網路安全快照： What’s in Store for 2024 in Cyberland? Check Out Tenable Experts’ Predictions for OT Security, AI, Cloud Security, IAM and more

The new year is upon us, and so we ponder the question: What cybersecurity trends will shape 2024? To find out, we asked Tenable experts to read the tea leaves. Their 2024 forecasts include: A bigger security role for cloud architects; a focus by ransomware gangs on OT systems in critical industries; an intensification of IAM attacks; and much more! 

1 - Cloud architects will take on security

Cyber-savvy organizations understand that security is key in the delivery and deployment of applications – and that it shouldn’t be something that’s tacked on as an afterthought right before moving them to production. 

As a result, we’ll see more cloud architects assuming responsibility for the security of their applications. Simultaneously, solutions originally designed for security practitioners will provide more capabilities for developers, so they are able to continuously improve the security of their applications without slowing down development.

For more information about software development security, “shift left” and DevSecOps:

• “Addressing the confusion around shift-left cloud security” (TechTarget)
• “The Big Interview: Jinhong Brejnholt, Chief Cloud Architect, Saxo” (The Stack)
• “Avoiding the Security Potluck: Good Governance Helps You from Code to Cloud” (Tenable)
• “How to Turn A DevOps Pipeline Into a DevSecOps Pipeline: A Shift Left Concept Overview” (Hackernoon)
• “Secure from the get-go: top challenges in implementing shift-left cybersecurity approaches” (CSO)
• “Secure Software Development Framework (SSDF) Version 1.1” (NIST)
• “Securing the Software Supply Chain: Recommended Practices Guide for Developers” (CISA)

2 - Orgs will consolidate, unify cloud security tool sets

It’s become clear to cybersecurity leaders that cloud native security allows their organizations to break up silos and provide a unified, contextual risk picture. Thus, organizations will accelerate their efforts to consolidate cloud security products and vendors. This will in turn yield not only more secure applications, but also better optimization of resources, skills and time, during a period when organizations are stretched to the limit.

In fact, this move away from tool and vendor sprawl, and towards unified tool sets will not be limited to the cloud security realm. Demand from CISOs for integrated security suites and platforms will reach new heights, because they allow security teams to see the big picture, assess their complete attack surface and prioritize remediation of their most critical weaknesses.

For more information about the benefits of integrated security tool stacks, suites and platforms:

• “Security vendor consolidation a priority for majority of organizations worldwide” (Cybersecurity Dive)
• “Rein in cybersecurity tool sprawl with a portfolio approach” (TechTarget)
• “Security Buyers Are Consolidating Vendors” (eSecurity Planet)
• “Exposure Management: 7 Benefits of a Platform Approach” (Tenable)
• “What cybersecurity consolidation means for enterprises” (TechTarget)

3 - Cyber insurers will tighten the screws on industrial companies

Industrial companies will be less able to rely on their cyber insurance for covering the cost of damages from a cyber incident. 原因是什么？Before issuing coverage, cyber insurers will conduct their due diligence process more stringently. And when they do offer policies to industrial companies, the scope of coverage will be more limited. As a result, industrial companies will need to be more proactive about managing their cyber risk, as opposed to being reactive and hoping that their cyber insurance will cover the costs of an attack.

And speaking of lowering cyber risk, CFOs and CISOs of organizations with OT systems will realize that now, more than ever, investments in OT security will yield a better cost-benefit than investments in IT security. In other words, spending in OT security has a much biggest impact on reducing risk.

For more information about cyber insurance trends:

• “Insurance Costs Rise, Coverage Shrinks, but Policies Remain Essential” (Dark Reading)
• “How To Obtain the Right Cybersecurity Insurance for Your Business” (Tenable)
• FTC’s “Cyber Insurance” page
• “What is cyberinsurance and why is it important?” (TechTarget) 
• “5 Cyber Insurance Trends To Watch Right Now” (CRN)
• “4 tips to find cyber insurance coverage in 2024” (TechTarget)
• “Insurer: Ransomware causes jump in cyber insurance claims” (Tenable)

4 - Proliferation of energy-monitoring sensors will heighten OT risk

Seeking to lower energy costs and avoid carbon-usage fines, organizations will increase the number of OT-based sensor deployments and controls. This will allow organizations to better manage their energy usage. However, having more internet-connected IoT and OT devices in smart buildings and in factory- and building-management systems will also expand their attack surface.

For more information about OT/IoT cybersecurity:

• “Why are Sensors the Key to IoT Cybersecurity?” (IEEE)
• “How to Tackle OT Challenges: Asset Inventory and Vulnerability Assessment” (Tenable)
• “How to enhance the cybersecurity of operational technology environments” (McKinsey)
• “Public Power Utilities’ Cyber Investment Key to Mitigate Greater Risk” (Fitch Ratings)
• “Why attackers love to target IoT devices” (VentureBeat)

VIDEO

The top threats to ICS systems (Tenable)

5 - Ransomware groups will target OT, collaboration technologies

Ransomware gangs will set their sights on two attractive targets: OT systems and collaboration technologies.

The allure of targeting businesses that depend on OT systems resides on two factors. First, it’s highly lucrative to go after these organizations, especially in the manufacturing industry. Second, the publicity that these high-profile attacks garner boosts ransomware gangs’ brands. This motivation fuels hacktivist groups in particular, as they look to give visibility to their causes by attacking organizations they oppose.

Meanwhile, ransomware groups will continue to evolve their tactics to hit multiple organizations with collaboration technologies. Targeting of a zero-day vulnerability in MOVEit Transfer – a secure managed file transfer (MFT) software made by Progress Software – was just the beginning. We'll continue to see these groups target zero-days and n-days in order to claim as many victims as possible.

Tenable experts also predict that while dozens of nations have pledged to not pay ransoms in cyberattacks, organizations of all sizes will continue to pay, even with no guarantees that the attackers will delete the stolen data. In fact, data will be 2024's most sought after resource for ransomware groups and their affiliates.

For more information about ransomware trends, check out these Tenable resources:

• “Critical infrastructure orgs warned about Snatch ransomware” (blog)
• “DHS shines light on ransomware trends” (blog)
• “Let’s quit paying ransoms: the International Counter Ransomware Initiative pledge” (blog)

VIDEOS

Tenable.ot Security Spotlight - Episode 1: The Ransomware Ecosystem

Tenable CEO Amit Yoran discusses MOVEit Transfer Hack on BBC Asia

Anatomy of a Threat: MOVEIt

6 - Spending on IAM security will skyrocket

Investment in identity and access management (IAM) tools will continue to grow in 2024, as ransomware groups and “hack-the-human” attackers, such as phishers, continue to compromise digital identities across organizations of all sizes.

As they grapple with higher cloud adoption and with a shortage of qualified cyber pros, organizations will heavily invest in IAM products, with the hope of being better able to stay ahead of bad actors and protect 2024’s most valuable resource: data.

For more information about IAM security:

• “Identities: The Connective Tissue for Security in the Cloud” (Tenable)
•  “Identity and Access Management: Developer and Vendor Challenges” (CISA)
• “Identity and Access Management Recommended Best Practices Guide for Administrators” (CISA)
• “Navigating the Top 10 Challenges in Cloud Identity and Access Management” (Cloud Security Alliance)
• “10 things every CISO needs to know about identity and access management” (VentureBeat)

Bonus: Stocking stuffers

And here are several quick takes from our experts:

• The expected Bitcoin Halving event in 2024 will be ripe for exploitation, as cybercriminals aggressively target it with AI-generated and deepfake video content, leading to the theft of tens of millions of dollars.
• In 2024, investment scams, including pig butchering, will increase exponentially around the world, exceeding $5 billion in losses.
• There will be an increase in attacks against AI platforms that will far exceed our understanding and ability to protect them, resulting in data leaks, data poisoning and cyberphysical effects.