Considering the macro landscape of cybersecurity, choosing topics to focus on for an industry paper is always challenging, particularly given the massive number of threat, business, regulatory, and technology trends with which security leaders are contending. It can be tempting to pick the most salacious, sublime, or ridiculous trends. Instead, my focus for the paper, "SANS CISO Primer: 4 Cyber Trends That Will Move the Needle in 2024," has been on the topics most prevalent in discussions with security leaders and experts. Note that a few of the trends covered in this paper have a new lease on life after years of theoretical discussion.
For the past 20 years, I’ve watched as threats, malware, and attacker tactics evolve as innovation paved the way for a substantial increase in sophistication and scale. I vividly remember the days of seeing only a few hundred pieces of new malicious code a day, many of them hand-crafted. That’s a wildly different picture than the tactics, scale, and opportunities of today’s threat landscape.
Cyber criminals today operate crimeware-as-a-service (CRaaS) platforms, reducing the barrier to entry and enabling effective compromise tactics to be more rapidly deployed. We’ve seen criminal groups running affiliate programs and even bug bounties to help them better secure their crime platforms. The LockBit gang, which recently experienced law enforcement action, had over 14,000 “customers” using its platform to generate ransomware and extortion campaigns. Remarkably, one criminal gang offered a million dollars to those able to find defects or “doxing” to protect the security, integrity, and trust of its platform used for fraud and extortion. Given the innovation being leveraged and the accessibility of these platforms, it’s no wonder the scale of mainstream threats has increased so substantially – even more so due to competition between multiple CRaaS products from different criminal groups.
The packaging of these services and growing opportunities for attackers will lead to even more changes in 2024. Expect to see the much-loved ransomware tactic continue to evolve. Over the last year, many campaigns featured not just ransom, but extortion, in which criminals steal data from companies and threaten publication if they are not paid. This shift appears to be in response to more organizations having effective backup and restoration strategies in place for when ransomware strikes. By threatening extortion, criminals enhance the viability of this attack model once more. In some cases, the stolen data has also been made available for sale to other gangs – introducing horizontal and vertical fraud opportunities for the gangs and creating a much more difficult situation for security leaders to contain. In 2024, I would not be surprised to see threat actors not bothering to encrypt the data and simply focusing on the extortion part of the threat. This model enables them to profit without the pesky difficulties of encrypting files and disrupting serious infrastructure, such as a hospital. Much like security leaders, cyber criminals are always looking for opportunities to optimize their business.
While CRaaS and evolving ransomware trends present challenges for every organization, there is also plenty to consider in the more esoteric and high-end threat space as well. The Microsoft breach in the Storm-0558 attack demonstrates the impact of persistent, focused, and high-end attackers that target even a highly security-conscious organization.
All of us are generating more data and growing our digital infrastructure, and as we do so, we create more surface area and opportunity for attackers. However, over the years the industry has improved many technologies and enhanced various security architectures and models. In this way, security enhancements are acting as a counter-balance of sorts against cyber criminals. Still it is clear that our future will be more target-rich than ever for our adversaries.
Against this backdrop, there are four trends playing out that warrant the attention of security leadership, not only to guard against evolving threats, but also to position their organization to take advantage of vast opportunities for growth and success.
While I give a high-level overview of these trends here, the full white paper we've put together includes actionable best practices for CISOs for each of these focus areas. Download it here.
Generative AI
Whether you consider its impact to cybersecurity, business, broader technology, or society at large, AI is clearly going to be disruptive in the years to come. Almost every security leader I have spoken with this year is managing the balance of embracing this new technology and managing its risk – even as it continues to change in shape and size. This will clearly be a topic of much discussion in the coming years.
Most security leaders I have talked to also have at least introduced a rudimentary AI policy with some basic guardrails, but they are now looking at training to help them balance security and privacy while they embrace the benefits that AI brings.
Zero Trust Implementation
Zero trust principles and design have been considered for a long time, but the continued evolution of threat models and risk has brought them back to the forefront for 2024. I have heard many reasons for zero trust receiving renewed attention – supply chain attacks, ransomware effectiveness, or just the developing scale of data exfiltration followed by extortion – but I suspect this is also due to changes in our technology stacks that make many of these principles more implementable.
Even so, achieving zero trust requires a considerable amount of skilled work. To illustrate, years ago I watched several organizations attempt to implement zero trust but found themselves obstructing the business, as they could not meaningfully update policies with sufficient velocity and granularity. You need to be ready to realize the benefits with the right capacity and skills.
Cloud Security
OK, I’ll admit it. We’ve been talking about cloud for a long time, and I find myself a little surprised to be talking about it as a major focus of security leaders in 2024. But the facts are the facts. I have talked to many security leaders who have major cloud security projects planned for this year. Also, one only needs to look at the number of cloud security incidents to recognize it as a priority.
In fact, many CISOs have told me they are rushing to build their organizations’ cloud security capabilities. Since the accelerated deployment during the pandemic, they had been trying to use general security practitioners and DevOps folks to achieve a robust cloud security program. But subsequently they have realized that cloud security is a specialist skillset that requires specialist roles.
Cybersecurity Complexity and Capacity Development
There has never been such complexity and volume of risk to manage as businesses inevitably grow their technology footprint and attackers continue to scale their efforts. But we also live in a time of unprecedented cyber defense capabilities – remarkable tools and so much data. Indeed, when I jump in to review data breaches of organizations, it is not uncommon to find a huge percentage of the functionality available to them is not leveraged. It is no surprise, therefore, that a major theme in discussion with security leaders in 2024 is how they develop their cyber capability over time.
I’ve seen security leaders focusing more on job roles and skills mapping, defining clearer job grades for the litany of specialties required for the modern security team. Indeed, I’ve worked with some organizations that are mapping SANS training curricula and requisite skills to their defined job roles so that they can develop detailed talent development programs. This area of focus offers perhaps the greatest opportunity for organizational maturity.
There are many topics I could have picked to discuss, but these four cybersecurity trends rise to the top as a result of countless conversations with esteemed CISOs. There is no shortage of hype with which to contend, and security leaders have their focus pulled in a great number of directions. I trust that you will find my selections for this year thought-provoking, and that you will be able to go back to your team after reading this paper and add a highlight or priority to produce better risk management and security outcomes.
Remember, many of us share the same challenges. Even though our environments and businesses are different, there is a great deal to be said for sharing our lessons learned – that is, what works and what doesn’t. Consider participating in forums like the SANS CISO Network so that we can work together to more rapidly adapt to the threat and technology challenges of the moment.
I wish you a breach-free year and hope that you get an edge on these disruptive trends.
Download the full whitepaper here and get actionable guidance and best practices for harnessing the benefits that these four cybersecurity trends can bring to your organization.
.jpg "340x340_-_Blog_-_Why_SANS_infographic_-_Day_1_(2).jpg")
