Last updated at Fri, 19 Jan 2024 15:24:50 GMT
By Caitlin Condon, Senior Manager, Vulnerability Research at Rapid7, and Christiaan Beek, Senior Director, Threat Analytics at Rapid7
It’s that time of year again — time for the annual tradition of cybersecurity predictions. Here at Rapid7 we’ve seen a whole lot of threats and exploited vulnerabilities in 2023, many in the form of zero days. So it can be a little overwhelming to think about what could be in store for us in the year ahead.
We thought we’d start off by asking ChatGPT for its predictions.
Unsurprisingly, it gave the answer, “increased emphasis on AI and machine learning.” ChatGPT explained that AI-driven systems can better analyze and detect anomalies, and that we may see even more AI-powered tools for threat detection, response, and automation.
Well, there you have it folks, ChatGPT TO THE RESCUE!
This “prediction” is pretty obvious, and everyone in the cybersecurity industry knows it. But more importantly, it doesn’t solve the huge issue that exists in the cybersecurity industry: We’re all focusing on what could be without having the basic mechanisms in place to address what is.
So instead of making 2024 cybersecurity predictions, we suggest you make the following three resolutions and a promise to yourself that you will lay the groundwork to make them happen in 2024.
Resolution 1: Just implement MFA already
It seems like every CISO has spent 2023 getting up to speed on AI. Certainly AI will play an important role in 2024, both in the opportunities it presents to defenders as well as the security challenges it brings.
From a cybersecurity standpoint, however, it’s still important to keep your business focused on the basics such as correctly implemented multi-factor authentication (MFA). That’s because in 2024, a business is significantly more likely to be breached due to weak MFA than it is by an advanced-AI cyber attack.
Our 2023 Mid-Year Threat Report found that 40% of incidents in the first half of the year stemmed from non-existent or poorly enforced MFA. Our message is simple: implement MFA now, particularly for VPNs and virtual desktop infrastructure. It’s the best and most important accomplishment you can make if you haven’t yet done so.
Resolution 2: Learn from what file transfer vendors did right
Without a doubt, 2023 was the year of file transfer vulnerabilities, with MOVEit Transfer dominating headlines. However, we expect 2024 to be slightly different based on our experience with these vendors’ response processes.
The file transfer software providers Rapid7 researchers disclosed vulnerabilities to were extremely responsive, fixing vulnerabilities in half the time it usually takes and proactively looking at ways to mature their vulnerability disclosure programs.
In fact, some of these organizations now have more established patch cycles and vulnerability disclosure mechanisms in place (hooray!), as well as security programs implemented where products are reviewed more frequently. These proactive cycles should result in more mature, security-bolstering software development practices — at least for these solution providers and those who have learned from them — in 2024.
Resolution 3: Get a grip on your data
Lots of data does not equal effective security analysis. We all get fatigued and miss things when we feel overwhelmed and overstretched. And well, the same happens to security teams when they are just given enormous amounts of raw data. Context is everything! It’s the missing piece of the puzzle to improving security posture and the effectiveness of solutions.
Spending more money or gathering more data is not going to improve your cybersecurity posture, but understanding data and, more importantly, what kind of data is needed to make better decisions will. Less is more is our credo for 2024. For example, take time to understand what data you are already collecting from a log perspective. Understand what type of data is inside those logs and how that data might indicate a possible attack technique. If you have only partially the right information, what type of data would you need to enrich that for enough context to decide or prioritize events?
Bonus: Take some time to decompress
Trust us, we know that for defenders taking time to decompress is easier said than done, but it’s so important to look after ourselves and avoid burnout. Our advice to you is put your coverage plan in place, communicate it well, and most importantly, take the time you need. Even Gartner has predicted that 25% of cybersecurity leaders will change roles entirely by 2025 due to work-related stress. So, make sure you take the time to decompress, relax, and enjoy life.
For insights from the Rapid7 team on what 2024 could bring, watch the Top Cybersecurity Predictions webinar on-demand.
