Cyber Stock - 2024 by Vikas Chalke

Let me start this article by wishing you all “A very happy, healthy, prosperous and cybersecure 2024”. ?

?

As we are entering new calendar year, most of us are in the process of planning and defining our cyber priorities for 2024. It’s good time to take the stock of last years’ observations and learnings, and project some of the key expectations and predictions for the year 2024.

?

Year 2023 has been quite an eventful year for global cybersecurity industry.

Whether you talk about;

1.???? The data breaches executed on multiple leading global organizations exploiting the zero-day vulnerability in widely used managed file transfer software MOVEit offered by Ipswitch Inc.

OR

2.???? Attack on WordPress websites exploiting the known flaws in the theme plugins to redirect users to fake scammer webpages or links; which impacted millions of websites forming waves of successful attacks.

Attackers has time and again been using highly effective techniques of targeting the zero-day vulnerabilities in the well-known and widely used software, to penetrate through robust security systems of enterprises and successfully execute data breaches or ransomware attacks. Probably Sunburst was the first known high impact incident of such kind. It’s success has provoked more and more adversaries to execute such massive attacks in the recent years, may it be Log4j Shell vulnerability or vulnerabilities in Windows AD, or Chrome browser.

?

Year 2023 has also been the year of wars, whether it is Ukraine-Russia or Israel-Hamas. Midst of all this the nation-state sponsored attacks were also on high. Cyberattack on Ukraine’s power grids and financial institutions by Russian state-sponsored adversaries, or cyber espionage & disinformation campaigns by Ukraine, or ramped up cyber espionage campaigns by China state sponsored adversaries, or the 278% surge in state-sponsored cyberattacks on Indian enterprises and Govt organisations, all of these confirms growing interests and investments by various nation-state bodies in funding hacker groups for various economic and geopolitical/political reasons. As India is expecting General Elections in 2024, you can expect further increase in such attacks during this period. It’s time to be extra cautious even if you are a private enterprise.

?

Increasing targeted ransomware attacks causing data breaches like; Boeing data leak, DarkBeam data leak of 3.8 billion records, or 40 million citizens data leak from cyberattack on UK’s Electoral Commission, COWIN portal data leak in India, customer data leak of Indian ticketing platform RailYatri, or the recent customer data leak of Taj Hotels, are becoming serious cause of worry for security leaders.

?

And adding to their concern is the increasing penalties applicable under various data protection laws and cybersecurity compliances.

Recent examples like;

1.???? $1.19 billion penalty paid by Chinese firm Didi Global for violating states data protection law,

2.???? $877 million penalty on Amazon for GDPR non-compliance,

3.???? $575 million penalty paid by Equifax in recent years, or ?

4.???? $403 million penalty charged by Ireland’s Data Protection Commissioner on Instagram for violating children’s privacy and $345 million on TikTok for the same reason,

5.???? $277 million penalty on Meta (Facebook) by Ireland under GDPR against compromise of 500 million users’ personal information.

are some of the noticeable and frightening incidents.

?

Not just financial penalties but the recent example of lawsuit against Solarwinds & their CISO by SEC for fraud and internal control failures tied to undisclosed cybersecurity risks; raises a much bigger concern in the minds of global security leaders.

?

Use of GenAI by adversaries to execute more sophisticated and massive attacks successfully has gone high multifold in second half of 2023. This aggravates the concerns for security leaders entering 2024.

?

?

Amidst all this, what’s in stock for Indian cybersecurity industry in the year 2024? What should be our priorities for 2024? What technology tools and services can assist us in fortifying our enterprises? Which approach is best suited to deal with emerging and ever evolving threats? These and many such questions are revolving in our minds as we are entering the new year. Hereby I’m trying to put forth some of my thoughts and picks which might help you in your decision making.

?

Considering the experiences of the past year and anticipating the near future evolution of the global threat landscape & Indian market dynamics, have picked top 10 key areas to focus on.

?

1.???? Entering 2024, if we wish to protect our enterprises from ever increasing cyberattacks, it is important to reduce our attack surface and exposure. As they say “Prevention is better than cure”. Use of preemptive and preventive tools is highly recommended across different attacks vectors.

2.???? Application of uniform control policies across different resources and user sets can be an important step towards fortifying enterprise. Adoption of zero trust based unified secure access tools can be a recommended approach here.

3.???? As attackers are using GenAI to execute sophisticated attacks, we should introduce GenAI in our defense systems as well. Use of GenAI in detection and response space can enable us to better protect our enterprises. Also there should be defined policy around the use of GenAI at the employee level.

4.???? Data breaches are growing and so are the data protection laws. It’s time to use AI enabled analytics and risk management tools alongside your DLP to reduce the chances of data breach.

5.???? As Indian Govt, is in the process of implementing DPDPA in 2024, introduction of dedicated DPO (Data Protection Officer) is need of the hour for every mid and large enterprise who deals with PII in some or the other form. These DPOs need to work closely alongside CISOs to ensure data harmony.

6.???? In spite all this, some day we are bound to get breached. As we all accept this fact, it is important that we keep watch on our digital presence across surface, deep and dark web. The sooner we learn about these breaches, better is the chance of reducing the damage. It will enable us to inform all the stake holders and respective enforcement authorities in time. This can avoid hefty penalties, humiliating legal actions and brand destruction.

7.???? Modern applications are using micro-services / container architecture for agility and scalability. Use of APIs, sockets and webhooks for easy and quick integration is another widely used practice. In recent times we have seen many instances where attackers successfully used vulnerabilities in third party components to successfully penetrate and proliferate. This trend is expected to continue and grow in 2024. Therefore, continuous monitoring for enterprise vulnerability posture against latest threat intel is imperative. Emerging technologies like CAASM might be a good bet in this space.

8.???? For various economic and geopolitical reasons, attacks on OT & IOT environment of Indian enterprises and PSUs are expected to increase in 2024. Therefore, there is daunting need to implement a formidable security for your OT & IOT environment.

9.???? Use of GenAI in our Red & Purple teaming activities should also be considered to better prepare ourselves against future attacks.

10.? Cyber Awareness will continue to grab attention in 2024. You need your employees to identify GenAI initiated customized, sophisticated, and targeted phishing attacks. Ultimately an aware employee is always your first line of defense. ?

?

??

Hope you find this article useful in your security planning and prioritization process. In case you wish to have detailed discussion on any of these topics, feel free to reach me out.

?

?

-?????? Vikas Chalke

Founder & Director @ Sectonics

??????????? 1st January 2024