The cybersecurity landscape is a menacingly bad neighborhood, with threat actors constantly prowling and developing new and more sophisticated attacks.
Recent research has shown a substantial increase in global cyber threat activity over the past year, and the expanding enterprise attack surface has made it more difficult for organizations to defend critical assets than ever before. While the current industry outlook may appear to be doom and gloom, there is reason for optimism as we move towards 2024.
The unrelenting nature of nefarious actors is what fuels evolution in cybersecurity. The cybersecurity industry is regularly evolving to improve the security of modern enterprises and counter emerging threats. But still, there are three trends within cybersecurity that give organizations reasons to be optimistic about protecting their networks and data.
1) Public/Private Collaboration
The threat of information sharing within the public and private sectors traditionally has been tenuous at best, often clouded by a lack of trust. Companies may have been reluctant to share information on an attack, for instance, out of fear of disclosing sensitive information or suffering a loss of reputation. In many cases, organizations concentrate on protecting their own systems.
However, there is a growing interest in collaboration across sectors, industries, and geographies. This collaboration places a greater emphasis on sharing threat intelligence and threat detection content and knowledge that can support proactive defenses.
It’s an important — and necessary — development because cyber threats aren’t confined to particular sectors or locations. For example, a supply-chain attack such as the one using SolarWinds software affected public and private organizations alike, including large corporations and government agencies.
Ransomware attacks, such as the one on the Colonial Pipeline, often have significant downstream impacts. The idea of any enterprise handling its own cybersecurity in a vacuum is no longer tenable in an age of highly distributed cloud systems.
The federal government is also looking to lower the barriers to information sharing. The White House Executive Order on Cybersecurity, along with subsequent federal guidelines and mandates, emphasizes the importance of information sharing between the public and private sectors. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 sets rules for applicable industries to report attacks. The Securities and Exchange Commission recently issued new rules requiring public companies to report cyber incidents and provide annual updates on their cyber risk management, strategy and governance.
Technology and business leaders are seeing the advantages of collaboration and how shared information can be used in threat detection and response. A recent example is how a Chinese threat group's attack on email accounts was mitigated through collaboration among technology providers, customers and government agencies.
2. Protections Against Insider Threats
Organizations today are keenly aware of insider threats and becoming more adept at mitigating them.
Cybersecurity traditionally has focused on external threats, but attacks that start inside an organization, whether intentional or accidental, have risen significantly since the onset of the COVID-19 pandemic. The 2023 Verizon Data Breach Incident Report found that one out of every five breaches originate from the inside, and additional research revealed that more than 75% of CISOs expect data loss from insider events to increase at their company in the next 12 months.
Fortunately, enterprises are making strides in countering those kinds of threats. Organizations are committing more resources to training and giving employees a better working knowledge of detecting insider threats. Additionally, IT teams are moving away from relying strictly on Data Loss Prevention solutions based on known attack signatures and adopting more advanced solutions, including those focusing on behavioral analytics. For example, newer solutions are making use of artificial intelligence (AI) techniques to analyze real-time and historical activity and identify behaviors that can be precursors of insider threat attacks.
Whether the threats originate from compromised accounts, the inactive accounts of departed employees, or the malicious actions of a disgruntled insider, the renewed focus on insider threats can help stem the rising tide in recent years.
3. The Maturation of Artificial Intelligence
Speaking of artificial intelligence, recent advancements in AI, especially machine learning (ML), promise to bring substantial innovations to cybersecurity.
ML has been used for some time to detect certain threats, such as phishing campaigns and malware, and it also helps security teams recognize suspicious behavioral patterns and anomalies in real time. However, the downside of those enhanced detection capabilities includes generating a significant number of false positives, which take up security analysts’ time and create alert fatigue. The industry can now build on the foundation of those early-generation tools to reduce the number of false alerts and help identify more sophisticated, subtle attacks.
The growth of distributed cloud infrastructures and the Internet of Things (IoT) have created more data and more network identities – human and non-human – than IT teams can hope to manage. On top of that is the reality that threat actors themselves are avidly incorporating AI into their arsenal and to conduct attacks.
Nevertheless, AI’s coming of age can give organizations the necessary visibility, speed and accuracy to defend against the onslaught of cyber threats effectively. The next generation of advanced analytics will help support continuous monitoring across the entire enterprise, enable security teams to identify attacks in real time, initiate responses, and reduce false positives to deliver material alerts. Expanding the use of tools like AI can speed investigations and remediation efforts by empowering analysts and engineers to take more meaningful action.
Renewed Hope
Cybersecurity is often rife with bad news, and with good reason. The threats are real, and they are becoming increasingly destructive. But the cybersecurity industry isn’t sitting on its hands, either. Business and government leaders recognize the importance of an effective, unified defense. Initiatives such as greater public-private information sharing and collaboration, a reinvigorated focus on insider threats and continuing improvements in AI provide reasons for optimism.
These recent and ongoing developments can put organizations on equal footing with threat actors and, in some cases, even give them the upper hand.