The year 2023 saw heightened cybersecurity activity, with both security professionals and adversaries engaged in a constant cat-and-mouse game. Here are some cybersecurity predictions for 2024 to help security professionals. It is crucial to anticipate the key themes likely to dominate the cybersecurity space in 2024.
Cybersecurity is an ever-evolving process that can never be ‘complete’ in the exact sense. The cybersecurity field evolves constantly as technology advances, global events create uncertainty, and threat actors refine and improve their malicious tactics. It is expected that 2024 again emphasizes the critical need to strike a balance between cybersecurity and cyber resilience. Safeguarding mission-critical assets and developing the capacity to anticipate, withstand, recover from, and adapt to cyberattacks remain central to organizational cybersecurity strategies. While preparedness remains one of the most important facets of effective organizational cybersecurity, it can be difficult to plan for the year ahead with so many unknowns.
Five Cybersecurity Predictions for 2024
https://www.securityweek.com/five-cybersecurity-predictions-for-2024/
A Never-Ending Story: Compromised Credentials
Ransomware Attacks Continue to Wreak Havoc
Global Conflicts and Elections Lead to a Rise in Hacktivism
White House Cybersecurity Strategy Triggers Revival of Vulnerability Management
The Emergence of Next-Gen Security Awareness Programs
10 Global Cybersecurity Predictions for 2024
https://www.fticonsulting.com/insights/articles/10-global-cybersecurity-predictions-2024
Election Security Making Headlines
A Two-Sided Approach to Artificial Intelligence
Widespread Adoption of Zero-Trust Architecture
Cities Integrating IoT into Critical Infrastructure
Increasing Cybersecurity Supply Chain Risks
Third Party Scrutiny Taking Priority for Compliance Officers
The Start of Significant Fines From Australian Regulators
Corporate Responsibility Shifting to Individuals
Organizational Transparency Surrounding Cybersecurity
Emergence of Incentivized Cybersecurity
Experts Talk: Predicting the Cybersecurity Landscape in 2024
Spiceworks News & Insights brings you expert insights on what to expect in cybersecurity in 2024.
https://www.spiceworks.com/it-security/security-general/articles/cybersecurity-predictions-2024/
By investing in AI governance tools and developing complimentary guardrails, companies can avoid what may end up being the biggest misconception in 2024: the assumption that you can control the adoption of AI.
“In 2024, we can expect a surge in malicious AI-generated content.”
“Organizations’ inability to identify the lineage of AI will lead to an increase in software supply chain attacks in 2024,”
The integration of AI into the development process, particularly in the CI/CD pipeline, is crucial.
“Cyberattacks overall are expected to increase; ransomware groups are targeting vendors, government agencies, and critical infrastructure in the United States.”
How can AI help threat actors: “With the assistance of AI, particularly generative AI (GenAI) technology, attackers will be able to refine their techniques, increasing their speed and effectiveness. GenAI will allow criminal cyber groups to quickly fabricate convincing phishing emails and messages to gain initial access into an organization.”
“If cyber leaders want to take on this responsibility (and burden), they will have to be reasonably informed of cyber risks faced by the organization and able to communicate those risks to investors,”
“Third-party risk management is no longer an experiment; it’s an expectation,”
“We will see breaches related to Kubernetes in high-profile companies,”
API Security Trends and Projections for 2024
https://www.spiceworks.com/it-security/application-security/guest-article/api-security-trends-and-projections/
1. The pervasiveness of API vulnerabilities – These vulnerabilities in AAA, if exploited, can lead to major security breaches.
2. Limitations of standard frameworks – While foundational, traditional frameworks like the OWASP API Security Top-10 have limitations in addressing the dynamic nature of API threats.
3. Leak protection – The report highlighted the critical need for enhanced API leak protection, especially considering significant breaches at companies like Netflix and VMware.
4. Rising threats and strategic recommendations – The Wallarm report identified injections as the most pressing API threat, underscoring their likelihood of significant damage.
Gartner’s 8 Cybersecurity Predictions for 2023-2025
https://krontech.com/gartners-8-cybersecurity-predictions-for-2023-2025
By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships. Investors, especially venture capitalists, use cybersecurity risk as an important factor in evaluating opportunities.
1. By the end of 2023, modern data privacy laws will cover the personal information of 75% of the world’s population.
2. By 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90%.
3. By 2024, 30% of enterprises will deploy cloud-based Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS), sourced from the same vendor.
4. By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships.
5. The percentage of states that enact laws regulating ransomware payments, fines and negotiations will increase from less than 1% in 2021 to 30% by the end of 2025.
6. By 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member.
7. By 2025, 70% of CEOs will build a culture of corporate resilience to protect themselves from threats from cybercrime, severe weather events, social events, and political instability.
8. By 2025, cyber-attackers will be able to use operational technology environments as weapons successfully enough to cause human casualties.
Top 10 Cyber Security Trends And Predictions For 2024
https://www.splashtop.com/blog/cybersecurity-trends-and-predictions-2024
Trend 1: Increased Focus on AI and Machine Learning in Cybersecurity
Trend 2: Growing Importance of IoT Security
Trend 3: Expansion of Remote Work and Cybersecurity Implications
Trend 4: The Rise of Quantum Computing and Its Impact on Cybersecurity
Trend 5: Evolution of Phishing Attacks
Trend 6: Enhanced Focus on Mobile Security
Trend 7: Zero Trust Security
Trend 8: Cybersecurity Skills Gap and Education
Trend 9: Blockchain and Cybersecurity
Trend 10: Cybersecurity Insurance Becoming Mainstream
6 Predictions About Cybersecurity Challenges In 2024
https://www.forbes.com/sites/edwardsegal/2023/12/09/6-predictions-about-cybersecurity-challenges-in-2024/?sh=172726819433
‘Uptick in Disruptive Hacktivism’
Election Interference
More Targeted Attacks
Fooling Users
Leveraging AI Tools
‘New Avenues For Cybercrime’
5 cybersecurity predictions for 2024
https://www.fastcompany.com/90997838/5-cybersecurity-predictions-for-2024
1. Advanced phishing
2. AI-powered scams
3. Increase in supply chain attacks
4. Deployment of malicious browser extensions
5. Changing demographics brings more threats
Top cybersecurity predictions of 2024
https://www.securitymagazine.com/articles/100271-top-cybersecurity-predictions-of-2024
Adoption of passwordless authentication
Multi-Factor Authentication (MFA) will become a standard requirement for most online services and applications. Traditional methods like SMS-based MFA will decline in favor of more secure options, such as time-based one-time passwords (TOTP) generated by authenticator apps.
Both enterprises and consumers are increasingly adopting passwordless solutions across various sectors. Transitioning to a passwordless mindset may appear unconventional, as it requires users to change their habits. However, the enhanced security and the seamless experience it offers reduce the learning curve, making the transition more user-friendly.
Cybersecurity will be a higher priority for law firms
For nearly any law firm, part of the ‘big picture’ approach to cybersecurity includes an ability to scale detection and response capabilities.
Artificial intelligence and large language models
Phishing and BEC attacks are becoming more sophisticated because attackers are using personal information pulled from the Dark Web (stolen financial information, social security numbers, addresses, etc.), LinkedIn and other internet sources to create targeted personal profiles that are highly detailed and convincing. They also use trusted services such as Outlook.com or Gmail for greater credibility and legitimacy.
We should also expect the rise of 3D attacks, meaning not just text but also voice and video. This will be the new frontier of phishing. We are already seeing highly realistic deep fakes or video impersonations of celebrities and executive leadership.
I expect to see a major breach of an AI company’s training data exposing the dark side of large language models (LLM) and the personal data they hold that were scraped from open sources.
One of the big trends we expect to see in 2024 is a surge in use of generative AI to make phishing lures much harder to detect, leading to more endpoint compromise. Attackers will be able to automate the drafting of emails in minority languages, scrape information from public sites — such as LinkedIn — to pull information on targets and create highly-personalized social engineering attacks en masse.
Simultaneously, we will see a rise in ‘AI PC’s’, which will revolutionize how people interact with their endpoint devices. With advanced compute power, AI PCs will enable the use of “local Large Language Models (LLMs)”
With the increase in regulatory and security requirements, GRC data volumes continue to grow at what will eventually be an unmanageable rate. Because of this, AI and ML will increasingly be used to identify real-time trends, automate compliance processes, and predict risks.
Prioritize training
Insider threats are a leading problem for IT/security teams — many attacks stem from internal stakeholders stealing and/or exploiting sensitive data, which succeed because they use accepted services to do so. In 2024, IT leaders will need to help teams understand their responsibilities and how they can prevent credential and data exploitation.
On the developer side, management will need to assess their identity management strategies to secure credentials from theft, either from a code repository hosted publicly or within internal applications and systems that have those credentials coded in. On the other hand, end users need to understand how to protect themselves from common targeted methods of attack, such as business email compromise, social engineering and phishing attacks.
Security teams need to prioritize collaboration with other departments within their organization to make internal security training more effective and impactful.
Humans Are Notoriously Bad at Assessing Risk
https://www.epanorama.net/newepa/2022/12/31/cyber-trends-for-2023/
We as humans, with our emotions, can sometimes be irrational and subjective. When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality.
Threat Intel: To Share or Not to Share is Not the Question
https://www.securityweek.com/threat-intel-to-share-or-not-to-share-is-not-the-question/
To share or not to share isn’t the question. It’s how to share, what to share, where and with whom. The sooner we arrive at answers, the safer we’ll be collectively and individually.
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
https://www.securityweek.com/addressing-the-state-of-ais-impact-on-cyber-disinformation-misinformation/
The recent rapid rise of artificial intelligence continues to be a game-changer in many positive ways. Yet, within this revolution, a shadow looms. By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects.
134 Comments
Tomi Engdahl says:
Venäjä, Ukraina ja Kiiina maailman ensimmäisen kyberrikoslistan kärjessä
https://etn.fi/index.php/13-news/16120-venaejae-ukraina-ja-kiiina-maailman-ensimmaeisen-kyberrikoslistan-kaerjessae
Kansainvälinen tutkijaryhmä on kolmen vuoden intensiivisen tutkimuksen jälkeen koonnut kaikkien aikojen ensimmäisen “World Cybercrime Indexin”, joka tunnistaa maailman tärkeimmät kyberrikollisuuden keskittymät. Listan kärjessä ovat Venäjä, Ukraina, Kiina, Yhdysvallat ja Nigeria.
Tutkimuksen toinen kirjoittaja tohtori Miranda Bruce Oxfordin yliopistosta ja UNSW Canberrasta sanoi, että tutkimus antaa julkiselle ja yksityiselle sektorille mahdollisuuden keskittää resurssinsa tärkeimpiin tietoverkkorikollisuuden keskuksiin. Samalla se antaa mahdollisuuden käyttää vähemmän aikaa ja varoja kyberrikollisuuden vastatoimiin maissa, joissa ongelmia ei ole.
Kyberrikosindeksi on julkaistu PLOS ONE -lehdessä.
https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0297312
Tomi Engdahl says:
https://www.securityweek.com/the-battle-continues-mandiant-report-shows-improved-detection-but-persistent-adversarial-success/
Tomi Engdahl says:
”Monissa yrityksissä tietoturvaloukkaus on lähes väistämätön”
https://etn.fi/index.php/13-news/16138-monissa-yrityksissae-tietoturvaloukkaus-on-laehes-vaeistaemaetoen
Tietoturvayritys Barracuda Networks on julkaissut tietohallintoa koskevan CIO-raportin Leading your business through cyber risk. Sen tulokset ovat hälyttäviä. Jopa kuudella kymmenestä yrityksestä on vaikeuksia hallita tietoturvariskiä. – Monille yrityksille jonkinlainen tietoturvaloukkaus on nykyään lähes väistämätön, sanoo yhtiön tietohallintojohtaja Siroui Mushegian.
Tutkimuksen tiedot ovat peräisin Cybernomicsin kyselystä, johon osallistui viime syyskuussa 1917 tietoturva-alan ammattilaista 100-5000 työntekijän yrityksistä eri toimialoilta Yhdysvalloissa (522), UK:ssa (372), Ranskassa (329), Saksassa (425) ja Australiassa (269).
Tulokset osoittavat muun muassa, että monien organisaatioiden on vaikea toteuttaa koko yrityksen laajuisia turvallisuuskäytäntöjä, kuten todennustoimenpiteitä ja pääsynvalvontaa. Puolet (49 %) tutkituista pienistä ja keskisuurista yrityksistä mainitsi tämän yhdeksi kahdesta tärkeimmästä hallintoon liittyvästä haasteestaan. Lisäksi hieman yli kolmannes (35 %) pienemmistä yrityksistä on huolissaan siitä, että ylin johto ei pidä verkkohyökkäyksiä merkittävänä riskinä, kun taas suuremmat yritykset kamppailevat todennäköisimmin budjetin (38 %) ja ammattitaitoisten ammattilaisten (35 %) puutteen kanssa.
Monet organisaatiot ovat huolissaan toimitusketjun turvallisuuden ja valvonnan puutteesta sekä näkyvyyden puutteesta kolmansiin osapuoliin, joilla on pääsy arkaluonteisiin tai luottamuksellisiin tietoihin. Noin joka kymmenennellä ei ole toimintasuunnitelmaa, mikäli yrityksen tietoturva vaarantuu.
Tomi Engdahl says:
The CIO report:
Leading your
business through
cyber risk
Get expert guidance on how to navigate
your business to a stronger, more resilient future
https://www.barracuda.com/reports/cyber-resilience-report
Tomi Engdahl says:
Dustin Volz / Wall Street Journal:
Sam Altman, Satya Nadella, Sundar Pichai, Jensen Huang, and others join a panel to advise US DHS on deploying AI safely within America’s critical infrastructure
OpenAI’s Sam Altman and Other Tech Leaders to Serve on AI Safety Board
https://www.wsj.com/tech/ai/openais-sam-altman-and-other-tech-leaders-to-serve-on-ai-safety-board-7dc47b78?st=xggtkj1be488ozw&reflink=desktopwebshare_permalink
Panel will advise Department of Homeland Security on deploying artificial intelligence safely within America’s critical infrastructure
Tomi Engdahl says:
Reuters:
Sources: ByteDance prefers a TikTok shutdown in the US rather than a sale if legal options fail, deeming TikTok’s algorithm as core to overall ByteDance systems — TikTok owner ByteDance would prefer shutting down its loss-making app rather than sell it if the Chinese company exhausts …
https://www.reuters.com/technology/bytedance-prefers-tiktok-shutdown-us-if-legal-options-fail-sources-say-2024-04-25/
Sherry Qin / Wall Street Journal:
ByteDance says it has no plans to sell TikTok, responding to a report suggesting that it is considering scenarios for selling a majority stake in US TikTok
https://www.wsj.com/tech/bytedance-says-it-wont-sell-u-s-tiktok-business-61f43079
Tomi Engdahl says:
Pilvifirman asiakkaat menettivät kaiken datansa kyberhyökkäykseen, ja yhtiö lakkasi olemasta kotisivuja myöten – Voiko pilveen luottaa?
Pilvipalveluita on totuttu pitämään paitsi kätevänä ja kustannustehokkaana myös turvallisena vaihtoehtona. Tanskalaisen Cloudnordic-palvelun romahdus herätti kuitenkin kysymään, voiko pilveen luottaa.
https://www.tekniikkatalous.fi/uutiset/pilvifirman-asiakkaat-menettivat-kaiken-datansa-kyberhyokkaykseen-ja-yhtio-lakkasi-olemasta-kotisivuja-myoten-voiko-pilveen-luottaa/28de055f-1d64-4b3c-8e1a-1d2f772648d5#Echobox=1700778420
Elokuussa 2023 pienen tanskalaisen pilvipalveluntarjoajan Cloudnordicin asiakkaille tapahtui pahin mahdollinen: kyberrikolliset olivat onnistuneet salaamaan kaikki yrityksen palvelinten tiedot, mukaan lukien tietojen varmistukseen käytetyt palvelimet.
Tomi Engdahl says:
Volkswagen Group’s Systems Hacked: 19,000+ Documents Stolen
https://gbhackers.com/volkswagen-systems-hacked/
Tomi Engdahl says:
Network Security
SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking
SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE.
https://www.securityweek.com/sd-wan-dont-build-a-dead-end-prepare-for-future-proof-secure-networking/
Tomi Engdahl says:
Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon
As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.
https://www.securityweek.com/navigating-vendor-speak-a-security-practitioners-guide-to-seeing-through-the-jargon/
Tomi Engdahl says:
https://www.securityweek.com/honeywell-usb-malware-attacks-on-industrial-orgs-becoming-more-sophisticated/
Tomi Engdahl says:
Beyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual
Jennifer Leggio makes the case for more alcohol-free networking events at conferences, and community-building opportunities for sober individuals working in cybersecurity.
https://www.securityweek.com/beyond-the-buzz-rethinking-alcohol-as-a-cybersecurity-bonding-ritual/
Tomi Engdahl says:
CISO Strategy
Should Cybersecurity Leadership Finally be Professionalized?
The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.
https://www.securityweek.com/should-cybersecurity-leadership-finally-be-professionalized/
Tomi Engdahl says:
Google Says it Blocked 2.28 Million Apps from Google Play Store
In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.
https://www.securityweek.com/google-says-it-blocked-2-28-million-apps-from-google-play-store/
Tomi Engdahl says:
Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas
CEOs of major tech companies are joining a new artificial intelligence safety board to advise the federal government on how to protect the nation’s critical services from “AI-related disruptions.”
https://www.securityweek.com/tech-ceos-altman-nadella-pichai-and-others-join-government-ai-safety-board-led-by-dhs-mayorkas/
Artificial Intelligence
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure
New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.
https://www.securityweek.com/cisa-rolls-out-new-guidelines-to-mitigate-ai-risks-to-us-critical-infrastructure/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2024/05/02/uutta-kilpailukykya-digiturvallisuuteen-digital-resilience-ohjelma-kaynnistyy/
Tomi Engdahl says:
Tom Warren / The Verge:
Microsoft outlines security principles and goals tied to executive compensation packages, following a scathing US Cyber Safety Review Board report in April 2024 — – Protect identities and secrets. … – Protect tenants and isolate production systems. … – Protect networks.
Microsoft/Tech/Security
https://www.theverge.com/2024/5/3/24147883/microsoft-security-priority-executive-compensation-goals
Microsoft overhaul treats security as ‘top priority’ after a series of failures
/ Microsoft’s security overhaul and goals are now linked to leadership compensation.
Tomi Engdahl says:
STRATEGYBeyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual
Jennifer Leggio makes the case for more alcohol-free networking events at conferences, and community-building opportunities for sober individuals working in cybersecurity.
https://www.securityweek.com/beyond-the-buzz-rethinking-alcohol-as-a-cybersecurity-bonding-ritual/
Tomi Engdahl says:
https://github.com/luijait/DarkGPT
DarkGPT is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes.
Tomi Engdahl says:
“Cyber security is not something you learn in a Masters Degree. It is something you learn from years of experience across the broad spectrum of IT. This cannot be bypassed.”
- Randall Frietzche
Tomi Engdahl says:
Pilven tietoturva huolestuttaa lähes kaikkia
https://etn.fi/index.php/13-news/16167-pilven-tietoturva-huolestuttaa-laehes-kaikkia
Fortinetin rahoittama ja Cybersecurity Insidersin toteuttama vuoden 2024 Cloud Security Report -tutkimus selvitti, millaisia haasteita organisaatiot kohtaavat pilviympäristöjensä suojaamisessa ja mitä strategioita ne priorisoivat. Peräti 96 prosenttia organisaatioista ilmoitti olevansa kohtalaisen tai erittäin huolissaan pilvipalvelujen turvallisuudesta.
Raportista selviää muun muassa, että yhä useammat organisaatiot suosivat hybridi- ja monipilvistrategioita. Kyselytutkimukseen vastanneista 78 prosenttia kertoo omaksuneensa tällaisen strategian. Heistä 43 prosentilla on käytössä pilvipalvelun ja paikallisen infrastruktuurin yhdistelmä ja 35 prosentilla monipilvistrategia. Määrät ovat nousseet kahden vuoden takaisesta, jolloin 39 prosenttia organisaatioista käytti hybridipilviä ja 33 prosenttia monipilveä.
Useimmat organisaatiot ovat käsittäneet, että tietoturva on sisällytettävä osaksi pilvistrategioita. Pilvipalveluja koskevat kyberturvallisuushaasteet ja tarve parantaa pilviympäristöjen turvatoimia ovat muuttuneet entistä tärkeämmiksi kysymyksiksi uusien tekoälyyn liittyvien uhkien myötä.
- Pilvisovellusten kehityksen ja käyttöönoton yleistyessä organisaatioissa myös tietoturva monimutkaistuu. Vaikka useiden pilvien käyttö tarjoaa monia etuja, monien työkalujen hallinta lisää monimutkaisuutta ja vaikeuttaa yhdenmukaisten tietoturvakäytäntöjen soveltamista kaikissa pilviympäristöissä, sanoo Fortinetin kyberturvallisuusasiantuntija Jani Ekman.
96 prosenttia organisaatioista ilmoitti olevansa kohtalaisen tai erittäin huolissaan pilvipalvelujen turvallisuudesta. Vastaajista 61 prosenttia odottaa pilvipalvelujensa turvallisuusbudjetin kasvavan seuraavien 12 kuukauden aikana.
Tomi Engdahl says:
Pieter Haeck / Politico:
The EU’s crackdown on Huawei shows an EU-wide TikTok ban will likely take years of diplomacy, as the bloc lacks a formal say over national security concerns
Europe is nowhere close to banning TikTok
The EU has its own ways to deal with the video app. A blanket ban is not (yet) part of it.
https://www.politico.eu/article/us-style-tiktok-ban-nowhere-close-europe/
Tomi Engdahl says:
Tom Warren / The Verge:
Microsoft outlines security principles and goals tied to executive compensation packages, following a scathing US Cyber Safety Review Board report in April 2024
Microsoft overhaul treats security as ‘top priority’ after a series of failures
/ Microsoft’s security overhaul and goals are now linked to leadership compensation.
https://www.theverge.com/2024/5/3/24147883/microsoft-security-priority-executive-compensation-goals
Tomi Engdahl says:
Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference
As you look to navigate RSA Conference, with so many vendors, approaches and solutions, how do you know what solutions you should be investing in?
https://www.securityweek.com/building-the-right-vendor-ecosystem-a-guide-to-making-the-most-of-rsa/
This year’s RSA Conference (RSAC) is taking place from May 6 to 9 at the Moscone Center in San Francisco. The conference serves as the epicenter for the global cybersecurity community to converge, gain valuable insights, engage in deep conversations, and discover transformative solutions that can change their business model. The Expo also reveals the latest advances in cybersecurity technology from over 600 of the world’s foremost vendors.
Right now, many SOC teams are at a crossroads, torn between choosing vendor-based platform solutions or best-of-breed products.
Seek to eliminate security tool siloes
Today’s SOC teams face an uphill battle with fragmented tools and data silos. There are also major challenges around alert fatigue and overloaded SOC teams who, despite all their tools, end up undertaking manual investigations to determine the best response. This is causing SOC burnout, with more than two-thirds (66%) likely to change jobs in next year.
Platform versus best of breed – weighing advantages and disadvantages
Most organizations are utilizing both vendor-based platform and best-of-breed security tools, some of which they may be looking to consolidate. Platforms promise a streamlined interface between the vendor’s solutions within your environment, but they have drawbacks and often lack the functionality and features provided by best-of-breed solutions.
Integration with other tools
One of the key questions you should be asking vendors, when looking for the optimum solution, is how well their platform or solution integrates with other tools.
It is important that you understand your strategy before you get into any conversations. For example, you may be looking to consolidate several tools to reduce complexity, but you will still need to integrate those you do select.
Breadth versus depth – the value of the depth of information
A vendor may have a wide breadth of integrations with third-party providers, but these might not go that deep. Ideally, integrations won’t be merely surface level, but will draw on the deeper capabilities of the complementary solutions. Therefore, it is important to understand the depth of these integrations and whether they will meet your needs.
At the end of the day, if you are building out a platform approach you will inevitably still have some technologies that you need to integrate. Additionally, you should be aware of the issue of vendor lock-in; customers that rely on a single company for their entire security environment, rarely move off that platform. So if you are committing to a dominant vendor, you need to ensure it has flexibility to incorporate those best-of-breed solutions that you still want to use.
Central to this is asking how robust the vendors APIs are. I say this because legacy vendors, that evolved in a standalone environment, may have limited APIs, meaning that there will be less that the SOC team is able to do from an ecosystem standpoint.
before you set off to RSA this year, here are four additional points to consider:
Assess your current and future security needs and challenges and prioritize the most critical and urgent ones.
Evaluate the existing and potential products and services that can address your needs and challenges, and compare their features, benefits, drawbacks, and costs.
Consider the reliability and reputation of the vendors and their vision and direction for the future.
Beware of the risks and trade-offs of consolidation in the cybersecurity landscape. If your tool vendor’s plans are misaligned with your strategic goals, and they get acquired by another company, it’s likely to change its product roadmap, support, and pricing structures.
Tomi Engdahl says:
ICS/OT
From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats
As cyber threats grow more sophisticated, America cannot afford complacency. The time for decisive action and enhanced cyber resilience is now.
https://www.securityweek.com/from-warnings-to-action-preparing-americas-infrastructure-for-imminent-cyber-threats/
Tomi Engdahl says:
André Beganski / Decrypt:
Robinhood CEO Vlad Tenev decries the “regulatory onslaught” and calls SEC’s actions “another improper attempt by the administrative state to stifle innovation” — Though Robinhood Crypto thought its “safety-first” approach was distinct, the SEC said that enforcement action is on its way.
https://decrypt.co/229728/robinhood-ceo-decries-regulatory-onslaught-crypto-fight-sec
Tomi Engdahl says:
Mitre Wants The Feds To Play In Its Sandbox
https://hackaday.com/2024/05/07/mitre-wants-the-feds-to-play-in-its-sandbox/
If you haven’t worked with the US government, you might not know Mitre, a non-profit government research organization. Formed in 1958 by the U.S. Air Force as a company to guide the SAGE computer, they are often research experts who oversee government contracts or evaluate proposals. Now they are building a $20 millon “AI Sandbox” for the Federal government to build AI prototypes.
Partnered with NVidia, the sandbox will use an NVidia GDX SuperPOD system capable of an exaFLOP of 8-bit AI computation. Mitre reports this will increase their compute power for AI by two orders of magnitude.
Access to the sandbox will be through one of the six federally funded R&D centers that Mitre operates on behalf of the government. These include centers that support the FAA, the IRS, Homeland Security, Social Security, health services, and cybersecurity with NIST. Of course, the DoD is likely in that mix, too.
Federal AI Sandbox
https://www.mitre.org/news-insights/fact-sheet/federal-ai-sandbox
To realize the incredible potential of AI within the federal government, a secure sandbox environment with significant computational power is needed for prototyping, training, and testing complex AI models.
Tomi Engdahl says:
Criminal Use of AI Growing, But Lags Behind Defenders
https://www.securityweek.com/criminal-use-of-ai-growing-but-lags-behind-defenders/
When not scamming other criminals, criminals are concentrating on the use of mainstream AI products rather than developing their own AI systems.
At the 2024 RSA Conference, taking place this week in San Francisco, Trend Micro on Wednesday delivered an update on its 2023 investigation into the criminal use of gen-AI. “Spoiler: criminals are [still] lagging behind on AI adoption.”
In summary, Trend Micro has found only one criminal LLM: WormGPT. Instead, there is a growing incidence, and therefore potential use, of jailbreaking services: EscapeGPT, BlackHatGPT, and LoopGPT. (The RSA presentation is supported by a separate Trend Micro blog.)
There is also an increasing number of ‘services’ whose purpose is unclear. These provide no demo and only mention their supposed capabilities: high on claims but low on proof. FraudGPT is one example.
Trend is not sure about the relevance or value of these offerings, and places them in a separate category labeled potential ‘scams’. Other examples include XXX.GPT, WolfGPT, EvilGPT, DarkBARD, DarkBERT, and DarkGPT.
In short, when not scamming other criminals, criminals are concentrating on the use of mainstream AI products rather than developing their own AI systems. This is also seen in the use of AI within other services. The Predator hacking tool includes a GPT feature using ChatGPT to assist scammers’ text creation abilities.
Tomi Engdahl says:
CISA Announces CVE Enrichment Project ‘Vulnrichment’
https://www.securityweek.com/cisa-announces-cve-enrichment-project-vulnrichment/
CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes.
The US cybersecurity agency CISA on Wednesday announced a new project that aims to add important information to CVE records in an effort to help organizations improve their vulnerability management processes.
The project is named Vulnrichment and its goal is the enrichment of public CVE records with Common Platform Enumeration (CPE), Common Vulnerability Scoring System (CVSS), Common Weakness Enumeration (CWE), and Known Exploited Vulnerabilities (KEV) data.
CISA says it has already enriched 1,300 CVEs — particularly new and recent CVEs — and is asking all CVE numbering authorities (CNAs) to provide complete information when submitting vulnerability information to CVE.org.
The agency says it’s initially taking each CVE through a Stakeholder-Specific Vulnerability Categorization (SSVC) scoring process.
SSVC, developed by CISA in collaboration with Carnegie Mellon University’s Software Engineering Institute, provides a vulnerability analysis methodology that accounts for a vulnerability’s exploitation status, safety impact, and prevalence of the affected product.
Stakeholder-Specific Vulnerability Categorization (SSVC)
https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc
Tomi Engdahl says:
Shields Up: How to Minimize Ransomware Exposure
https://www.securityweek.com/shields-up-how-to-minimize-ransomware-exposure/
Organizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response.
Tomi Engdahl says:
I work for a Pentesting company and Nessus & Nmap, along with >insert your favorite TLS protocol/cipher tool checker here< is our standard outside of doing mostly all testing in. Burp Suite.
This is specifically for web app penetration tests though. Network PenTest / etc use a lot more tooling.
Tomi Engdahl says:
Verkkorikollisuuden ammattimaistuminen ja tekoälyn vikkelä kehitys asettavat yritykset uudenlaisten kyberuhkien eteen. Esimerkiksi deepfake-teknologia vie toimitusjohtajahuijaukset täysin uudelle tasolle.
”Tulevaisuudessa tekoälyn luoma toimitusjohtaja voi ottaa reaaliaikaisen Teams-puhelun ja keskustella työntekijänsä kanssa. Teknologisesti tämä on toteutettavissa jo nyt”, tietoturvan syväosaaja ja WithSecuren tutkimusjohtaja Mikko Hyppönen kertoo.
Koska jokainen yritys on potentiaalinen hyökkäyksen kohde, on toimiin ryhdyttävä heti. Lue vinkit yrityksen tietoturvan kehittämiseen artikkelista!
Deepfake-huijaukset ja monet muut verkkorikokset ammattimaistuvat – Jokainen yritys on potentiaalinen kohde kyberrosvolle
Kyberrikollisuus ei ole enää pitkään ollut vain yksittäisten hakkereiden harjoittamaa puuhastelua, vaan se on kehittynyt hyvin organisoituneeksi rikolliseksi toiminnaksi. Kentällä on yhä enemmän rikollisorganisaatioita, jotka toimivat kuin yritykset. Rikollisten tarjoamien palveluiden määrä on kasvanut, ja palvelut moninaistuvat entisestään tekoälyn vauhdittamana.
Kehittyneet tietoturvateknologiat ovat tuoneet mukanaan varjopuolen: tehokkaita mekanismeja voidaan käyttää myös väärin. Olemme päätyneet tilanteeseen, jossa erilaisia kyberrikoksia voidaan ostaa kuin mitä tahansa muitakin palveluita. Kyberrikollisuus on ammattimaistunut ja kyberhyökkäykset on tuotteistettu. Aihe koskettaa kaikkia yrityksiä.
”Jokainen yritys on tänä päivänä ohjelmistoyritys. Kaikkien firmojen toiminta pyörii softan päällä tavalla tai toisella – oli se sitten kirjanpito tai myyntireskontra”, tietoturvan syväosaaja ja WithSecuren tutkimusjohtaja Mikko Hyppönen kertoo.
Jokainen yritys on tänä päivänä ohjelmistoyritys.
Kaikilta yrityksiltä löytyy jotain digitaalisessa muodossa olevaa suojattavaa tietoa tai järjestelmiä, jotka voivat joutua kyberhyökkäyksen kohteeksi. Koska yhä ammattimaisemmin ja organisoidummin toimivat rikolliset todella tietävät mitä tekevät, on yritysten oltava valppaina.
Rikollisten palveluvalikoima laajenee
Lunnastroijalaiset ja palvelunestohyökkäykset ovat tunnettuja esimerkkejä yrityksiin kohdistuvista iskuista. Suorien rikosten lisäksi kybervoroilta voi hankkia työkaluja, jotka esimerkiksi kuormittavat hyökkäyskohteen palvelinta. Mutta missä tämä kaupankäynti oikein tapahtuu?
”Vakavimmat hyökkäysten muodot ostetaan privaattifoorumeilla, kuten chateissa, tai Tor-verkossa. Ei kuitenkaan ole tavatonta, että kauppaa käydään myös julkisessa verkossa”, Hyppönen kertoo.
Alalla on myös tahoja, jotka eivät koe harjoittavansa rikollista toimintaa. Tämä herättääkin kysymyksen, onko rikosta avustava, epäeettinen toiminta rikollista. Hyppönen kertoo esimerkin tuotteistetuista sisäänpääsypalveluista (englanniksi initial access brokers).
”Näiden palveluiden myyjät skannaavat IP-avaruuksia ja etsivät haavoittuvuuksia. Kun haavoittuvuus löytyy, tieto myydään pimeässä verkossa hyvään hintaan. Omasta mielestään nämä kauppiaat eivät ole rikollisia, koska he eivät murtaudu minnekään tai vie tietoja.”
Sisäänpääsypalveluiden tyyppinen toiminta on kasvanut kovaa vauhtia. Hyppösen mukaan on muutenkin yhä yleisempää, että rikolliset ostavat toinen toisiltaan palveluita, joihin heillä itsellään ei ole kyvykkyyksiä. Yksi esimerkki tästä on deepfake-huijaukset.
Tekoäly tekee toimitusjohtajahuijauksista vakuuttavampia kuin koskaan
Tekoäly tuo kyberrikollisuuden markkinoille uudenlaiset huijaustyypit, kuten deepfake-huijaukset. Deepfake-teknologia luo aidolta vaikuttavaa ääni-, kuva- ja videomateriaalia halutusta henkilöstä. Materiaali tuotetaan yhdistämällä tai muuttamalla olemassa olevaa materiaalia koneoppivan tekoälyn avulla.
”Toimitusjohtajahuijaukset eivät ole uusi juttu. Ennen internetiä ne toteutettiin esimerkiksi faksilla, mutta nyt deepfake-teknologia on tullut mukaan kuvioihin”, Hyppönen pohtii.
”Alkuvaiheessa huijaukset toteutetaan ennalta renderöidyillä ääni- ja videoklipeillä. Pienestäkin materiaalista saa kloonattua ihmisen kasvot tai äänen. Tulevaisuudessa tekoälyn luoma toimitusjohtaja voi ottaa reaaliaikaisen Teams-puhelun ja keskustella työntekijänsä kanssa. Teknologisesti tämä on toteutettavissa jo nyt.”
Hyppönen ennustaa deepfake-teknologiasta tulevan merkittävä haaste tulevaisuudessa. Hän näkeekin uuden palvelun syntyvän kyberrikollisten palvelutarjontaan: deepfake as a service.
Rikollinen voi hyökätä sinne, minne vähiten odotat
Kuka valikoituu hakkerin uhriksi?
”Liian usein tuudittaudumme ajatukseen, että hakkeria eivät kiinnosta juuri minun firmani tiedot. Tämä on täysin väärä uskomus, johon vaaditaan ajattelumallin muutos. Jokainen organisaatio on potentiaalinen kohde, vaikkei välttämättä tunnu siltä”, Hyppönen muistuttaa.
Tietoturvahyökkäyksen kohde valikoituu yleensä sattumanvaraisesti. Kun tarkastellaan yrityksiä, joihin hyökkäys on kohdistunut, voidaan huomata nopeasti, ettei yrityksen toimialalla tai sijainnilla ole väliä. Hakkeri löytää yrityksen tietoturvan heikot kohdat ja valitsee uhrinsa sen perusteella.
”Hakkeri saattaa huomata, että esimerkiksi tietyssä etäkäyttöpalvelimen kokoonpanossa on reikä. Sen jälkeen hän skannaa firmat, jotka käyttävät tätä palvelinta. Jos hän löytää esimerkiksi sata yritystä, ne kaikki ovat potentiaalisia hyökkäyksen kohteita.”
Uhriksi joutumisen mahdollisuus herättää huolen siitä, miten oman yrityksen tietoturvan tason saa pidettyä riittävän korkealla monipuolistuvista uhista huolimatta. Onneksi henkilöstön koulutuksella ja yhteisillä toimintatavoilla pääsee jo pitkälle.
”Koulutuksen arvo on kiistaton. Kun kaikille on selvää, miten ihmisen aitous varmistetaan, kenelle soitetaan epäilyttävissä tilanteissa tai miten sisäpiirisäännöt oikeasti menevät, ollaan turvallisilla vesillä”, Hyppönen rauhoittelee.
Kyberrosvot-podcast sukeltaa toinen toistaan jännittävämpien kyberrikollisuuden tositarinoiden pariin. Kuuntele jaksosta Herramieshakkereiden Mikko Hyppösen ja Tomi Tuomisen tarkat analyysit ammattimaistuneen kyberrikollisuuden nykytilanteesta.
Avainsanat:
Digitalisaatio Teknologia Tietoturva Tekoäly Kyberturvallisuus
DNA Yrityksille
Olemme uuden työn edelläkävijä, joka ymmärtää digitalisoituneen maailman monimutkaisuuden ja haluaa tehdä siitä yllättävän yksinkertaista tarjoamalla asiakkaillemme ensiluokkaisia ratkaisuja ja odotukset ylittävää palvelua.
Samasta aiheesta
7 vinkkiä yritysliittymän käyttöön ulkomailla
5/2024 DNA Yrityksille
Uhkaähky lamauttaa organisaation – vinkkini sen purkamiseen
5/2024 Juho Saarinen
Uhkakenttä muuttuu teknologian kehittyessä – miten yrityksen kyberresilienssiä voi vahvistaa?
4/2024 Mari Eklund
DNA:n vahvat pohjoismaiset hartiat takaavat sujuvat digipalvelut läpi Pohjolan
3/2024 DNA Yrityksille
Näin ennakoit kustannukset: hanki mobiililaitteet palveluna
3/2024 DNA Yrityksille
Kaikki artikkelit ja blogit
Kaikki referenssit
Kaikki oppaat
Tilaa uutiskirje
Ota yhteyttä
Lue lisää uudesta työstä
ARTIKKELI
5/2024 DNA YRITYKSILLE
7 vinkkiä yritysliittymän käyttöön ulkomailla
Lue artikkeli
ARTIKKELI
5/2024 DNA YRITYKSILLE
Yrittäjä: Osta työvälineet Y-tunnukselle ja säästä!
Lue artikkeli
ARTIKKELI
5/2024 DNA YRITYKSILLE
Kyberrosvot: Tietoturvassa yhdistyvät inhimillisyys, teknologia ja varautuminen
Lue artikkeli
BLOGI
5/2024 JUHO SAARINEN
Uhkaähky lamauttaa organisaation – vinkkini sen purkamiseen
Lue blogi
RAPORTTI
Miltä näyttää teknologian vuosi 2024?
Uljaan uuden huomisen onnennumero on 14 – nimittäin niin monta nousevaa teknologiatrendiä esitellään DNA:n vuoden 2024 teknologiatrendiraportissa! Lue valppaasti, sillä monet näistä trendeistä tulevat jättämään jälkensä historiaan.
Lataa raportti
Pysy digitalisaation vauhdissa.
Tilaa DNA Yrityksille -uutiskirje sähköpostiisi!
Tilaa uutiskirje
Hyödynnetäänkö teillä jo uuden työn mahdollisuuksia? Ota yhteyttä – katsotaan yhdessä parhaat ratkaisut yrityksellesi.
Jätä yhteydenottopyyntö
Hallinnoi palveluitasi
Kirjaudu YritysDNA:han
Hanki tunnukset
Asiakaspalvelu
Tuki ja ohjeet
Ota yhteyttä
Yritysmyynti
Varaa soittoaika
Soita 0800 30 20 30
Jätä yhteydenottopyyntö
Liittymät ja laitteet
Yritysratkaisut
Teknologia nyt
FI
EN
SV
Yksityisille
Yrityksille
Wholesale
DNA Oyj
Tietosuoja
Muokkaa evästeasetuksia
Tilaus- ja toimitusehdot
DNA 2024
https://www.dna.fi/yrityksille/blogi/-/blogs/deepfake-huijaukset-ja-monet-muut-verkkorikokset-ammattimaistuvat-jokainen-yritys-on-potentiaalinen-kohde-kyberrosvolle?utm_source=facebook&utm_medium=linkad&utm_content=KIKA-artikkeli-deepfake-huijaukset-ja-monet-muut-verkkorikokset-ammattimaistuvat-jokainen-yritys-on-potentiaalinen-kohde-kyberrosvolle&utm_campaign=H_KIKA_SES_24-18-22_artikkelikampanja&fbclid=IwAR18GaH1J6XQ7ocdUrjhA69jvfkmMR-egOdrY2gkvmHt-Ik6WeMHKfvPLKg_aem_AcHrUTrmmin6xXSxBDbk1rWDsg7OEvIs4s6EZ1eeSi2GcxJqquJy1X4Dg1H_6OAFh081ZX9gzT5P72SaJnhbtf2Y
Tomi Engdahl says:
“There Is No Cyber Labor Shortage?
There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.”
There Is No Cyber Labor Shortage
There are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places
https://www.darkreading.com/cybersecurity-operations/there-is-no-cyber-labor-shortage?fbclid=IwZXh0bgNhZW0CMTEAAR0YIPCEZ4MVpzVDdAY8EqtqpuLmvtyclHWxFeEklwH4tadbqYhj2A0rUi4_aem_AcduDuaAqMKzUgo3gvan1I6_5GSfEOEYoWzZMFBZ2OdUAtcrEnKYMecz-FkxwxHsDr9JatATDj0ygm8nLvHxVwe0
The unfortunate truth is, if you’re looking for an entry-level position in the cybersecurity field, there aren’t many on-ramps. The wide-ranging security certification bodies and training organizations that dominate the industry have convinced many — maybe even most — cybersecurity leaders that “number of certifications” or “years of formal training” are the only metrics by which potential job candidates should be judged. What’s more, the emergence of both undergraduate and graduate-level cybersecurity degrees has placed another arbitrary barrier between otherwise qualified individuals and the jobs they want. Don’t have the right degree? Too many organizations will tell you not to bother applying.
Unfortunately, the meaningless requirements and barriers we place in front of candidates are only likely to get more burdensome with time. Want an entry-level security operations center (SOC) position? Please arrive with a bachelor’s degree in cybersecurity, Security+ (CISSP preferred) training, and $30,000 worth of SANS courses. Oh, and be prepared to work third shift for a while.
Yes, those credentials have value, but treating them as mandatory artificially raises the barrier to entry for new security professionals. Hiring managers often are hesitant to hire candidates perceived as undercredentialed when they believe there must be a “perfect” candidate out there somewhere. But the truth is, a perfect candidate probably isn’t interested in a third-shift SOC position — which means hiring managers need to reevaluate where they look for new employees and which qualifications matter most.
Solving the Shortage by Broadening the Candidate Pool
It isn’t just organizations themselves that fall into this trap — recruiters do, too. As effective as recruiters are at gathering candidates, they usually aren’t cybersecurity experts — which means they aren’t always capable of discerning between cybersecurity candidates ready to deliver value and those who are simply good at marketing themselves. Understandably, they look for shorthand ways to help them narrow down candidates: Degrees, certifications, training, and other measurable factors obviously are attractive. They become de facto indicators of value, and their absence is treated as an indicator that a candidate is unqualified — or at least not a fit for a technical role.
The result is self-defeating. By narrowing down candidate pools based on a small number of arbitrary qualifications, organizations and recruiters end up self-selecting candidates who are good at acquiring credentials and taking tests — neither of which necessarily correlate to long-term success in the cybersecurity field. Prioritizing this small pool of candidates also means overlooking the many, many candidates with analytical potential, technical promise, and professional dedication who may not have gotten the right degree or attended the right training course. By tapping into these candidates, organizations will find that the “labor shortage” that has received so much attention isn’t such a hard problem to solve, after all.
Tomi Engdahl says:
100% correct. There is a massive surplus in candidates, but HR requirements for entry-level positions are illogical.
There really is a shortage. Most candidates cannot pass a phishing test.
The phrases “Econ 101″ and “Supply & Demand” are often overused, but unless there’s an artificial price ceiling in place, there’s no shortage. It’s just people who are mad about the price.
I look at this from two sides. Sure, the author is correct about untapped potential.
But my god. The number of factory floor risk management people getting hired into cyber roles with laughable technical experience is scary. I have seen this firsthand, it’s a problem. Hiring managers are at fault for this.
I think the author nails is… “It takes a strong analytic mind, a willingness to explore and grow, and a level of comfort with new and evolving technology. Perhaps most importantly, it requires a hiring manager willing to invest in a potentially unproven candidate.”
https://www.facebook.com/share/p/PKapSEHbT3C4sHMc/