What a year 2023 was for cybersecurity!

It was a year the world became obsessed with generative artificial intelligence — and a year that brought new breaches with old exploits, a year that brought significant consolidation in the security tools marketplace, and a year when passkeys finally took hold, at least for consumers.

Are businesses better secured than before? Hardly. Attackers have continued to get more sophisticated, hiding in plain sight and using sneakier ways to penetrate enterprise networks. Ransomware is still a thing, and criminals are getting clever at using multiple tactics to extort funds from their victims. 

But it was a year with noteworthy mergers. Palo Alto Networks Inc. acquired Dig Security Solutions Ltd. and Talon Cyber Security Ltd., CrowdStrike Holdings Inc. bought Bionic, and Thoma Bravo merged ForgeRock Inc., Magnet Forensics Inc. and Ping Identity Holding Corp. These show the beginnings of consolidation in security tools, hopefully. Like all mergers, the real challenge will be integrating these tools and merging them into the acquiring company’s mainstream product lines.

I’ve has collected some of the more notable predictions for 2024, and grouped them into various categories. And I’ll offer my own recommendations for better security practices for 2024.

Gen AI

Over the past year, there were many things written about gen AI, ranging from Chicken Little to miracle cancer cures. One noteworthy comment comes from Check Point Software Inc.’s blog: “Hackers will see cloud-based AI resources as a lucrative opportunity. They will focus their efforts on establishing GPU farms in the cloud to fund their own AI activities.” 

One oft-heard comment was that gen AI would play a role in writing more believable phishing emails and malware code. Abnormal Security has this collection of possible AI-generated examples, where attackers tried to impersonate insurance companies or Netflix (as shown below) and other well-known brands.

Although these examples are compelling, Ilia Kolochenko, chief architect of ImmuniWeb SA, took issue with this. “Sophisticated cybercrime actors already have advanced skills and experience that will easily outperform any AI-powered chatbots,” he said. “More harm will come from imprudent cybersecurity professionals who will try to automate code and config writing with gen AI. With infrastructure as code, a single error in code may cost millions of dollars.”

Another often-repeated comment was how gen AI could be used to create better and more believable fake messages, using video and audio replicas. This could create more disinformation campaigns, which could then be used to create content that will sway opinions, alter stock prices or worse.

Of course, there is always the great hope that “email authentication will play a crucial role in maintaining the integrity of digital communications, according to Valimail Inc. Chief Executive Alexander Garcia-Tobar. However, the progress of email security with its interlocking security protocols, messy and slow implementation of any improvements, and continued discovery of new vulnerabilities means 2024 will be a lot like 2023, sadly.

DataGrail Inc. CEO Daniel Barber offered one hope for 2024 when it comes to AI. “We must teach AI to work with us, not against us,” he told SiliconANGLE. “Imagine if you had an AI bot that automatically set your cookie setting every time you visited a website.” Now that is a bot that everyone could deploy willingly and immediately.

AppDev and security trends

Let’s move on to the wider picture, the role that security plays in applications development. The term “shifting left” — meaning doing a better job evaluating the security posture of code at earlier development stages — has been with us for many years. Perhaps 2024 will bring about its wider acceptance.

“We are already seeing a closer alignment between information technology and security operations, especially over the last 12 months, as the threat landscape becomes more sophisticated,” Commvault Systems Inc. Chief Information Officer Reza Morakabati told SiliconANGLE. “For a company to be ready to handle an incident, these two teams must work together on a regular cadence.”   

Teleport CEO Ev Kontsevoy predicted that “in 2024, with identity attacks on the rise, we’ll see the role of security teams shifting to those of consultants and auditors, with engineering teams responsible for choosing vendors and implementing security protocols. Cybersecurity teams will be responsible for policy and ensuring that workflows and systems meet security requirements.” 

That might be more optimistic than the reality experienced at many organizations. One issue is the challenge over better security tooling: “The industrialization of cyber tools will continue to aid threat actors by democratizing access to scripts, tutorials and apps, making the threat landscape even more difficult to navigate,” said Greg Ellis, general manager of Digital.ai Software Inc. “Cyber tools will become easier to purchase,” which doesn’t help defenders.

Identity management and zero trust

There were plenty of innovations and challenges over identity management, starting with the escalated hyping of the term “zero trust.” One suggestion comes from Grant Bourzikas, chief security officer of Cloudflare Inc.: “Real zero trust will happen when organizations put the control plane closer to the user, not the datacenter.”

One way for this to happen? “Organizations must gain visibility and control of machine identities to achieve zero trust and converge management with human identities,” said Murali Palanisamy, chief solutions officer of AppViewX Inc. “Containers will grow machine IDs exponentially in 2024 and will force self-service methods for automating certificate lifecycle management.”

Patrick Joyce, chief information security officer at Proofpoint Inc., believe that “identity is the new vulnerability. Organizations must shift their focus from primarily fortifying infrastructure to securing stored credentials, session cookies, access keys and addressing misconfigurations,” he wrote in the company’s 2024 predictions post.

One bright spot was the adoption of passwordless and passkey technologies. The 2023 Workforce Authentication Report from LastPass US LP found that 92% of businesses have or plan to move to passwordless technology in the coming year.

That may actually happen, especially as Google and Apple have put this technology in wider use in the past year. Password manager 1Password saw more than 700,000 passkeys created on its platform since it began supporting them in September, exceeding expectations. Chief Product Officer Steve Won told SiliconANGLE,”2024 will be the year that we see two or three major services providers go all-in on passkeys.”

Yet Onymos Inc. CEO Shiva Nathan is somewhat pessimistic. “The progression towards a passwordless future will remain slow in 2024, thanks to user behavior patterns and integrating these new login measures,” he said. That, and the fact that “123456” is still many users’ go-to password.

API and supply chain security

Numerous sources pointed to an increase in supply chain security problems and the inability to completely purge even older attacks such as Log4j. “Due to Log4j’s position in the supply chain, its continued discovery in new places and its unfortunate continued implementation in new code, it is well worth an attacker’s time and will continue to rise in 2024,” said Douglas McKee, executive director of software engineering for SonicWall Inc.   

The regulatory environment

Finally, perhaps one of the more noteworthy efforts was the legal trouble stemming from the SolarWinds Corp. hack first disclosed three years ago, when the U.S. Securities and Exchange Commission sued both SolarWinds and its Chief Information Security Officer Timothy Brown this past fall.

“CISOs can no longer be passive,” Sentra Inc. co-founder and Chief Technology Officer Ron Reiter told SiliconANGLE. “They must pay attention to their situation — they either have to be brutally honest or face the consequences.”

Axio Global Inc. CEO Scott Kannry agrees and predicts that “CISOs will assume an elevated position in the boardroom in 2024 – whether they like it or not.” And Regcale CISO Larry Whiteside Jr., notes that “2024 is set to be a pivotal year for cybersecurity regulations, with the United States and the international community taking significant steps to fortify defenses against cyber threats, safeguard data, and ensure the responsible use of artificial intelligence.” 

Chandrodaya Prasad, SonicWall’s executive vice president of product marketing, thinks others will be pushing companies for better security as well. Businesses can “expect to see increasing pressure from regulators and customers alike to secure their supply chains,” he said. “The result will be stricter regulations and compliance requirements related to supply chain security, forcing organizations to scrutinize their vendors more closely.”

My own prediction is that first signs of these regulations will come from Europe, which continues to lead the way for the rest of the world when it comes to cybersecurity requirements.

Recommended security best practices

So how to prepare best for 2024? Here are my personal best-practice recommendations:

1. With the continued fascination of gen AI, organizations should create policies and playbooks on threat response that take into consideration its usage and mitigation. Examine any vendor claims with a great deal of skepticism.
2. If an organization is still using SMS as a authentication factor, now is the time to ditch this method and move to passwordless or passkeys. Put a plan in place pronto.
3. Invest in understanding overall application programming interface security to improve software supply chains. Much as Gartner Inc. predicted years ago, “vulnerable APIs were the preferred attack vector for hackers, as Bionic CTO Eyal Momo told SiliconANGLE. This includes infrastructure-as-code security efforts too.
4. Think carefully about total cloud security. “There’s never been a more critical time for cloud security,” said CrowdStrike CTO Elia Zaitsev. “As organizations focus on managing remote and hybrid teams through an uncertain global economy, adversaries have become more sophisticated, relentless and damaging in their attacks.”

Images: 422737/Pixabay, Abnormal Security