In 2024, the development of AI will have a positive impact on the effectiveness of IT security teams by allowing them to strengthen defenses
As we welcome the arrival of 2024, reflecting on the lessons of 2023 and the evolving threat landscape, it becomes crucial to discern the continuing trends that shaped the previous year. The year 2023 was marked by the tenacity of cybercriminal tactics, including the prevalence of ransomware, vulnerability exploitation, credential theft, and supply chain attacks. What unifies these various attacks is their remarkable effectiveness.
In light of this, it is imperative to consider the potential continuation of these trends through 2024 and formulate strategic approaches for businesses to effectively counter emerging cyber threats.
Between persistent trends and evolving cybercrime tactics
In 2024, the threat landscape is not expected to change dramatically, particularly with regard to attack typologies and criminal tactics and procedures. Criminal groups still focus their attention primarily on financial gains and ransomware remains their weapon of choice. These cybercriminals tend to take the easy way out by opportunistically attacking unpatched security vulnerabilities.
The recent Citrix Bleed attack demonstrated the agility of cybercriminals when it comes to quickly and effectively exploiting these new vulnerabilities. However, once patches are applied to these vulnerabilities, cyberattackers tend to resort to more common strategies of stealing credentials or, alternatively, cookies or sessions, which, although slightly slower, are still a means proven to allow them to penetrate a system. .
In 2024, however, we should expect increased sophistication of defense evasion tactics, particularly due to the widespread use of certain technologies such as multi-factor authentication. These attacks will combine malicious proxy servers, social engineering techniques and repeated authentication request attacks or “fatigue attacks”.
AI and regulations will continue to shape cybersecurity
In 2024, the development of AI will have a positive impact on the efficiency of IT teams and security teams by enabling them to strengthen their defenses and work more efficiently, including through the processing of vast volumes of data for the purpose to detect anomalies. It should make it possible to react more quickly in the event of an incident.
Indeed, analysis of attacks in 2023 showed a shortening of the time between network penetration and the triggering of a final attack – using malware or ransomware. The need for rapid detection and response tools to prevent costly incidents is therefore essential.
Finally, regulatory developments could have a major influence on measures taken against ransomware. The need for more substantial measures could push some states to penalize the payment of ransoms, which would represent a deterrent to malicious actors and change the perspective of companies in the event of an attack. Other stricter legislation, such as the implementation of the EU NIS2 directive, is also expected to force companies to take additional measures, particularly regarding their capabilities to collect data sets.
To protect against increasingly rapid, effective and costly attacks, businesses will need to strengthen their defenses by equipping themselves with tools that allow them to detect and respond to incidents more quickly. The growing shortage of cybersecurity talent does not appear to be as serious as some studies claim. On the contrary, companies have implemented more lax hiring criteria and more open-mindedness in the recruitment process.
From this perspective, to guarantee their survival in a constantly evolving threat landscape, companies have every interest in forming partnerships with cybersecurity experts whose main mission is to make the hyperconnected world safer, to advise and support them. to assist. in setting up effective defenses.
This article was written by Chester Wisniewski, Global Director of Field Technology, Sophos