The Cybersecurity Landscape in 2023-24

The threat from cyberattacks has increased over the last few years, and this trend shows no signs of decreasing. We all know the significant threats: Ransomware, DDoS, data breaches, insider threats, and more.?

Industry experts and analysts agree that cybersecurity defence will become a top concern for Board and C-Suite leadership teams in 2023/24 — if it's not already one of their top concerns. At the end of March, Gartner held the APAC Gartner Security & Risk Management Summit in Sydney, Australia. During the summit, they reiterated their top eight cybersecurity predictions for 2023-2024 (see ref 1 below). In the next section, I'll summarise and comment on what the Gartner Analysts predict.

The changing technical landscape and shifting working practices to include more remote & hybrid working will continue to make things challenging for those tasked with cyber defences. A February IO World Asia article contained interesting data and quotes from industry leaders in multiple organisations about what the next two years could bring. I'll call out some interesting items from that article below, and you can read it in full via ref 2.

The Gartner Predictions

Gartner analysts predict CISOs will try new ways to counter non-technical cybersecurity issues and threats. They also highlight the stress of being a CISO — often running understaffed teams or relying on MSSPs vis managed Service contracts. The 8 predictions fall into these categories:

People-related - Staff are the weakest link in the cybersecurity chain. Irrespective of the protection solutions deployed and the training given to help people spot suspicious activity, they make mistakes and take shortcuts to get jobs done sooner. Gartner quotes a finding from their research that 90% of employees admitted activities that would increase cyber risk — even though they knew this to be the case. They also predict that 75% of employees will add or modify existing IT in ways that are invisible to the IT team — creating a significant security risk. Attempting to deal with this human factor in cybersecurity will drive half of CISOs to adopt human-centric cybersecurity design practices to try and minimise unpredictable human actions.?

Technology-focused - There will be wider adoption of zero-trust cybersecurity programs, although they predict a 10% adoption rate in large enterprises by 2027. Which feels low given the threats Enterprises face and the benefits of a zero-trust approach. They see incremental adoption of the technique, but I hope we see more zero-trust used than they forecast.?

Technical threat detection, analysis, and response solutions will get more sophisticated over the next two years. They will be able to prioritise threats based on exposure management data and rules tailored for each organisation. Unified platforms will emerge and be adopted to centrally manage risk, analysis, and response to threats against the ever-changing technical landscape.

Regulatory - New privacy regulations will be in place around the globe and will cover the majority of organisations. Gartner sees the adoption of strong data privacy controls as a differentiator that can give businesses an advantage over their competitors. While also making their data more secure.?

Business-focused - Gartner cites their own research that shows that half of CISOs will have tried to use cyber risk qualification to drive enterprise decision-making. Data from those who have tried this approach are not encouraging as most fail to see beneficial results such as reducing risk, saving money, or influencing decision-making.?

On the upside for CISOs, Gartner thinks that nearly three-quarters of Boards will include a cybersecurity expert in the top decision-making body. On the other hand, they also predict that a quarter of CISOs will quit their jobs (or the CISO role entirely) due to the stress that comes with it.?

Some Comments on the IO World Asia Article

The first fact that leaps out of the IO World Asia article linked from ref 2 is that a fifth of enterprises worldwide got targeted by a ransomware attack in 2022. Of those attacked, 43% suffered a noticeable impact on their operations. Ransomware is the current most significant attack risk and is likely to remain so as cybercriminals make use of easy-to-use attack kits available for anyone without the skills to create their own. Ransomware as a service is here and not going away. According to sources cited in the IO World Asia article, the financial impact of cyberattacks is growing at 15% per year — a figure that aligns with qualitative data from industry and other quantitative data sets.

Trends in cybersecurity that experts quoted in the article see as significant in 2023, and therefore 2024, include:

? Cybersecurity for Remote and Hybrid workers - Remote working is the new normal for many organisations. Indeed, many employees and job seekers now list it as mandatory if they are going to stay at or take a new job.?

? Detection and response tools will go mainstream - 24x7 network and endpoint device monitoring are essential to delivering cybersecurity in the current threat landscape. Endpoint Detection and Response (EDR) plus Network Detection and Response (NDR) will see wider adoption. Often these will be parts of broader Extended Detection and Response (XDR) solutions and increasingly operated by external security companies via Managed Detection and Response (MDR) services. The wide range of tools deployed will feed data and alerts to centralised Security Event and Information Management (SEIM) platforms that deliver the overall security big picture.?

? The cybersecurity job market will remain dynamic - There is an acute shortage in the number of experienced cybersecurity professionals needed to fill all the cybersecurity roles in organisations. As a result, they are in high demand and attract high salaries and other benefits. This shortage also drives the move to use external Managed Security Service Providers (MSSPs) rather than try to build and maintain an internal cyber security team in the ferociously competitive job market. MSSPs can attract the best experts and spread the costs of retaining them across multiple clients.

? AI using ML and LLM will see a new technology race?- Both bad actors and cyber defenders will use Machine Learning (ML) based tools to attack and defend IT systems. The recent emergence and uptake of Large Language Models (LLMs) like ChatGPT are already used by cyberattackers to compile better emails and messages used in Phishing and other social engineering attacks (web pages, dummy press releases etc). These LLMs allow criminals to construct believable attack emails in multiple languages with better grammar and tone than they can with tools like Google Translate. I've already seen reports of these better emails evading SPAM and Malware filters, which increases the risks of a staff member being fooled by one and disclosing data or clicking on a malicious link. SIEM and detection tools will increase their use of ML in order to rapidly learn about and counter these and other new threats.

? Cybersecurity culture and awareness will be vital - The increasing threats and the sophistication of deceptive messages in multiple languages will make it more critical than ever that everyone in an organisation knows they are part of cyber defence. A culture of cybersecurity awareness will be fundamental. Staff (and anyone else using IT systems) will need to adopt a highly defensive and sceptical posture. Giving out information and clicking on links in emails or messages must become something that doesn't happen. Training people to be over-cautious will help offset the risks from attackers.

? IoT & Edge via 5G will continue to expand the attack surface - The use of computing and sensing nodes out in the built environment will continue to accelerate. Often in conjunction with Edge computing technology to collect and process data as close to the source as possible. IoT devices are notoriously insecure, so this expansion will need special attention from cyber security teams to make sure the expanding IT footprint doesn't open core systems to attack.

? Global tensions will continue to impact cybersecurity - Tensions between countries will continue to drive state-backed cyber-attack activity. Critical resources such as power generation, water services, healthcare, transport, and manufacturing will continue to be targeted by adversarial countries. Hopefully, tensions in the South China Sea and over Taiwan will recede rather than add to the already fraught cyber-attack activity by Russia against Ukraine and its allies.?

Conclusion

Cybersecurity is challenging and will only become more central to every organisation, large and small, this year and next. On the positive side (stress notwithstanding), working in cyber security to protect people, data, and IT systems is exciting and a worthy career path.

At Halodata, we are focused, along with our partners and vendor network, on providing the best advice and solutions available for every organisation to protect their IT systems. Now and into the future.

References

1. Gartner: Gartner Unveils Top Eight Cybersecurity Predictions for 2023-2024 - https://www.gartner.com/en/newsroom/press-releases/2023-03-28-gartner-unveils-top-8-cybersecurity-predictions-for-2023-2024

2. IO World Asia: The Landscape of Cybersecurity In 2023 - https://cioworldasia.com/2023/02/08/the-landscape-of-cybersecurity-in-2023/