Brian Contos, Sevco Security, offers a glimpse into the future, predicting how ransomware may impact global supply chains, the rise of cybercrime-as-a-shortage, and the forthcoming AI arms race in 2024.
Brian Contos, Cybersecurity Author and Chief Strategy Officer at Sevco Security
Increase in Ransomware Impacting Global Supply Chain Operations
As the Panama Canal faces severe challenges due to drought and forces shippers worldwide to adjust to painful consequences, the worldwide supply chain has suffered. If a drought can cause this much damage, imagine what challenges ransomware could bring to our global critical infrastructure. A ransomware attack on the Panama Canal would likely result in a payment being made to get the canal back up and operational, simply due to the impact its closure would have on the global supply chain. In 2024, we can expect to see ransomware targeting strategic supply chain locations that would warrant payments being made quickly to get operations back up and running.
In 2024, we can expect to see more cybercrime-as-a-shortage. There are only so many cybercriminals skilled at developing attacks and writing zero-days. Therefore, we can expect to see an increase in cybercriminals turning to the dark web to pay for support around sophisticated phishing campaigns and DDoS attacks. As the number of opportunities for cybercriminals increase at a rapid pace, cybercrime groups will turn to the dark web for the resources to continue to successfully conduct large-scale attacks.
AI as an Arms Race
As bad actors experiment with how they can leverage AI as it relates to phishing scams, the time is approaching where we’ll witness an AI arms race. AI will start a new surge, similar to the jump we saw from the evolution between firewalls and VPNs to vulnerability scanners and multifactor authentication. AI can be the superpower aiding cybercriminals to evaluate environments at lightspeed and uncover unprotected devices sooner. What may have taken months to uncover before AI, can now be uncovered in mere days. We’ll see bad actors leverage the power of AI to develop increasingly powerful, sophisticated, customized attack techniques that we must race to stay one step ahead of.
Cybersecurity as an Integral Part of the Board
Despite boards claiming cybersecurity as a priority, many have a long way to go in terms of improving their organization’s cyber resilience. In 2024, we’ll begin to see cybersecurity expertise become an integral part of the board’s DNA to adhere to today’s fiduciary responsibility. With zero tolerance for guesswork, we can expect 90 percent of boards to have a dedicated cybersecurity expert to ensure companies can accurately assess the business impact from a security perspective across tools and initiatives.
Assets Are No Longer Strictly Devices
The days of thinking of assets as a device are dead. Assets today can encompass everything from identities to applications to cloud infrastructure to IoT. Organizations need more than a SIEM analyzing its firewall, they need the ability to look at everything across their network in real-time to gain a comprehensive and dynamic view of their asset inventory. We must evolve and redefine what assets truly encompass to arm ourselves with the intelligence to make smarter, faster decisions and improve overall cyber posture.
Insider Threats Will Increase
With the current uncertain economic environment, we’ll unfortunately see layoffs continue into 2024. If organizations are not diligent about spinning down assets or turning off credentials of past employees, they can leave themselves open to unnecessary risk from disgruntled former employees. With legacy solutions lacking the context required to effectively manage the network, organizations must turn to asset intelligence to protect the entire attack surface.
Asset Intelligence Will Rise Amidst New Regulations
With recent regulations and upcoming mandates featuring strict disclosure requirements, we’ll see businesses turn to asset intelligence to better understand activity across their networks. Organizations will be forced to disclose breaches within a certain period, so the intelligence to understand the impact of those breaches quickly and accurately will be imperative. While the government continues to do their part by creating the regulations, it is now up to the businesses to adhere to those regulations by demonstrating the security tools in use are effective.
MSSPs: SMBs New Best Friend
Cybercriminals often target SMBs due to their limited security resources. While SMBs understand the importance of integrating cybersecurity across the organization, many simply don’t know where to begin. In 2024, we’ll see the heighted cyber landscape force SMBs to augment their limited tech and security resources with MSSPs to prevent attacks and mitigate the damage when data is compromised.