Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
An Awakening for Supply Chains, Regulations, and (Hopefully) Bigger Budgets
By Greg Hoffer,
CEO, Coviant Software
2023 was a(nother)
bad year for cybersecurity and the organizations targeted by threat actors.
Attacks continued to rise, and the cost of those attacks reached new highs. The
Ponemon Institute says the average cost of a data breach is now $4.45M,
and those costs are much higher for organizations in industries like healthcare
($10.93M) and financial services ($5.90M). Cybercrime was estimated to have
cost the global economy more than $8 trillion in 2022 and the tally for
2023 is likely to be much higher. More troubling, attacks against hospitals may
be putting lives at risk.
Reports of
hospitals re-routing
ambulances and moving patients because ransomware attacks
knocked healthcare systems and medical equipment off-line are becoming more
common. And when healthcare facilities execute "code
dark" measures to stop the spread of malware, it can
delay or deny needed care and put lives in peril. In fact, Ponemon researchers
found a statistical correlation between cyberattacks and an increase in negative
patient outcomes.
Coviant Software's
industry niche found itself in the crosshairs when some vendors' products were
exploited by ransomware gangs in a series of digital supply chain attacks that
have proven devastating for those organizations affected. Researcher Bert Kondruss'
KonResearch
site has been compiling the numbers associated with one of the managed
file transfer product attacks and has it at 2,401 organizations directly
affected (not the partners downstream), and as many as 77.1 million individuals
whose data has been compromised as a result. It's almost enough to make someone
want to leave it all behind and live like
a hermit in the woods.
Prediction One: A
Great Awakening
That's why our
first prediction for 2024 is that there will be a significant increase in
conversions to the Amish and Mennonite sects as many individuals currently
involved in the digital realm give up hope that there will be a meaningful
breakthrough in cybersecurity. As they conclude that the bad guys will continue
to hold the upper hand, and seeing no other alternative, a new Great Awakening
will take place as thousands of former digital denizens unplug from modernity
and settle into a simpler, agrarian way of life. Today's coders will become
tomorrow's barn raisers and buggy riders, effectively air-gapping themselves
beyond the reach of the likes of Cl0p and REvil.
Prediction Two:
Moving the Chains
From the
conversations we've been having, it's likely that 2024 will see a lot of
organizations rethinking their approach to digital supply chain security and
the systems they use to move and manage data. The MOVEit attack has raised
awareness of the ways in which common processes like managed file transfers can
be exploited to devastating effect. That has caused a lot of organizations to
take a closer look at the tools they use and the way they are deployed. When
they find weak links, they will invest in replacements that are
secure-by-design. And for organizations that have been diligent in their own
processes, they will look downstream at their partners and that will cause many
to require contractual security standards as a condition for continuing a relationship.
Prediction Three:
More Regulations
Okay, this is
probably less a prediction and more a continuation of a long-term trend, but
we're confident that there will be more regulations added to the lawbooks in
2024. In fact, there are already several proposed regulations pending,
including in New York State where Governor Kathy Hochul will soon require
hospitals to hire a CISO and beef up cybersecurity capabilities. A November 13
announcement signaled new requirements for beleaguered hospitals, demanding
that they "establish a cybersecurity program and take proven steps to assess
internal and external cybersecurity risks, use defensive techniques and
infrastructure, implement measures to protect their information systems from
unauthorized access or other malicious acts, and take actions to prevent
cybersecurity events before they happen," and to establish "written procedures,
guidelines, and standards to develop secure practices for in-house applications
intended for use by the facility."
Prediction Four: A
Question of Budgets
Over the years
we've seen threat actors show their ability to be creative and resilient in
response to the countermeasures deployed against them. They've also flexed
innovative muscle adopting new technologies and techniques to make their
onslaught of attacks more effective. But we've also seen that the good guys are
excellent at developing better and better products that can help organizations
close their security gaps and respond to attacks faster and more effectively.
Our final prediction is that industries will begin to evolve their own
strategies, abandoning older tools and adopting those that are built to address
the threats they face. The only question is whether they will be given the
budget to make those needed investments.
Here's to a prosperous new year for all the good
guys.
##
ABOUT THE AUTHOR
Gregory Hoffer is CEO of Coviant Software, makers of the award-winning and
secure-by-design Diplomat MFT manage file transfer solution.