From AI To Ransomware: Trends Shaping Cybersecurity

Staying on top of cybersecurity trends once was the job of IT and security teams. Now cybersecurity has captured everyone’s attention up to the executive boardroom. 

Board members want to know:

• What are you doing to build the company’s business resilience? 
• How are you prioritizing cybersecurity investments?
• By translating risk into a dollar amount (Cyber Risk Quantification (CRQ)), how much will it cost or save the company if you do or don’t purchase those solutions? 

According to the 2024 Gartner CIO and Technology Executive Survey:

80% of survey respondents say they will increase their investment in cybersecurity, making cybersecurity the top area of increasing investment ahead of business intelligence/data analytics, cloud platforms, and AI/machine learning.

Organizations that rely on out-of-date systems instead of modernizing their cybersecurity solutions and infrastructure will continue to accumulate technical debt. Proactive organizations will recognize cybersecurity isn’t set-it-and-forget-it, and act accordingly.

Here’s a look at where organizations like yours are focusing in 2024.

Artificial Intelligence Goes Mainstream 

2024 will see extensive use and misuse of AI, along with the advantages and disadvantages it brings. AI has brought a new dimension to the concept of shadow IT, as employees use AI offerings such as ChatGPT in ways that can compromise sensitive data. 

This year AI goes mainstream with Microsoft Copilot, the Microsoft-designed AI chatbot (formerly Bing Chat Enterprise). Microsoft 365 enterprise customers can add Copilot to their existing enterprise subscription for an additional per-user licensing fee. 

Microsoft announced they will continue to add capabilities and connections to Copilot across their most-used applications over time. According to Joel Grace, SVP of Client Services at Sayers:

“Compared to other big technology waves such as mobility and cloud, AI adoption has been much faster, and the demand is stronger than anticipated. With Copilot, customers can immediately transform their products and business processes with AI by securely tapping into their own data.”

Microsoft Copilot and ChatGPT are examples of generative AI, which brings adoption challenges such as the increased computing power needed to process huge volumes of data. AI, along with the Internet of Things, will fuel the growth of unstructured data, which must be secured as well as adhere to governance requirements.

Chris Willis, VP of Cybersecurity Engineering at Sayers, says:

“Many cybersecurity vendors are using AI in their solutions to find the bad malware and sophisticated attacks that are happening on the network and through the endpoints. But the adversaries also are using AI to get around those tools. It’s a big battle back and forth.”

AI and machine learning are integrating with existing technologies to create hyperautomation capabilities. Hyperautomation goes beyond Security Orchestration, Automation, and Response (SOAR) functionalities to more efficiently and cost-effectively detect, analyze, and respond to security incidents. 

Visibility Solutions Reveal Your Internal and External Attack Surfaces

The Center for Internet Security’s Critical Security Controls, a prioritized set of 18 actions to protect your organization and data from cyberattack vectors, emphasize the importance of having visibility into your enterprise and software assets. 

Put simply, you can’t secure what you don’t know about.

Popular approaches to visibility include Cyber Asset Attack Surface Management (CAASM) and External Attack Surface Management (EASM):

• CAASM solutions such as Axonius use API integrations with existing tools in your environment to present a unified and accurate view of all internal and external cyber assets. They also identify cybersecurity gaps and provide automated steps to remediate issues. 

• EASM solutions and services focus on publicly accessible digital assets in the enterprise, whether on premise or in cloud environments. Use cases include asset inventory, vulnerability management, and cloud security and governance.

Your attack surface expands with the presence of key vendors who are tied to vital business operations. Many organizations not only benefit from assessments to understand how they’re securing their own environments, but also should assess the risks associated with their supply chain and third-party vendors.

Ransomware Attacks Evolve with AI and SEC Disclosure Requirements

Adversaries are using AI advancements to step up their efforts to compromise networks. More are turning to generative AI tools such as ChatGPT and WormGPT to write malicious software and phishing emails. They use such emails to impersonate a specific individual or organization, then gain credentials and access to sensitive data and systems for ransomware demands. 

Solutions such as Halcyon can help detect, prevent, and quickly recover from ransomware attacks. Time is of the essence, as the SEC adopted final rules that require public companies to disclose the occurrence of a material cybersecurity incident within four business days after the company determines the incident to be material (financially impacting an investor). Willis says:

“Four days doesn’t give you a lot of time to perform comprehensive forensics work. Organizations need to prepare now to have continuous capabilities for observability, threat management, and answering critical questions: ‘What is the security breach? Where did this attack occur and what data was in those areas?’ Having that information in near real-time is going to help organizations meet those deadlines.”

The SEC rules also include a requirement to disclose information annually regarding cybersecurity risk management, strategy, and governance; something that could be valuable for the adversary so should be carefully structured.

Secure the Human, Secure the Cloud, and Monitor Continuously

Humans continue to be the weak link in cybersecurity. The MGM Resorts hack in 2023 made that clear, when a 10-day systems shutdown started with a simple phone call to MGM’s IT help desk combined with social engineering to obtain access credentials. 

Expect to see cybersecurity vendors rolling out more tools to secure the human as well as recognize the riskiest users within the organization. 

Identity Threat Detection and Response (ITDR) monitors identity related areas to protect user identities and systems from cyber-attack.  ITDR consists of cyber threat intelligence, behavior analysis, Active Directory integration, various tools and services for advanced discovery, response and mitigation.

Integrate Cybersecurity with Your Cloud Strategy

Organizations are looking to better understand what it takes to secure cloud platforms including the big three: Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Native security capabilities are playing a larger role in which cloud provider an organization chooses.

Willis says:

“2024 will be the year for organizations to refactor, restructure, and integrate cybersecurity with their cloud strategy. Use the native capabilities, as it makes sense, for cybersecurity offered by your cloud service provider, and augment where needed to address any gaps and deficiencies.”

Cybersecurity is a Continuous Motion, Not One-and-Done

Reading the real-time security posture of your organization requires continuous assessments, optimization, maturation, integration, and continuous auditing to stay ahead of cybersecurity bad actors.

Cybersecurity offerings such as Continuous Threat Exposure Management (CTEM) proactively and continuously monitors and prioritizes your organization’s threat management processes. CTEM more tightly integrates your business resiliency program with other departments to determine where threats are in your environment along with other important risks mitigation benefits.

According to Gartner:

By 2026, organizations that prioritize their security investments based on a continuous exposure management program will be 3x less likely to suffer a breach.

Platform Solutions and Point Products: There’s Room For Both

Organizations that have identified their cybersecurity investment priorities face a choice between a cybersecurity platform from a single vendor, with multiple capabilities already integrated, or a combination of point products from multiple vendors. Willis says:

“Cybersecurity platform solutions like those offered by Palo Alto Networks and Check Point will continue to be in demand. At the same time, organizational structure, and ownership of areas within each company might change and result in some gaps and deficiencies being solved with point products.” 

For example, if your cybersecurity team owns the endpoint security solution, they might choose a point solution rather than a platform offering that could conflict with an existing platform owned by another team. This will lead to a concern around visibility and/or control or lack thereof from the solution ownership, regardless of RBAC within the platform. 

Questions? Contact us at Sayers today to discover extensive technology solutions and expertise to cover all areas of your business.