Ron Reiter, former member of IDF’s Unit 8200 and current CTO & co-founder of Sentra, Ev Kontsevoy, CEO & Co-Founder at Teleport, Thomas Kinsella, Co-Founder & Chief Customer Officer at Tines, Eoin Hinchy, co-founder and CEO at Tines, and Josh Lefkowitz, CEO and co-founder of Flashpoint wanted to pass along the following predictions for 2024.
Ron Reiter, Sentra:
Despite international ransom payments will remain a business decision
In November 2023, all 50 members of the International Ransomware Initiative endorsed a policy that “relevant institutions under national government authority should not pay ransomware extortion demands.” Unfortunately, this latest declaration will have little to no impact on the payment of ransoms, especially for the private sector, or state and local governments. While these types of statements are made with the best intentions, they will not change the actions of malicious actors or how affected parties respond to them. In 2024 and for the foreseeable future, ransomware payments will be viewed as a business decision. It will be up to organizations and governments to analyze the outcomes and impact of paying or not paying a ransom.
As the stakes get higher, CISOs cannot ‘quiet quit’
In the wake of the charges against SolarWinds, and reassessment of the Uber CISOs conviction, security leaders are facing much higher stakes for their mistakes; it is no longer just a CISO’s job on the line – it’s their personal liberties too. While it is naive to place all of the blame on security leads following a breach, the SEC’s decision serves as a wakeup call for restructuring the CISO job description.
CISOs can no longer be passive. They must pay attention to whether they have the proper cybersecurity budget, headcount, tooling and what their tech stack looks like. If the stated material truth of their cybersecurity posture is lacking, they either have to be brutally honest or face the consequences. They also have to cut through the noise and demand the ear of the CEO when reporting risk. By becoming the company advocate for incident response, CISOs can more accurately estimate risk and utilize their budgets to better protect their companies.By taking on these actions, added layers of reporting and responsibility will ensure that companies are up to the new security standards and that the CISO is not shouldering all the risk alone.
There will be a shift towards governance as the key focus for data security decision-making in 2024
The movement of enormous amounts of data in the cloud presents a new and challenging dynamic for teams trying to manage complex compliance requirements across different regulatory frameworks. Along with stricter data protection laws and growing concerns about privacy, organizations must adopt holistic compliance strategies in 2024 to align with these evolving requirements.
Gartner analysts estimate that through 2025, 80% of organizations seeking to scale digital business will fail because they do not take a modern approach to data governance. Governance will be at the forefront of business priorities in 2024 as organizations are facing more risks of financial loss and reputational harm as a result of poor governance practices. Business leaders must bring compliance and legal to the security decision-makers table to ensure adherence to global regulations like GDPR and CCPA, as well as enforce the significant change in behavior security teams will have to make to achieve an effective approach to data governance.
Ev Kontsevoy, Teleport:
Engineering and security teams will partner to protect infrastructure from growing identity attacks
Historically, companies’ approach to security was very IT-centric with dedicated security teams – like those responsible for network security – working to ensure the organization was secure. However, with the dissolution of the corporate perimeter, the increasing complexity of cloud computing, and a cybersecurity talent shortage, the role of security teams will change. In 2024, with identity attacks on the rise, we’ll see the role of security teams shifting to those of consultants and auditors, with engineering teams responsible for choosing vendors and implementing security protocols. Cybersecurity teams will be responsible for policy and ensuring that workflows and systems meet security requirements.
Increasing frequency and cost of breaches as a result of human error will force organizations to adopt secretless access
2023 was a year defined by human error in costly security breaches – according to Verizon’s 2023 Data Breach Investigations Report, the human element features in 74% of all breaches. Mistakes such as privilege misuse, accidental data exposure, and falling victim to social engineering attacks stem from various human factors, and the critical consequences of the compromise of secrets. This has resulted in organizations embracing biometric hardware and identity verification, but attackers are no longer solely fixated on stealing passwords. They are actively seeking a range of secrets embedded within an organization’s infrastructure, including browser cookies, private keys, API keys and session tokens. To keep up with the pace of threats, organizations will recognize they must move to fully secretless authentication in 2024 to secure the wider spectrum of sensitive access points still vulnerable to threats. As organizations look to eliminate their reliance on static secrets altogether, widespread adoption of secretless access in the coming year will create immunity to human error and significantly hamper how threat actors operate.
We will see more M&A activity that consolidates tool sprawl
The uptick in M&A activity within the cyber sector in 2023 (Palo Alto Networks acquiring Dig Security and Talon, Crowdstrike buying Bionic, Thoma Bravo’s merger of Forgerock and Ping Identity, etc.) is a compelling trend that will continue into 2024. This surge, although driven by the down market, addresses the fragmentation of cybersecurity solutions. Managing all of these tools, and overseeing the sheer volume of software can be extremely overwhelming for today’s CISO. This complexity can lead to significant error, overlapping functions, integration issues and increased operational overhead. To address these pressing needs for customers to eliminate these challenges, we’ll see more vendors in 2024 make strategic M&A moves to broaden their platforms.
The industry will see more regulatory pressure
So much of the world is now controlled by or through software. As a result, world-renowned cryptographic experts like Bruce Schneier have advocated for increased regulation, even going as far as to say we need to start regulating software the same way we do air space. While there is no silver bullet, and I don’t recommend we regulate all software like this, there are certainly critical software systems comparable to airplanes in terms of potential damage. It’s no coincidence that Gartner predicts that 45% of CISOs will expand their remit beyond cybersecurity, due to increasing regulatory pressure and attack surface expansion. Expect this trend to begin in the new year and quickly snowball over the next five years.
Thomas Kinsella, Tines:
The SolarWinds charges will raise the stakes for CISOs
Salaries, performance bonuses, and professional reputations are no longer the only things at stake for CISOs. Now, as they plan for 2024 in the wake of charges against the SolarWinds CISO, security leaders know their personal liberty is potentially on the line. It’s difficult to make CISOs responsible when so many things are outside their control. However, regulators are making clear that — much like CFOs must fairly present their company’s financial position — CISOs are accountable for stating the material truth of their cybersecurity posture. The Uber CISOs conviction already showed leaders must be transparent about breaches. Now, the same applies to policies. If they claim to have access restrictions and a secure software development lifecycle, they better actually have them. The SEC’s decision will raise standards across the industry as companies invest in new tools and take a closer look at their existing tech stack. Expect security leaders to leverage automation in order to achieve those elevated standards, maximize their budget and team, and deal with the deluge of alerts new tools provide.
CISOs will demand additional budget — and the ear of the CEO
The SEC charges against the SolarWInds CISO will have sweeping ramifications for the role. CISOs, knowing they might have to ‘take the fall’ for security failings, will demand a robust cybersecurity budget, headcount, and tooling — or find a company willing to provide them. Security leaders are also going to become louder voices in the C-suite. CISOs will bring more issues to the attention of the board or risk committee, forcing the entire company to accept the risk rather than shouldering it alone. Expect more cybersecurity issues to escalate to a boardroom issue. The chain of command may also shift as CISOs who currently report to a CIO or CTO look for a direct line to the CEO. These added layers of reporting and responsibility may initially slow the pace of innovation as companies catch up to the new security standard.
The cybersecurity industry will consolidate
VC funding in cybersecurity is still available. Activity is down from its 2021 record highs but investors are keeping faith in the sector as spending on security — and the share of technology budgets allocated to security — continues to grow. However, security has not been immune to the economic pressures causing other VC-backed companies to lay off employees, raise down rounds, or go bust entirely. Some security startups achieved unicorn status with seven-figure or low eight-figure revenue. Others had strong products but lacked a clear way to monetize or grew too fast. That’s not sustainable. In 2024, we’ll see companies snapped up by partners or competitors in a wave of consolidation. The companies that survive — and thrive — will have strong growth metrics, an efficient business model, and the massive potential VC firms crave.
Eoin Hinchy, Tines:
For attackers, AI is a trusty sidekick. For defenders, it’s a game-changer.
For all the FUD (fear, uncertainty, and doubt) about an AI arms race between attackers and defenders in cybersecurity, AI is proving to be far more of an asset for security teams than hackers. Generative AI is helping bad actors write malware and phishing emails, but there was no shortage of malware before AI and people were already happy to click on phishing attempts. For defenders, on the other hand, AI has been a game changer. The powerful technology is tailor-made for solving security team’s most-pressing challenges: too much data, too many tedious tasks, and not enough time, budget, or people. AI is democratizing cyber defense by quickly summarizing vast swaths of data, normalizing query languages across different tools, and removing the need for security practitioners to be coding experts. In 2024, we’ll see AI’s impact in automation as defenders use AI to make incident response more efficient. AI is a once-in-a-decade leap forward, and it’s carrying cyber defenders farther than hackers.
Natural language will pave the way for the next evolution of no-code.
Automation is only effective when implemented by teams on the frontline. Five years ago, the best way to place powerful automation in the hands of non-technical teams was via low- or no-code interfaces. Now, with AI chatbots that let people use natural language, every single team member — from sales to security — is technical enough to put automation to work solving their own unique problems. The breakthrough in AI was the new ability to iterate in natural language, simply asking an LLM to do something a bit differently, then slightly differently again. Generative AI and LLMs are obliterating barriers to entry, like no-code tools once did for the need to know how to code, and no-code will be the next barrier to fall. We’ve already moved from programming languages like Python to Microsoft Excel or drag-and-drop interfaces. Next year, we will see more and more AI chat functions replace no-code interfaces. We can expect non-technical teams throughout organizations embracing automation in ways they never thought possible. Natural language is the future on the frontline.
Josh Lefkowitz, Flashpoint:
Utilization of AI in Enhancing Business Operations and Cybersecurity
Expect AI’s role in business operations and cybersecurity to expand, offering both efficiencies—and new vulnerabilities—that will require strategic oversight and management.
AI-Driven Cyber Threats Increasingly Targeting Business Operations
On a related note, expect to see a rise in AI-enabled cyber attacks, with sophisticated tactics that could directly affect business operations, customer data security, and potentially exploit AI-driven business processes. (I outlined this double-edged sword here.)
Social Engineering Attacks Becoming More Sophisticated and Targeted
Be prepared for an increase in sophisticated social engineering attacks, potentially leveraging AI technologies, which could target high-level executives and critical business units.
Insider Threats Becoming More Complex and Frequent
Anticipate an increase in insider threat incidents, not just in frequency—but also in complexity. As insiders are increasingly being lured across various illicit online communities, visibility into these recruitment and advertising activities is essential. Insider threats could pose heightened risks to sensitive company data, intellectual property, and internal systems across various industries.
Supply Chain and Third-Party Vulnerabilities Impacting Business Continuity
Predict a continued rise in supply chain and third-party attacks, which could disrupt business operations, affect vendor relationships, and require more robust continuity and response strategies. The strategy of targeting third-party firms to gain access to larger networks, as demonstrated in attacks on companies like JumpCloud and Airbus, is anticipated to be a prevalent method among cyber threat actors.
Ransomware Continuing to Hammer Global Enterprises
In 2024, the continuation of ransomware attacks against major enterprises is expected. While this isn’t a groundbreaking assessment, it underscores the crucial need for proactive preparation and intelligence-driven strategies. Effective defense goes beyond acknowledging the threat—it demands a deep understanding of adversary tactics and robust measures to thwart initial access. Organizations should also focus on intensifying their preparedness, from employee awareness to advanced incident response planning, to ensure that ransomware and extortion attacks are met with a fortified and responsive security posture.
Increasing Prominence of Telegram as a Hub for Cybercriminal Operations
Anticipate a continued reliance on Telegram as a nucleus of cybercriminal activity. This shift reflects a growing preference among cybercriminals for decentralized platforms, which offer greater anonymity and harder-to-trace communication channels. The move towards platforms like Telegram presents new challenges in intelligence gathering and complicates efforts to combat cybercrime effectively at scale, highlighting the necessity for advanced monitoring and response strategies.
Continued Evolution of Stealer Malware in Illicit Communities
In 2024, the growth of stealer malware like Lumma, Silencer Stealer, and StealC is expected to continue, enhancing its role in the cybercrime attack chain. Their ability to discreetly harvest sensitive data makes them a precursor to more disruptive ransomware attacks, as that stolen information—such as cookies—often facilitates targeted ransomware campaigns. This link underscores the criticality of addressing stealer malware in cyber threat intelligence and cybersecurity strategies.
Cloud Service Vulnerabilities Requiring Robust Disaster Recovery Plans
Cloud service vulnerabilities and outages will continue to pose risks, emphasizing the need for robust disaster recovery and business continuity planning.
Increase in Hacktivism Leading to Corporate Reputation and Data Risks
The surge in non-state hacktivism, as observed during the Israel-Hamas War, is expected to continue, which could lead to increased risks related to corporate reputation and data breaches, especially for companies involved in contentious industries or geopolitical areas.