2024 Cybersecurity Trends and Predictions
Welcome to Trend Micro’s monthly newsletter, The Strategic CISO. Discover the latest and most popular blogs from the CISO Resource Center, a dedicated space for the latest strategic insights, best practices, and research reports to help security leaders better understand, communicate, and minimize cyber risk across the enterprise.
Our goal is to inform security leaders about best practices, the latest industry insights, and more. Let us know what you would like to see from The Strategic CISO newsletter.
2024 Cyber Insurance Predictions
It’s hard to believe it’s been a year since we made our predictions for the top cyber insurance trends of 2023. Looking back, even we were surprised by how accurate those turned out to be: #cloud misconfigurations have driven up insurance claims; insurers are favoring organizations with #XDR solutions; vulnerability prioritization is top of mind; and, in Europe at least, managed security services are becoming a pre-requisite for cyber insurance.
With the cyber insurance industry continuing to evolve—and the threat landscape along with it—here are our thoughts on what’s in store for 2024.
Prediction #1: Insurers will expect modern attack surface management
SEC Rule 106 will make modern attack surface management (ASM) an increasingly key cyber insurance requirement in the coming year. Modern ASM provides the visibility and monitoring to satisfy the rule and at the same time ticks all the boxes that matter to insurers.
Prediction #2: Underwriters will use vulnerability prioritization to assess risk
As underwriters in cyber insurance companies continue to deepen their understanding of the vulnerabilities that lead to breaches, they will concentrate on those they consider to be most critical and exploitable, and will factor them heavily into their risk assessments.
That means organizations will need the ability to prioritize vulnerabilities themselves—and to show their insurance providers that they’ve done so effectively. They’ll also want their tools to allow them to patch critical vulnerabilities quickly.
Prediction #3: Insurers won’t cover manufacturing breaches?
Manufacturing is a critical industry, vital to individual national economies and international blocs of supply chain and trading partners. An attack on a manufacturer may be less about harming a specific business than about causing economic disruption. In situations like these—especially if multiple manufacturers were to be hit at once—insurers might consider attacks to be acts of war instead of cybercrimes, and acts of war are excluded from coverage.
Given this, it is absolutely critical for companies to establish comprehensive security strategies for their OT environments separate from counting on cyber insurance.
Prediction #4: IR plans will become mandatory
Many organizations have established a risky relationship with their cyber insurance, treating it as an alternative to having a detailed incident response (IR) plan. But cyber insurance policies don’t spell out the procedural whats, hows, and whens of an IR plan, leaving critical gaps should a breach occur. Insurance companies know this and are likely to put a stop to the practice by making documented, tested IR plans a mandatory cybersecurity insurance requirement.
Find out more about these cyber insurance predictions in our blog "Cyber insurance requirements: What’s in store for 2024 "
Critical Scalability: 2024 Cybersecurity Predictions
2024 is poised to be a hotbed for new challenges in #cybersecurity. As both economic and political terrains continue to undergo digitization, enterprises will increasingly leverage artificial intelligence and machine learning (AI/ML), the cloud, and Web3 technologies. While these innovations are expected to lend a hand to organizations, they also provide opportunities for cybercriminals by promising big returns, more streamlined operations on wider impact zones, and more targeted victims.
领英推荐
In their pursuit of catering to their organization’s evolving needs, business leaders are faced with a unique challenge: They must strike a balance between foresight and operational hardiness anchored in technological investments. In this report, we detail the focal points of next year’s threat landscape, along with insights and recommended mitigation measures from Trend Micro’s team of cybersecurity experts that are designed to guide decision-makers toward well-informed choices for the year ahead:
Learn more about these 2024 cybersecurity predictions in our blog, "Critical Scalability: Trend Micro Security Predictions for 2024 "
Zero Day Initiative: 2023 Roundup
We’ve successfully orbited our star once more and are full throttle into the new year. Before we roll too fast into 2024, let’s pause for a moment and look back at some of the highlights of the past year.
By the Numbers
In 2023, the #ZDI published 1,913 advisories – the most ever in the history of the program. This is the fourth year in a row that eclipsed our previous record. While it’s unlikely we’ll keep up a record-breaking pace for a fifth year in a row, it does speak to the overall health of the program.
A Year of Pwn2Own Competitions
Back in January, we announced our first-ever Pwn2Own Automotive competition in Tokyo, and now we’re just a couple of weeks from that event. We already have several registrations, so I can’t wait to see what exploits researchers put on display.
In February, we held Pwn2Own Miami, which focuses on industrial control systems (ICS) and SCADA targets. During that event, we saw the debut of ChatGPT in the competition. We also awarded over $150,000 for 27 unique 0-day vulnerabilities.
In March, we returned to Vancouver for the original edition of Pwn2Own. The highlight of the event saw the team from Synacktiv exploit the Tesla Model 3 head unit on their way to winning $350,000 (and the Tesla Model 3 itself). We used the head unit instead of the car itself because we were concerned the exploits may cause the vehicle to move uncontrollably. Safety first.? In total, we awarded $1,035,000 during the three-day contest.
Moving into the new year, we anticipate staying just as busy – especially in the first quarter. We currently have more than 500 bugs reported to vendors awaiting disclosure. We have #Pwn2Own Automotive and Pwn2Own Vancouver just on the horizon. Don’t worry if you can’t attend in person. We’ll be streaming and posting videos of the event to just about every brand of social media available.
#TrendTalksThreat: 2024 Cybersecurity Predictions
In this episode, Jon Clay, VP of Threat Intelligence at Trend Micro, discusses five cybersecurity predictions for 2024 and how events in 2023 have influenced them. He addresses generative #AI, machine learning, cloud-native worms, cyber insurance, cyberwars, blockchain, and more.
Listen to the full episode of the podcast on Spotify: "2024 Cybersecurity Predictions "
Before you go:
What cybersecurity trends are you anticipating in 2024? Let us know below.
Assistant ?? aramco
10 个月???? ????? ??? ????? ???? ??? ????? ???????? 0599255515 ??? ????
Deputy Manager Sales (Fortinet Business)
10 个月thanks for sharing
Driving results with creative solutions, proactive multi-layered security, and value for innovation and risk analysis.
10 个月Looking forward to changes in cybersecurity awareness & how companies start to address public asset visibility for 2024. I think big changes are on the way this year as we become more aware of how our assets are continuously scanned by bad guys. First stage to an attack is identifying what is exposed and how to attack it at a future date from a previously unknown & uncatagorized non malicious IP’s. I believe we will see a lot more targeted attacks this year with AI maturity as part of the attack chain. It’s going to take looking at the attack chain more seriously to stay ahead of the bad guys. If we think patching quickly is going to even keep us halfway safe we need to reassess what we are attempting to do all together. Most serious attackers identify a way to gain entry into systems when patches can’t be deployed quickly enough. By that time the game is over and their mission is accomplished. Investing in better AI capabilities in endpoint protection is a great first step but relying on this alone is a big mistake if we want to prevent disruption in our enterprises and massive revenue loss. Step one should be to not allow bad guys to scan us at all with even low level scans. Im amazed security vendors haven’t approached this yet
Deputy Manager, Business Development
10 个月Thank you for sharing this.