about insider threats as they return to the office or move to hybrid work.

In 2024, public infrastructure around the world will be increasingly targeted by nation-state actors involved in geopolitical conflicts. This means security vendors should create multi-tenant solutions that integrate easily with other security vendors’ products and cover both cloud and on-premise environments with flexible licensing and billing models and dedicated programs.

Avkash Kathiriya, Sr. VP Research and Innovation, Cyware

Kathiriya

The pace of change is accelerating faster than at any time in recent years. Traditional SIEMs are losing ground to newer platforms optimized for handling large volumes of fast-moving security data and providing greater agility, scalability and real-time threat analytics.

Expect further consolidation between security solutions like SIEM, SOAR and data lakes. Integration will also increase between security tools and IT systems to enable smarter orchestration; most important of all, organizations will harness AI to stay ahead of increasingly sophisticated AI-driven attacks.

Raffaele Mauton, CEO, Judy Security

Mautone

A main takeaway from 2023 is the importance of staying vigilant and adaptable. Ongoing education and skill development requires educating teams and ensuring employees become proactive contributors to organizational defense.

Moving ahead, it’s crucial for SMBs, municipalities and healthcare institutions to prioritize. Focus on implementing robust backup and disaster recovery plans, user training, and the sharing of threat intelligence. Stay informed about AI developments and explore how your business can benefit from advancements in the public sector – and be mindful of the consumerization of AI-enabled fraud.

Camellia Chan, Co-Founder and CEO, Flexxon

Chan

In a single month, major breaches hit MGM, DP World Australia, Philippine Health Insurance – just to name a few. The common thread: the exploitation of human error, coupled with the failure of cybersecurity systems that use reactive processes and rely on individuals acting as the gatekeepers. This is folly. We must move towards proactive measures; this is essential across the entire IT infrastructure. Proactive, intuitive and autonomous cybersecurity protection across all seven layers,  from the physical to application layer,  is essential. Businesses can no longer afford to leave any layer unprotected.

John Benkert, CEO, Cigent Technologies

Benkert

A crucial takeaway from 2023 is the recognition that traditional cybersecurity strategies are no longer sufficient, necessitating a shift from reactive to proactive security measures . . . The “trust but verify” approach is no longer viable in a landscape where threats can originate from anywhere. Implementing a Zero Trust architecture involves verifying every attempt to access the system. Regular security audits, staying abreast of the latest cyber threats, and investing in continuous improvements to your cybersecurity infrastructure are vital. It’s also crucial to have an effective incident response plan in place.

David Ratner, CEO at HYAS

Ratner

Gone are the days where anyone should feel confident  they can keep bad actors out. Supply-chain attacks, new zero-day attacks, insider risk and improved phishing leads to an onslaught of breaches. IT leadership should be shifting to operational resiliency. Just because a bad actor breaches the network doesn’t mean that the attack needs to result in damage or stolen data. It’s critical to ensure that breaches can be stopped before they expand through the organization and cause financial, reputational, and other damage.

Sameer Malhotra, CEO,  TrueFort:

Malhotra

Software supply chain attacks will continue to place more responsibility and accountability on DevSecOps teams. DevOps and DevSecOps staff will need to place greater emphasis on monitoring third-party libraries and tools used in software development for security vulnerabilities. Since third party software is often used in trusted applications, many of which have administrator or elevated privileges, organizations should also implement microsegmentation to contain the spread and blast radius of attacks.

John Gunn, CEO, Token

Gunn

The carnage from 2023 reveals that legacy mutifactor authentication was the most frequent point of failure. The majority of ransomware attacks gained initial access by defeating legacy MFA.

In 2024, generative AI will usher in a new era in the frequency and sophistication of attacks on MFA, which is already the weakest link in most organizations’ cyber defenses. Phishing attacks driven by ChatGPT will be harder than ever to detect. The worst is yet to come and current methods of securing user logins will no longer be sufficient.

Dick O’Brien, Principal Intelligence Analyst, Symantec Threat Hunters

O’Brien

The Snakefly cybercrime group (aka Clop) advanced extortion attacks in 2023 with their exploitation of the MOVEit Transfer vulnerability. By hitting all of their targets at once, the attackers left little room for the victims to fashion effective defenses.

Look for attackers in general to lean into “tool free” attacks, in which they obtain legitimate access, then abuse the trust granted to authenticated users. They’ll make adept use of social engineering, leverage insider knowledge of systems and workflows and exploit weak cloud configurations and porly implemented multi-factor authentication.

Antonio Sanchez, Principal Cybersecurity Evangelist, Fortra

Sanchez

ChatGPT can now create perfectly crafted phishing emails in just about any language. Meanwhile, short-staffed security teams are working longer hours than ever, which can only  lead to higher burnout rates. To protect their brand, organizations in 2024 will need a layered protection strategy which includes effective security controls and timely threat intelligence. And they’ll have to re-define requirements and widen the net slightly to fill security roles. Managed security services can provide a backstop while in-house teams uplevel their skills.

Mike Kosak, Intelligence Analyst, LastPass.

Kosak

Major technology companies are integrating AI into their security tools to help shorten response times, improve anomaly detection, and automate responses. Concurrently, threat actors are leveraging AI to advance malware development, improve obfuscation, and generate more convincing phishing emails. We can expect both trends to continue and accelerate with some foreseeable consequences, like improved cyber defenses and lowered tech barrier of entry for threat actors — and some not so foreseeable. Regardless, AI will be a major factor in the 2024 cyber threat environment, for better and for worse.

Marco Estrela, Director of Cybersecurity Solutions, Virtual Guardian

Daily cyberattacks in the forms of ransomware, email compromise and social engineering plague our lives with little relief in sight. I really feel as though the bad guys have the upper hand. For 2024, it will take a village! Or rather, an organization! Businesses can’t count on their IT team to save the day. A shift towards a holistic, more collaborative effort, must be taken. Invest in threat intelligence, keep your teams trained up, opt for a defense in layers, and be as flexible as possible.

Anurag Gurtu, CPO, StrikeReady

Gurtu

In 2023, even the most fortified bastions falling victim to the relentless innovation of cyber adversaries. The next focal point for cybersecurity prioritization should be the proactive integration of AI-driven predictive analytics. With adversaries leveraging AI for sophisticated attacks, our defense systems must be equally equipped with advanced algorithms that not only detect but predict and neutralize threats preemptively. 2024 should see us doubling down on creating AI that enhances security while upholding the highest standards of privacy and ethical considerations

Vince Arneja, Chief Product Officer, CodeSecure

Arneja

Organizations will see an increase in demand for visibility into the software supply chain. This transparency can foster trust with stakeholders and end-users, as businesses can vouch for the security of every software component in their products. This will require the widespread adoption of Software Bills of Material (SBOM) and the ability to generate them. SBOMs provide a clear audit trail of software components, ensuring traceability. If vulnerabilities are discovered, organizations  can quickly identify affected products, leading to rapid responses and solutions, thereby reducing potential damages.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)

 

 

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone