The Cybersecurity Horizon: AI, Resilience and Collaboration in 2024 – Source: securityboulevard.com

In the ever-evolving landscape of cybersecurity, securing your company’s operations and safeguarding customer experiences is an intricate and crucial challenge, particularly for large organizations operating at the edge. As we peer into the future, it is imperative to acknowledge the profound impact that artificial intelligence (AI) is having on the cybersecurity arena. This article delves into the predictions for 2024, categorizing them into three pivotal aspects: People, the processes they employ and the technology they deploy, with a specific emphasis on the transformative role of AI.

People

There is still a talent crisis, and while machine learning (ML) and generative AI/large language models (LLMs) will provide some relief, overall, AI will not solve the problem. It will be extremely difficult to find and retain the talent we need and expand the team’s skill set into new areas like securing data science. This will lead to partnering with vendors for on-demand staffing or managed services for non-essential functions.

Cybersecurity personnel need to partner closely with fraud teams to develop an integrated approach to stopping attacks at the edge that come from generative AI/LLMs and deepfakes being used by threat actors to enhance targeted social engineering. The ability to develop better spear phishing and mimic voice calls will be powerful tools for cybercriminals, and this will require collaboration between teams.  

Stress will continue to escalate, impacting the quality of work and staff attrition. As our business models continue to transform, driving more complexity into our IT environments, it is becoming impossible for current staff to maintain systems at optimal configurations and achieve situational awareness. This will drive more vendor consolation and move to select vendors that can provide staffing support as needed.

Processes

NIST 2.0 is adding a new category to its incident response framework for governance, which will drive a new focus in cybersecurity programs. Many regulators leverage NIST for audits, and we can expect to see a new focus on policies and processes, more requests for governance artifacts and expectations for strong documentation.

Industry best practices like OWASP and MITRE ATT&CK should be tracked – the speed at which OWASP has published a “Top 10 for Large Language Model (LLM) Artificial Intelligence (AI) Threats” makes them a great capability to leverage. These resources are becoming much more agile, and guidelines for a much broader set of issues are being produced promptly. Practitioners need to tie into updates or check regularly.

More countries will adopt regulations around resiliency based on the recent EU Digital Operational Resilience Act (DORA) law. This is being driven by the new records being set by distributed denial-of-service (DDoS) attacks and the continued rise in ransomware attacks.

Technology

It is hard to predict the future, but we can say that DDoS and API attacks will dominate in 2024. The continued effort to build larger botnet armies and develop new techniques, combined with the influence of nation-states, will cause DDoS to grow. That combined with the evolution of ransomware will be the genesis for legislation around resiliency. Companies’ edge will be under strong attacks and monitoring and dynamic mitigation, and resiliency will need to be enhanced.

Transformation continues to be the driving force for the implementation of APIs. This rapid growth will traditionally lead to vulnerabilities, shadow/zombie APIs and undetected abuse. We expect to see non-stop growth in attacks on web apps and APIs coming from both standard attacks like LFI and zero-day exploits. Mitigation will drive the need for tools that will detect lateral movement and rogue infrastructure and then dynamically mitigate impacts.

Expect to see more CISOs shift the budget to monitoring internal lateral movement (east/west) and achieve situational awareness to minimize threat actor dwell time. With initial access brokers becoming bigger businesses, the need to start to reduce multiple tools in one area of the MITRE ATT&CK attack flow and more evenly distribute tools across every step will lead to a shift in focus to minimizing attacks through rapid detection.

The work of simplifying complex and dynamic environments while upholding a high level of security is the reality of 2024 and beyond. By examining the facets of people, processes and technology, we adopt a multifaceted approach, leaving no stone unturned in the face of modern cybersecurity threats. The landscape demands a proactive stance, continuous adaptation and collaborative efforts to ensure a secure future for businesses and their stakeholders.