Eyal Mamo, VP of Engineering at Crowdstrike and former co-founder and CTO of Bionic, offers insights into the evolving cybersecurity landscape for 2024: 1. The impact of API-based data breaches will light a fire under the CISO’s seat to strengthen API security posture.
Looking back at 2023 data breaches, it’s clear that vulnerable APIs were the preferred attack vector for hackers — much as Gartner predicted. Part of the reason why APIs are such an attractive entry point for breaches like Twitter, Optus, and CircleCI is the fact that other companies host third-party APIs: it means that a developer can’t see the source code, so they cannot possibly know how their data is used and stored and most importantly, these assets are not within the traditional perimeter, meaning that traditional security controls don’t apply to them
In 2024, CISOs and front-line security professionals will start to truly recognize the importance of a mature API security posture – featuring a complete inventory of APIs and the data they transmit, followed by an automated test program and continuous monitoring. This emphasis on API security will be a stark change from the past three to four years, which focused more on infrastructure-based attacks.
2 . We will see more M&A activity in the DSPM space as the cloud becomes cybersecurity’s next battleground.
The uptick in M&A activity within the cyber sector in 2023 — such as Palo Alto Networks acquiring Dig Security and Talon — will continue into 2024 as major players in the space try to put their stake in the DSPM game. The cloud is cybersecurity’s new battleground, with tool sprawl and solution siloes creating backdoors for threat actors. Expect industry leaders to borrow the wisdom of tool consolidation and seek acquisitions that will bolster their platforms and achieve data visibility at scale.
Having just sold my company – ASPM vendor Bionic – to CrowdStrike, I’m intimately aware of the necessity for cloud security vendors to expand their proactive and reactive offerings for security teams fending off sophisticated AI-powered attacks.
3. Security teams will move away from the CVSS scoring mechanism and more toward context risk scoring to see which vulnerabilities are truly exploitable and impact the business.
Since 2016, new vulnerabilities reported each year have nearly tripled. With the number of discovered vulnerabilities increasing at an exponential rate, organizations need to move past CVSS for vulnerability prioritization in 2024 and toward context risk scoring. While CVSS demonstrates how easily a package can be hacked, it fails to provide more detail on how an organization uses an application, where it’s deployed, data connections, and exploitability. That context is crucial for rapidly prioritizing and fixing critical threats before they impact the business.
By moving toward context risk scoring in 2024, businesses will be able to turn down the noise from irrelevant security alerts and refocus professionals’ attention on the 5-10% of alerts that are exploitable and create business risk. This is especially important as the surge in applications and shift to continuous delivery in the coming year will introduce new attack surfaces and attack vectors at an unimaginable rate.