Trends and Predictions 2024 from Integrity360
November 2023 by Integrity360
Four trends and predictions for 2024 from Integrity360.
1. Continuous threat exposure management is likely to become mainstream in 2024 - Brian Martin, Director of Product Management, Integrity360
In 2024, we foresee the evolution of threat exposure management taking hold as a concept in the market. With many prevalent and upcoming technologies centred around CTEM at present, it suggests that it’s going to start becoming mainstream next year.
CTEM will enable organisations to be more proactive about identifying and assessing key problem areas in the attack surface that has grown substantially in the last couple of years. However, this will extend beyond simply identifying and addressing vulnerabilities, enabling organisations to alter their posture, looking at users, security controls and other key pieces of the puzzle needed to change to ensure best practices are embraced.
A more widespread embrace of CTEM is also likely to accelerate the convergence of key security tools.
When we talk about threat exposure management, there’s a few different pillars, products and capabilities including: external attack surface management, cyber asset management, attack path management, digital risk protection, vulnerability assessment and management, continuous testing. Currently, these are all separate products – something that’s likely to change in the year ahead.
Consolidation is going to be a theme for 2024, as previously standalone products continue to become features of broader overarching solutions, such as CTEM programmes.
2. Could we see a partial reverse in the on-prem to cloud transition in 2024? – Carl Shallow, Director of Compliance at Integrity360
We’ve seen organisations digitally transforming and maturing at both speed and scale.
The pandemic brought about years of change in the way companies in all sectors and regions operate. According to a July 2020 McKinsey Global Survey, executives revealed that COVID-19 had accelerated the digitisation of their customer and supply-chain interactions and of their internal operations by three to four years.
That pace of change has led to the widespread adoption of cloud tools and technologies. From a security perspective, we’ve recently seen organisations embracing Cloud-Native Application Protection Platforms (CNAPPs) – a cloud-native security model intended to replace the use of multiple independent tools with one holistic security solution for modern enterprises with cloud-native workloads.
That’s the picture that’s largely been painted from 2020-2023. But what of 2024?
Where it was thought that there would be a logical and continuous shift away from on-prem to the cloud, this transition is now not as certain as it once was, with concerns having been growing among organisations for several reasons in recent times.
First, there have been several high-profile cloud breaches. For example, in June of 2023, automaker Toyota revealed that roughly 260,000 customers’ data was exposed due to a misconfigured cloud environment. Further, the 2023 Thales Cloud Security Study revealed that 39% of businesses experienced a data breach in their cloud environment in the last year.
However, it’s not just security, but also cost that’s a potential challenge.
According to Flexera’s state of the cloud report 2023, cost is the number one concern with cloud, knocking security off the top spot for the first time in 10 years. Organisations are spending significantly on cloud platforms and supportive security, yet the economic gains that they anticipated are struggling to materialise in many cases.
Of course, the cloud won’t be scrapped. Yet it’s possible that we’ll see several organisations planning to move a proportion of their key assets back on prem in 2024 as they seek to ease concerns surrounding both cost and security.
3. Generative AI and security in 2024 – James Hinton, Director Of CST Services, Integrity360
The implications of generative AI in security will continue to become more clear in 2024.
It’s a topic that’s top of minds at the minute. In surveying 205 IT security decision makers in August 2023, Integrity360 found that more than two thirds (68%) are worried about cybercriminals’ use of deepfakes in targeting organisations, for example.
The impact of deepfakes and audio synthesisation being used for nefarious purposes has already been demonstrated. In June 2023, a mother in the US became the victim of a targeted deepfake kidnapping scam where AI was used to impersonate her daughter’s voice in an attempt to extort funds.
These are not things that could happen, but something that is happening. Today, it isn’t all that difficult to use small snippets of audio conversations to replicate someone’s voice. So, how do we regain trust and ensure we’re able to confirm people are who they say they are beyond being able to see and hear people to prevent fraud?
While AI will pave the way for novel threats, it will also form the bedrock of a variety of enhanced security solutions.
In 2024, we’ll see the proliferation of AI and generative AI platforms being integrated into security tools, allowing huge amounts of data to be processed much more quickly, which will speed up operations such as instant response. Where AI can triage data really quickly and provide the results, organisations won’t necessarily require skilled analysts to write custom queries. Indeed, AI can be used to complete such tasks, freeing up highly skilled security professionals to focus on higher value tasks. In fact, our survey all found that of 73% respondents agree that AI is becoming an increasingly important tool for security operations and incident response.
Further, we’re also seeing how technology is making it significantly more difficult for threats such as malware to bypass detections. Where AI is becoming increasingly good at learning what’s normal for specific environments, malware now needs to be tailored to meet the specific rules in individual environments to even stand a chance of bypassing detection. In this sense, while the threats will grow, defences will also advance with AI.
4. Threat actors bribing employees, ramping up insider threats – Zach Fleming, Head of Red Teaming, Integrity360
Because AI is built into many security tools and the external perimeter controls have gotten much better lately, a lot of what ransomware groups are doing now is just bribing employees.
I think that’s going to increase, particularly in the current economic environment.
Ways of working with threat actors are becoming harder to detect, with insider threats pretending to accidentally slip up in providing attackers access to systems and/or information. If you’re a disgruntled employee and you work in a company as a helpdesk engineer, they’ll send you an email where you’ll deliberately click on a link where you’ll give them credentials to access a company portal. And then, if they’re successful in extorting the company, they’ll pay that employee up to 70% of whatever the extortion amount was.
If you’re that insider threat actor/employee, it’s a high reward and its low risk – you can’t go to prison for being bad at spotting a phishing email. And now, for an extra 10% fee, they’ll start washing the money through legitimate shell companies. That’s becoming rampant – a couple of ransomware groups have started doing it, and we’re picking up on it quickly.