Attackers could more often use zero-day vulnerabilities to target multiple organizations, said Dick O'Brien, principal intelligence analyst at Symantec, part of Broadcom, an enterprise tech vendor.
To combat this social engineering attack, Tavakoli recommended organizations conduct employee awareness training, regularly determine their overall security posture and ensure their downstream security measures can handle an employee falling for a phishing attack.
In 2024, CEOs will likely be working more closely with CSOs and CISOs to determine where to best spend budget security-wise, said Chuck Randolph, CSO, and Marisa Randazzo, executive director of threat management, at security vendor Ontic.
Organizations should conduct a risk assessment and ensure stakeholders have a say in the security budget, he advised.
Randolph and Randazzo said there could be a convergence of IT security with physical or corporate security, such as identifying and monitoring potential insider threats and disgruntled employees.
CISOs can offer input on IT security, they added, while CSOs consider workplace violence issues.
Expect to see more organizations embrace identity verification in 2024 to ensure employees, partners and customers are who they say they are during account onboarding, especially as AI improves.
Organizations should invest more in proactive security tools and technology in 2024 to better detect vulnerabilities and security gaps, said Maxine Holt, senior director of research and content at analyst firm Omdia.
With proactive security, she said, organizations can learn where to best spend their budget for their specific use cases.
Holt recommended organizations research proactive security technologies to decide which could most help them.
Attack surface management, including cyber asset ASM and external surface ASM. Security posture tools for applications, cloud and data.
Attack path management and security control validation, including penetration testing, red teaming, and breach and attack simulation.
IoT adoption continues strong, and so does the lack of appropriate security measures on embedded devices.
Breaching a third party, such as a vendor or partner organization, can net attackers more lucrative outcomes.
Third parties have their own security strategies and infrastructure, which might not stack up to those of their customers, opening further vectors for attackers.
There's no easy answer for organizations worried about third-party security, either.
Cox said while it's difficult to enforce a certain level of security with third parties, organizations should consider creating a security checklist their vendors must follow or require third-party security evaluations before doing business with any vendor.
Certain vendors could be identified as red flags and affecting an organization's ability to get a policy in 2024.
Organizations might have to spend time vetting their current and potential vendor partners if cyber insurance providers want more say in their clients' security posture, she said.
Kyle Johnson is a technology editor for TechTarget Security.
This Cyber News was published on www.techtarget.com. Publication date: Thu, 14 Dec 2023 18:43:05 +0000