As 2023 draws to a close, it's time for cybersecurity experts to gaze into their crystal balls and predict what the next year has set in store for the security industry.
In the first part of our predictions round-up experts at My1Login, i-confidential, and OSP Cyber Academy reveal what they believe will be the biggest trends in the year ahead. Mike Newman, CEO of My1Login: Cloud migration will expand the attack surface.
In parallel, we are also seeing organisations migrate their entire corporate directory to the cloud, typically with platforms like Microsoft Entra ID. Many of the applications that historically integrated with the on-premise corporate directory for Single Sign-On will now require manual, password-based authentication, increasing the burden on users and also further extending the attack surface for malicious actors.
This means employees will have a continued, and potentially increasing, reliance on multiple passwords to access cloud applications that can't natively integrate with Microsoft Entra ID. But this leaves login credentials in the hands of employees, where they are least safe, and it also leaves worrying gaps in enterprise security.
Malicious actors will continue to exploit these gaps in the year ahead, but their attacks will be super charged with the power of Generative AI. They will use AI to spoof the login pages of legitimate applications, and create sophisticated phishing emails to trick employees into handing over corporate login credentials.
Ransomware attacks will continue to dominate the threat environment in the next year, and organisations must increasingly look to their people to help them survive in this digital battlefield.
They need to be continuous and updated regularly to ensure they remain relevant as attacks evolve.
When organisations view employees as their first line of defence, and arm them appropriately, it doesn't matter how phishing or ransomware attacks are executed.
Foundational security isn't a hot new topic, but its importance will continue to increase in the year ahead, especially in the face of Generative AI. People are still at the heart of maintaining security.
Organisations must focus on getting the basic principles right to help block attackers from getting into their networks.
The payback is that organisations will be in control of their security.
Organisations struggling with weaknesses in their foundational security will invariably need to turn to experienced security practitioners for help, not AI. Again, it is people who can make the biggest difference, helping to build foundational controls based on specific business needs.
Organisations still struggle to find people with the skills needed to fix their security problems.
In the year ahead, closing these gaps will become more important than ever because AI is set to change the threat landscape in the favour of adversaries.
No one can afford to overlook these security challenges.
Organisations need to look to these initiatives to address their control weaknesses and bolster their inhouse teams with new talent.
Thomas McCarthy, CEO of OSP Cyber Academy: AI will be weaponised by attackers and defenders.
In the year ahead, AI will be used as a mass-cyberattack tool, with criminals using the technology to launch sophisticated phishing scams at scale.
AI will be used to scan and exploit vulnerabilities across all IT systems and supply chains, and it will target people with social engineering and phishing.
To tackle the threat, we will see more defenders using AI to detect attacks quicker and learn about AI-generated phishing scams, so they can be blocked before they reach user inboxes.
This Cyber News was published on www.itsecurityguru.org. Publication date: Wed, 20 Dec 2023 15:14:22 +0000