Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Insights on the Evolving Cybersecurity Landscape
By Tom
Gorup, Vice President of Security Services, Edgio
Looking
ahead to 2024 and beyond, it is clear that the cybersecurity skills gap will
only continue to widen. However, by leveraging AI tools and investing in the
development of skilled cybersecurity professionals who can work effectively
with these tools, organizations can better protect their networks and data from
cyber threats and ensure they remain resilient in an increasingly volatile
security landscape.
AI will play a
significant role in addressing the skills shortage in the cybersecurity
industry. Machine learning and other AI-based tools will help security teams
automate a wide range of tasks, freeing up existing staff to focus on more
complex issues while reducing the complexities that come with disparate
tooling. For example, AI-based tools can be used to identify patterns in
network traffic and activity logs, reducing the need for human analysts to comb
through large amounts of data manually or the requirement for technology
specific expertise to understand the logs.
AI can also be
used to train security professionals more efficiently. Through simulation-based
training programs, security personnel can be trained to recognize different
types of cyber threats and attacks in a safe, controlled environment that can
replicate real-life situations. This allows them to gain experience and
practice their skills without risking potential damage to their organization's
network. Taking that one step further, AI models can be trained on internal
processes and policies to help drive consistent outcomes as analysts work
through various incidents.
People with the
skills needed to communicate with AI platforms will become increasingly
valuable in the cybersecurity industry in the coming years. While
highly-trained security engineers will always be in demand, the ability to
effectively work with AI tools and integrate them into an organization's
security infrastructure will be paramount. This will require a combination of
technical, communication and interpersonal skills, as these individuals will
need to collaborate not only with AI platforms but also with a wide range of
stakeholders, from IT teams to business leaders.
AI will be
increasingly leveraged by the software industry to detect and remediate
vulnerabilities, especially within open source products and
platforms.
The software
industry is constantly evolving, and it's becoming more and more evident that
AI will add strong value in identifying vulnerabilities - including buffer
overflows, injection attacks, and many others, as we move into next year. This
will be especially critical in open source software.
Speed is the
greatest advantage of using AI to detect vulnerabilities. AI can analyze code
thousands of times faster than a human can. This means that vulnerabilities can
be identified and remedied much more quickly, reducing latent
vulnerabilities of software
products.
Another
advantage of using AI in vulnerability detection is its ability to learn
iteratively from data. With traditional methods, identifying vulnerabilities
can be time-consuming, requiring manual testing and analysis. AI, on the other
hand, can learn from previously identified vulnerabilities and use that
knowledge to identify new ones more quickly and accurately.
The
proliferation of open source software has made it easier for developers to
collaborate with one another and speed up development times. However, in some
cases, it has also led to an increase in vulnerabilities. Open source projects
commonly have large numbers of contributors from all over the world, which can
make it challenging to monitor and maintain the security of the code. AI can
play a crucial role in addressing this issue by automatically scanning open
source projects for vulnerabilities and notifying developers of any issues.
The software
industry is already leveraging AI for vulnerability detection in a variety of
ways. For example, some companies are using machine learning algorithms to scan
code for known vulnerabilities, while others are using AI to analyze network
traffic for signs of attacks. As AI technology continues to advance, we can
expect to see more sophisticated approaches to vulnerability detection emerge.
AI-enhanced
security will cause bad actors to change their tactics, moving more toward
zero-day attacks.
AI-enhanced
security systems are expected to revolutionize the cybersecurity landscape by
identifying potential threats before they materialize, combing through vast
amounts of data to detect malicious behavior that may have otherwise gone
unnoticed. As a result, bad actors and will, in 2024, increasingly turn towards
zero-day attacks as their primary mode of cyber attack.
This shift is
primarily due to the growing effectiveness of patch management and
vulnerability management programs that businesses have put in place. While
these programs are not perfect, they have made it more difficult for attackers
to exploit known vulnerabilities to gain access to corporate networks. Instead,
bad actors are turning to zero-day vulnerabilities- vulnerabilities for which
patches and other remediations, such as those provided by security systems, are
not yet known or applied.
This trend is
only going to continue with the rise of AI-assisted security systems that can
scan source code and identify potential issues before they can be exploited. By
constantly improving their own attack methodologies to stay ahead of these
advanced security measures, cybercriminals are becoming more adept at
identifying and exploiting zero-day vulnerabilities. Over time, we can expect
to see a continued growth in zero-day attacks, as bad actors become more
skilled at finding new and innovative exploits to bypass even the most advanced
cybersecurity measures.
AI-enhanced
security is a double-edged sword. While it can provide organizations with new
and powerful tools to prevent cyber attacks, it also forces bad actors to shift
their tactics and focus on more advanced techniques. As we begin to rely on AI
technology to keep our data and systems secure, it is essential that we remain
vigilant against emerging threats and adapt our security strategies
accordingly.
CISOs who
are able to embrace a culture-driven approach to security and work bottom-up,
becoming one with the engineering and product teams, will be best positioned to
succeed in 2024. By focusing on building secure architectures and ensuring
security is considered at every step of the process, today's top CISOs will
provide lasting value to their organizations and help keep them secure in the
years ahead.
In today's
fast-paced business environment, CISOs are facing tremendous pressure to keep
their organizations secure amidst ever-increasing cyber threats and attacks.
But the traditional approach of simply enforcing policies and governance to
ensure security is proving to be inadequate. In order to truly build a culture
of security and achieve long-term success, the best CISOs are recognizing the
need to move beyond governance and policies and focus on the business itself.
The most
visionary CISOs will turn their sights towards partnering with the engineering
and product teams to help architect new applications with security at the
forefront. They understand that by being part of the conversation from the very
beginning, they can help ensure that security is considered at every step of
the process, rather than just being added as an afterthought at the end.
By closely
aligning themselves with the engineering and product teams, CISOs can work
bottom-up to drive a culture of security, rather than trying to impose it from
the top-down. This approach allows for security to be built into the very
fabric of the organization, rather than just being an add-on. Such an approach
is effective because it helps to ensure that every aspect of the organization's
technology ecosystem is secure, from the development stage all the way to
production.
The benefits of
this approach are clear. By moving away from a narrow focus on governance
success and policies, CISOs can help accelerate the adoption of "security
by design" in 2024 and beyond. This will enable organizations to stay
ahead of the curve when it comes to cybersecurity threats and ensure the
protection of not only sensitive data, but also the reputation and bottom line
of the business itself.
Based on the
emerging technologies and current trends in cybersecurity, it is expected that
DDoS attacks will continue to be on the rise and will only get bigger by the
year 2024. This underscores the importance of investing resources and employing
strategies to detect, prevent, and mitigate DDoS attacks in today's digital
landscape.
DDoS attacks
have been a thorn in the side of businesses for years, and it seems that they
will not be letting up anytime soon. In fact, based on current trends and
emerging technologies, DDoS attacks are on track to become even more frequent
and larger in scale by the year 2024.
One of the
reasons for this is the increasing availability of massive resources for
cybercriminals to launch these attacks. Attackers are more often compromising
web servers to run massive layer 7 or DDoS attacks, giving them more powerful
compute capabilities to increase the intensity of their exploit attempts.
In addition,
with the proliferation of Internet of Things (IoT) devices, more and more
devices are becoming connected to the internet, which can be exploited by
attackers to create massive IoT botnets for DDoS attacks. According to a recent
report, the number of IoT devices is expected to reach 38.5 billion by 2025,
providing cybercriminals with even more ammunition to launch DDoS attacks.
Finally, while
advancements in artificial intelligence and machine learning are being made to
combat DDoS attacks, cybercriminals are concurrently using these same
technologies to launch more targeted and sophisticated attacks. This
intelligence-led approach to DDoS attacks will only become more prevalent in
the coming years.
The
increasing reliance on web applications and APIs will continue to make them a
prime target for ransomware attacks. To mitigate the risk of compromise,
organizations must implement robust security measures and stay vigilant against
evolving threats.
Recent years
have seen a sharp rise in the number of web applications and API endpoints
being developed and deployed. While these applications and endpoints come with
numerous benefits, they also attract the attention of malicious actors who seek
to exploit vulnerabilities in them to gain access to sensitive data, infect
systems with malware, and demand ransom payments from victims.
One of the most
common ways that bad actors compromise web applications and APIs is through the
exploitation of known vulnerabilities in dependencies (code libraries),
operating systems, databases, and other software components they rely on. Once
a vulnerability is successfully exploited, the attacker can gain access to the
hosting web server and move laterally across the network, steal data, and even
install ransomware.
The evolution of cloud computing
technologies, and the distributed nature of modern applications and services
has increased the attack surface for most businesses. In addition, the overall
complexity of cloud environments leads to gaps in observability, which can make it challenging to
detect unauthorized activity.
To prevent bad
actors from exploiting web applications as a means of spreading ransomware,
companies can implement strong security measures that address common
vulnerabilities and even lower risk against zero-day threats. Implementing
strong multi-layer security measures including Web Application Firewall (WAF),
Bot Management, DDoS and API protection can go a long way in preventing attacks
and keeping sensitive data and operations safe. Since a chain is only as weak
as its weakest link, a defense-in-depth approach that includes these critical
security controls should be applied at a minimum.
WAF's in
particular, also provide the ability to deploy virtual patches, which can
prevent vulnerabilities from being exploited before patches or workarounds can
be applied to the vulnerable code or system directly, as applying the latter
safeguards sometimes take an uncomfortable amount of time in the real-world.
Additionally,
choosing security solutions that leverage artificial intelligence and machine
learning can help reduce risk against zero-day threats. Rather than relying on
known indicators and traditional signatures, solutions leveraging AI/ML can
detect anomalies, unusual behavior, and variations of previous threats to catch
new and evolving threats.
##
ABOUT THE AUTHOR
As the Vice President of Security Services at Edgio, Tom is responsible for overseeing the company's global security operations, ensuring the highest standards of quality, efficiency, and customer satisfaction. He has a proven track record of building and growing security teams, developing innovative technologies and processes, and securing organizations from emerging threats.
Prior to Edgio, Tom held several executive-level security positions, including Vice President of Security Operations at Alert Logic (now Fortra) where he led Alert Logic's global Security Operations Centers. Tom was also Co-Founder and Director of Security Operations for Rook Security where he oversaw its Managed Detection and Response services and developed proprietary security operations management technologies and processes for organizations ranging from fast-growing startups to Fortune 100 companies.
He is also a recognized thought leader and speaker in the security industry, as well as a decorated veteran who served in the U.S. Army. Tom served with the Army’s 10th Mountain and 101st Airborne Divisions. During his tours of service Tom served as a squad leader and received the Purple Heart, among other decorations for actions in combat.