Here’s part two of Last Watchdog’s year-end tête-à-tête with top cybersecurity experts. Part three to follow on Friday. We asked two questions:
•What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?
•What should I be most concerned about – and focus on – in 2024?
Their guidance:
Brandon Colley, Principal Security Consultant, Trimarc Security
Some 10-year-old vulnerabilities are still wildly prevalent. “Kerberoasting” and “Golden Ticket” attacks were both introduced in 2014 and yet enterprises continue to have hundreds of accounts configured with unconstrained delegation.
In 2024 we’ll see more of the same. As we shift to hybrid workloads, identity is becoming more complex. Instead of arguing about MFA strength, VPN vendor, or nation-state treat actors, let’s finish our conversation about using dedicated administrator accounts and unique passwords.
Or Shoshani, CEO and founder, Stream Security
As 2023 ends, we’re already seeing businesses adopting technology to diagnose and detect threats to their cloud infrastructure before they occur. In the coming year, we also expect to see organizations work to close the disconnect between their DevOps and security teams.
By empowering these teams to work more cohesively, companies will have an easier time ensuring that applications and data are protected from security threats and vulnerabilities. DevOps and security teams must work together in securing the border guarding each system.
Michiel Prins, Co-Founder, HackerOne
Ethical hackers are consistently first to pressure-test emerging technology. As the adoption of generative AI accelerates, organizations must prioritize security and risk management.
In 2024, red teaming and the insights ethical hackers offer will play an increasingly central role in ensuring the security of this new technology — as exemplified by the Biden Administration’s endorsement of red teaming in its recent executive order. As AI continues to shape our future, the ethical hacker community will remain at the forefront of identifying new risks.”
Javed Hasan, CEO and co-founder, Lineaje
Organizations have become concerned about a threat actor using AI to prompt actions that could lead to a compromise. The truth is that the best time to compromise AI is when it is being built. Determining who created the initial AI models, with what bias and what intent, is critical to preventing security gaps.
I suspect that few organizations have considered this approach, and as a result, we’ll see all kinds of interesting challenges and issues emerge in the coming months.
Tyler Farrar, CISO, Exabeam
Traditional SIEM solutions face numerous challenges with limited ability to adapt to new threats and attack vectors — and complex deployment and maintenance processes. In 2024, cloud-native SIEM solutions will continue to emerge as a strong alternative.
The best cloud-native SIEM tools enable security and business teams to have a shared understanding of their organization’s security posture and the same interpretation of each and every threat. Cloud-native SIEM empowers organizations to effectively protect their valuable assets and data from an ever-growing array of cyber threats.
Richard Bird, CSO, Traceable AI
The bad guys are showing no restraint in exploiting API security weakness to their advantage. In 2024 we’ll see a steep upward trend of APIs being used to attack organizations and more companies will move from ‘thinking about doing something about API security’ to doing actually something about API security.
Stop trusting that your APIs are secure and start asking the hard questions about how exposed your organization currently is to API key theft, API transactional fraud and authorization level exploits.
The primary takeaway from 2023 is that most cybersecurity attacks are still linked to credentials — whether it’s the use of stolen credentials, or social engineering attacks to mine new credentials.
As organizations adopt cloud infrastructure and services, they need to carefully manage access rights and permissions. The move to the cloud has created bigger, more rewarding, and easier to penetrate targets. In 2024, security teams need to double down on defending increasingly complex threats to their assets in the cloud.
Jason Mashak, Senior Manager, Analyst & Public Relations, Runecast
It has become crucial for organizations to proactively discover, identify, and prioritize misconfigurations and other potential vulnerabilities. In 2024, geopolitical shifts and economic uncertainties are expected to continue; generative AI and changing workforce dynamics will impact organizations.
Balancing efficiency, innovation and risk will be essential. Lastly, building organizational and societal resilience through rapid skillset evolution will be vital. Professionals must manage chaos, adapt, and embrace change management – all to align more with innovation, sustainability, and security.
Gabi Reish, Chief Product and Business Development Officer, Cybersixgill.
Supply-chain attacks have become paramount. Ransomware is more advanced and prevalent, even reaching “as-a-service” availability on the Dark Web. Not surprisingly, threat actors increasingly use AI to launch attacks more efficiently and stealthily.
Most organizations can benefit from gaining greater insights into the threats they face. The role of cyber threat intelligence (CTI) vendors is to deliver insights that are relevant to each organization’s use cases and security maturity level — and that are integrated across the security stack .
Kern Smith, VP Sales Engineering, Americas, Zimperium.
Regulatory requirements to embed more robust protections in mobile apps evolved greatly in 2023. Most recently the FCC adopted new rules for wireless carriers aimed at enhancing security measures for cell phone accounts.
Meanwhile QR-code phishing arose as a popular form of attack. As the use of QR codes for everyday things increases, bad actors will continue to take advantage of vulnerabilities to launch attacks. Having a mobile-first security strategy will be necessary for a QR-code friendly business.
Geoff Haydon, CEO, Ontinue
The scope of potential threats is growing faster than human defenders can keep up with. AI is set to completely transform cybersecurity.
Organizations will – and should — demand transparency around how vendors responsibly apply AI and what business value they’ll see. The genuine potential of AI in cybersecurity lies in its ability to enhance its knowledge and capabilities as it gains a better understanding of your specific environment. AI can continuously learn an organization’s environment so that the models can better determine relevant next steps.
Sean Cronin, CEO, ProcessUnity
A major trend this year has been the over hype-ification of Gen AI in risk and compliance. Risk managers want and will use AI, but in 2024, its usage will need to be reined in and human intervention is critical.
The notion of AI powered teams would be ideal. AI will be able to help with that underlying third-party or fourth-party risk that doesn’t appear significant until it causes downstream breaches, but it can’t be the be-end, end-all in risk management.
Brandon Hart, CTO, EBI
In 2024, zero trust will become increasingly important in ensuring the security of remote workers. Zero trust is a strategy, not a product or service that can be purchased outright. Every access attempt is treated as if it’s originating from an untrusted network.
Implementation may require increased use of cloud-based security solutions and a stronger focus on user training and awareness. A continuous evaluation and improvement mechanism is necessary as the security landscape evolves and new threats emerge.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
December 14th, 2023 | My Take | Top Stories