Despite the evolving cybersecurity landscape, one thing remains clear in 2024: having a comprehensive cybersecurity strategy plan that aligns with company objectives and regulatory compliance is crucial for businesses to safeguard against cyber threats. It is important to keep in mind that staying current with cybersecurity requires both attention to detail and a big-picture perspective. While regulatory compliance and geopolitical forces can provide valuable guidance for cybersecurity planning, it is ultimately the company's objectives that should serve as the driving force. In this blog post, we’ll explore some suggestions to enhance your cybersecurity strategy in 2024.
The rise of Ransomware 2.0: double extortion and data theft
Ransomware 2.0 goes beyond data encryption, introducing a new level of complexity. Unlike traditional ransomware that solely encrypts data, Ransomware 2.0 takes it a step further by stealing the victim’s data before encrypting it. This malicious technique grants attackers leverage, even if the victim decides not to pay the ransom. In such cases, the attackers have the option to either leak the stolen data to competitors or publicly disclose sensitive personal information.
This double extortion method amplifies the damage caused by ransomware attacks, as victims not only face the risk of data loss but also the potential reputational harm resulting from a data breach. One notable case of Ransomware 2.0 is the attack on the Colonial Pipeline in May 2021. The cybercriminals behind the attack not only encrypted the company’s data but also stole a significant amount of data before initiating the ransom demand. This incident led to disruptions in fuel supplies and highlighted the severity of the double extortion technique.
Furthermore, critical systems such as industrial technology, transportation and safety systems are likely to be increasingly targeted by ransomware attacks.
The expanding attack surface: amplified devices, amplified vulnerabilities
With the exponential growth of connected devices like smartphones, smart home gadgets, and Internet of Things (IoT) devices, the attack surface has significantly broadened. These devices, if left unsecured, can become easy targets for cyberattacks, enabling attackers to breach other network components. Organizations must proactively fortify their intricate and interconnected IT environments. This involves promptly patching vulnerabilities, implementing robust authentication measures and segregating networks to contain the propagation of malware.
The Mirai botnet attack in 2016 is a prime example of how vulnerable IoT devices can be exploited. The attack compromised thousands of IoT devices, such as cameras and routers, and used them to launch large-scale Distributed Denial-of-Service (DDoS) attacks. This case emphasizes the importance of securing all connected devices to prevent them from becoming entry points for cyberattacks.
Zero trust security: breaking down trust barriers
Zero trust security, a proactive security model, operates on the premise that no entity, including those within the network, is inherently trustworthy. Under this model, every user and device must undergo authentication and authorization processes before gaining access to resources. As organizations transition to the cloud and embrace hybrid work models, zero trust is gaining heightened importance. This is due to the decreasing effectiveness of traditional security models like firewalls in such dynamic environments.
Google’s implementation of zero trust security architecture is a well-known example. Google adopted a model where every user and device, whether inside or outside the network, must authenticate and authorize before accessing resources. This approach ensures that trust is not automatically granted and enhances security by verifying identities and enforcing access controls.
Embracing a passwordless future: mitigating the security risks
Recognizing the inherent vulnerabilities of passwords, the widespread adoption of passwordless authentication is gaining momentum. In 2024, I anticipate a sustained movement away from traditional passwords, driven by the imperative for enhanced security. This shift entails the adoption of more robust authentication methods, including biometric authentication leveraging unique biological traits and one-time passcodes for added security. Biometric authentication is a type of authentication that uses an individual’s unique biological traits, such as fingerprints, facial recognition, iris scans, and voice recognition, to verify their identity. Biometric authentication is considered more secure than traditional passwords because it is harder to forge and replicate. Additionally, biometric authentication offers greater convenience, as users do not need to memorize passwords or carry physical tokens with them.
One-time passcodes (OTPs) are temporary codes generated by a device or a system, usually sent to a user’s mobile phone or email, which must be entered to complete a login process. Unlike traditional passwords, OTPs are valid for a single use and are generated randomly, making them much harder to predict or steal. OTPs are a popular form of two-factor authentication (2FA) and are often used alongside traditional passwords to improve security.
AI’s dual role in cybersecurity: enhancing defense and offense
The use of artificial intelligence (AI) is revolutionizing the cybersecurity landscape, with its potential to develop advanced defense mechanisms, including threat detection systems with the capability to analyze massive datasets to identify potential attacks. However, AI is also being harnessed to develop more sophisticated cyberattacks. Cybercriminals are leveraging AI to automate various tasks, including detecting vulnerabilities in software, launching phishing attacks and evading traditional security measures.
While it is acknowledged that generative AI holds potential for enhancing and automating social engineering tactics, the reality is that instances of AI-powered social engineering are currently rare or non-existent. Notably, the 2023 Verizon Data Breach and Investigations Report (DBIR) did not report any cases of AI involvement in social engineering attacks. This is expected to persist in 2024 due to the effectiveness of traditional social engineering techniques that yield successful results, countering the need to invest in more sophisticated methods.
To the greater “cyber” good: stronger collaboration between public, private and educational entities
This collaborative approach will not only enhance the baseline of cybersecurity maturity but also bring fresh perspectives and innovative solutions to the table. Additionally, it will help address concerns related to the shortage of skilled cyber professionals. Local governments can take on the role of brokering and administering centralized cyber services/solutions for other levels of government. This approach will alleviate the burden on those who are “cyber underserved” and allow for economies of scale that would otherwise be unattainable. As collaboration increases and tangible benefits are realized, trust among the various entities involved will continue to grow.
Another nuance here is the use of AI for workforce development globally can offer a path to sustainable cybersecurity programs, making it a valuable investment for the future. Traditional automation tools like Security Orchestration, Automation and Response (SOAR) can help to an extent, but AI tools offer additional force-multiplying capabilities that can actively manage SOAR. As these tools learn and improve in a specific environment, they can take on more of the daily tasks, freeing up limited human resources for things that require independent thought. This is especially important for blue team tasks like vulnerability management, incident response and network defense. By improving the power of AI tools, not only can cybersecurity professionals benefit, but IT operations professionals can also take on more cyber functions, especially in organizations that cannot afford dedicated cybersecurity staff.
Geopolitical conflicts: a catalyst for cybersecurity impact
Just as geopolitical forces shape global economies, they can also exert influence on cybersecurity. The ongoing conflict between Israel and Hamas, for instance, could disrupt the cybersecurity supply chain, as Israel is a prominent hub of cybersecurity innovation. Meanwhile, the Ukraine-Russia conflict is also significant in its impact on global cybersecurity. Once resolved, organizations may see a resurgence in attacks from nation-state threat actors from this region. These actors are known to employ more sophisticated attack techniques, owing to their abundance of resources. While it is impossible to predict the outcome of these conflicts, their unfolding and resolution will have far-reaching consequences on cybersecurity worldwide, not just in 2024, but for years to come.
The compliance landscape
As Sandra Uwadede, CISM, CISA, Security Professional at Bank of Kigali, observes, “Within the cybersecurity domain, it becomes paramount for organizations to uphold recognized standards that bolster not only information security but also ensure the continuity of business operations. ISO 27001, a globally recognized standard, delves into information security management with a focus on risk. Organizations certified under ISO 27001 find themselves embracing a continuous risk assessment mindset, a crucial aspect in today’s dynamic threat landscape. In a nuanced approach, integrating ISO 31000 principles for risk management aligns practices with broader organizational risk strategies.
On top of business continuity, ISO 22301:2019 provides a robust framework for establishing, implementing, and continually improving a business continuity management system. What makes it noteworthy is its applicability across organizations of any size, industry, or sector. Moreover, it seamlessly aligns with other management system standards such as ISO 9001 and ISO/IEC 27001, allowing for effortless integration into existing management systems.
Considering regional nuances, the German-developed BSI IT-Grundschutz, while primarily used in German-speaking regions, offers principles adaptable on a global scale. Its regular updates ensure alignment with evolving cyber threats, making it a versatile choice. When coupled with industry-specific standards, IT-Grundschutz becomes a cornerstone in creating a tailored security framework that effectively addresses unique organizational risks.”
The US Securities and Exchange Commission (SEC) cybersecurity rule that will go into effect in Q4 of 2024 has started to significantly reshape the cybersecurity landscape, particularly for public companies and investment firms. This rule mandates enhanced cybersecurity disclosures, aiming to provide investors with better insights into how companies manage cyber risks. One of the most notable impacts has been the increased transparency in cybersecurity practices. Companies are now required to report cybersecurity incidents within a specific timeframe (four days), offering a more immediate understanding of the frequency, magnitude and impact of cyber threats. This shift has led to a greater emphasis on proactive cyber risk management, as companies strive to avoid the reputational damage associated with public disclosure of security breaches.
“The rule has significant impact on 2024 cybersecurity landscape, as it will push organizations towards a surge in investments in cybersecurity infrastructure and expertise,” says Iskandar Islamov, a cybersecurity director. “Companies, recognizing the increased regulatory expectations and investor scrutiny, have been incentivizing to bolster their cyber defenses. This includes the adoption of advanced security technologies, such as AI-driven threat detection systems, and an increased focus on employee training and awareness programs. Furthermore, the rule will spur the growth of the cybersecurity insurance market, as companies seek to mitigate financial risks associated with potential breaches. Overall, the SEC Cybersecurity Rule has not only raised the bar for corporate cybersecurity practices but also significantly contributed to the maturation and sophistication of the cybersecurity industry as a whole.”
PCI DSS 4.0 introduces 64 novel requirements mandating organizational compliance, signifying a departure from mere technical specifications toward a more comprehensive security perspective. The formulation of this new standard adopts a zero-trust approach, empowering organizations to enhance their authentication systems in alignment with stringent data protection requirements. While the preceding version, 3.2.1, will persist until 31 March 2024, it is imperative for organizations to initiate preparations for the adoption of the latest iteration. This proactive approach is crucial to mitigate potential security risks effectively. Ensuring compliance with PCI DSS 4.0 is not just a regulatory obligation but a strategic imperative in fortifying defenses against data breaches and upholding the security of credit card information.
Prioritize cybersecurity strategy
In the ever-evolving cybersecurity landscape of 2024, businesses must prioritize comprehensive cybersecurity strategy plans that align with company objectives and regulatory compliance. This blog post highlights key trends and challenges, including the rise of Ransomware 2.0 with double extortion and data theft, the expanding attack surface due to connected devices, the importance of adopting zero trust security measures, the shift toward passwordless authentication, the dual role of AI in enhancing defense and offense, the need for stronger collaboration between public, private, and educational entities, and the impact of geopolitical conflicts on cybersecurity. By understanding and addressing these issues, businesses can better safeguard against cyber threats and protect their valuable assets.
Author’s Note: Thank you Alex Islamov and Sandra Uwadede for their great contributions to this blog post.