prediction - All Articles - CISO Platform2024-03-29T13:26:45Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/predictionThe Unseen Threats: Anticipating Cybersecurity Risks in 2024https://www.cisoplatform.com/profiles/blogs/the-unseen-threats-anticipating-cybersecurity-risks-in-20242024-01-19T00:28:08.000Z2024-01-19T00:28:08.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12360956101?profile=RESIZE_400x&width=400"></div><div><div class="fs ft fu fv fw">
<div class="ab ca">
<div class="ch bg ew ex ey ez">
<p id="e05b" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Cybersecurity risks increase every year and bludgeon victims who fail to prepare properly. It can feel like crossing a major highway while blindfolded. Many never see the catastrophe about to happen, until it occurs. Cybersecurity predictions offer a glimpse at the dangerous oncoming traffic and help leaders develop strategies to navigate their journey safely. If we blindly step off the curb it will eventually end poorly when the luck runs out. For those interested in a better understanding of the oncoming risks, this is the information you are looking for.</p>
<div class="mq mr ms"><br /> <a href="https://miro.medium.com/v2/resize:fit:300/1*h_JG8_NRPTVZH9D2CXrIvA.png" target="_blank"><img class="align-left" src="https://miro.medium.com/v2/resize:fit:300/1*h_JG8_NRPTVZH9D2CXrIvA.png?profile=RESIZE_400x" alt="1*h_JG8_NRPTVZH9D2CXrIvA.png?profile=RESIZE_400x" width="300" /></a>Some dangers are familiar and persistent. We know the pool of threats and attackers will increase, more hacks will occur, credentials will be haphazardly mismanaged, disinformation will run rampant, new buzzwords and acronyms will be born, troves of data will be harvested, the battle to keep technology patched will continue to be problematic, ransomware and cybercrime will continue to thrive, and the headlines will be regularly filled with sad stories of digital victimization. This is the normal cadence the industry expects and although difficult to keep pace, the cybersecurity world can tread these waters.</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Beyond the expected, we must also keep watch for the unpleasant surprises that can severely disrupt the security, trust, and capabilities of our digital world. Often a combination of disruptive technologies, lagging risk behaviour trends, shifts in threat actor capabilities or focus, greater expectations for cybersecurity, and new regulatory structures emerge to wreak havoc. This year is no different but the details continue to be important.</p>
<p id="bcae" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Those in cybersecurity who fail to look ahead will be crushed by what they don’t see coming. Cybersecurity predictions provide leadership insights into what preparations and adaptations should be considered before a crisis occurs. So, let’s explore what 2024 and beyond has in store for all of us in the digital world.<img class="align-center" src="https://miro.medium.com/v2/resize:fit:700/1*356sxMRlyKfFqgCcd88Udg.png?profile=RESIZE_710x" alt="1*356sxMRlyKfFqgCcd88Udg.png?profile=RESIZE_710x" width="700" /></p>
</div>
</div>
</div>
<div class="fs ft fu fv fw"> </div>
<div class="ab ca na nb nc nd"> </div>
<div class="fs ft fu fv fw">
<div class="ab ca">
<div class="ch bg ew ex ey ez">
<h1 class="nn no fz be np nq nr gv ns nt nu gy nv nw nx ny nz oa ob oc od oe of og oh oi bj">Prelude:</h1>
<p id="bb12" class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj">Cybersecurity is a notoriously unpredictable and chaotic industry where attackers set the tempo for innovation and investment, and anticipate a response by defenders. This leads to sub-optimal situations where cybersecurity professionals largely react to the exploitations of malicious actors. Ironically, investing in preventative measures is the most efficient stratagem, but understanding what will be the most effective is dependent on accurately forecasting how the risks will manifest in the future.</p>
<p id="cd24" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">This demand leads to the development of cybersecurity predictions which must take into account underlying drivers of the attackers, defenders, and technology where the battles will play out. There is a method to the madness of trying to forecast such a complex and muddled industry. I have followed a process over the years to identify significant trends that will unfold and contract those with industry concerns that I believe will not come fruition. The goal is simple — to help organizations make better cybersecurity strategic organization, investment, and resource allocation decisions to maximize the value and help them manage to the most optimal level of security risk.</p>
<p id="bb59" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">For this year’s predictions, a common theme emerged around significant investment and capabilities of a specific threat archetype, the aggressive nation-states, that represents a catalyst that profoundly influences what attackers can accomplish and the resulting impacts on the overall digital ecosystem. Aggressive nations have a ripple effect on the entire cybersecurity industry.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">I first explored and predicted the impacts several years ago and called out multiple shifts for the 2023 predictions. This year my predictions extrapolate to the next evolution of these activities and the wake they leave behind. I have concluded the increasing involvement of offensive nation-states directly supports most of the 2024 cybersecurity predictions. We are amid a quiet leap forward for attackers that represents a significant challenge for cybersecurity professionals to manage the elevated levels of digital risk.</p>
</div>
</div>
</div>
<div class="ab ca na nb nc nd"> </div>
<div class="fs ft fu fv fw">
<div class="ab ca">
<div class="ch bg ew ex ey ez">
<h1 class="nn no fz be np nq nr gv ns nt nu gy nv nw nx ny nz oa ob oc od oe of og oh oi bj">2024 Cybersecurity Predictions:</h1>
<h1 id="da41" class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">1. Nation-state attack dominance now underpins the capabilities, growth, and impacts of the cybersecurity industry</h1>
<p id="dccf" class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">Nation-state investment, innovation, and willingness to conduct complex attacks are the catalyst that underpins the advancement of malicious capabilities and empowers all levels of activity across the spectrum of cyber threat archetypes.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*6C4heg6pLUup2BdKD22C9A.jpeg" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p id="d968" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">This is the natural progression of the 2023 predictions where the massive investments in tools, techniques, acquisition of vulnerabilities, and rapid development of exploits have positioned aggressive nations like Russia, China, North Korea, and Iran at the pinnacle of threats and a catalyst for other attackers.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Multi-year investments have matured to a point where attacks are well-resourced, planned, and exploited in ways that align with the varying objectives of the host nations. The infrastructure and talent behind attacks are stable and organized, allowing for multiple simultaneous campaigns and increased proficiency in the speed of exploitation. Parent organizations continue to provide covert shelter to operate, technical infrastructures to develop and test, extradition safety, and intelligence support. Such advancement of professional capabilities will allow these attackers a greater advantage over their defending counterparts in 2024, with their adaptation proficiency becoming the most troublesome attribute for the cybersecurity industry to deal with.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">The trickle-down effects of nation-state research, investment in vulnerability acquisition, and development of complex code continue to be at play, bestowing significant benefits to the broader community of malicious actors. For example, as nations pay millions of dollars for zero-day vulnerability exploits and use them for attacks against targets, the code and methods are revealed for other threat actors who dissect and use these components for their attacks. Organized cybercriminals are quick to take advantage and implement new tools in their attack strategies. Such expensive vulnerabilities, exploits, and methods would normally be well beyond the reach of these lesser threats but are enabled by the vast resources cascading down from nation-state actors.</p>
<p id="c608" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">The primary target and focus for nation-states will continue to be their adversaries Critical Infrastructure sectors, such as healthcare, government, communications, transportation, defense industrial base, media, utilities, finance, and cargo logistics.</p>
<p id="f756" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024</strong></p>
<p id="c9cf" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. We shall see 20%-30% more severe vulnerabilities discovered, leading to emergency patches by major software, service, and Operating System (OS) vendors. There will be an equitable increase in exploitations of severe vulnerabilities, leading to greater impacts. Direct targets of the nation-state attackers will experience the most pain, but downstream victims will also be caught up in the process.</p>
<p id="a3c1" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. Time to exploit, from the point of vulnerability discovery to seeing attacks occur, will shorten to levels dangerously close to how fast vendors can respond, creating a window of opportunity for widespread exploitation.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. The complexity of code, including chained exploits, will again increase in sophistication. This will be problematic for all but the most capable digital forensics teams. The inability to determine root causes and track down the breadth of affected systems leads to longer victim recovery times and exacerbates the overall impacts.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 id="c38c" class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">2. Critical Infrastructure targets are where the next significant battles play out</h1>
<p class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">With aggressive nation-states heavily targeting Critical Infrastructure organizations, there will be significantly increased impacts and near-misses in these sectors.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*JB2jauEUP0rAk_ZazLFHaA.png" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p id="b06d" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Governments will attempt to assist the security practices and begin to institute more rigid cybersecurity requirements for these sectors.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Cybercriminals and terrorists will also target the Critical Infrastructure sectors as they align with these attackers’ core motivations of financial gains and political influence respectively.</p>
<p id="a7ee" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">With increasing pressure from the past few years, many critical infrastructure organizations have upleveled their cybersecurity, making the overall sector moderately more secure. But there are many outliers and attackers will pursue easy targets as the most desirable victims.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Smaller companies have less to invest and will be behind larger organizations that have resources to better defend themselves. They will suffer disproportionately. Additionally, there are larger organizations that choose to do the minimum required and will realize they are highly susceptible to attack.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. Cybercriminals, terrorists, and nation-states will be the primary attackers for Critical Infrastructure sectors, with several major attacks perpetrated by nation-states.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. Expect to see many small Critical Infrastructure organizations compromised and a few large companies that have severely underinvested in security leadership and capabilities.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. Critical Infrastructure attacks will become more apparent and impactful to the public.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">3. Supply Chain hacking methods evolve and increasing attacks become a problem for everyone</h1>
<p class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">Advanced attackers are developing tools and tactics to intensify supply chain compromises, fueling many new attacks in 2024 that impact disproportionate numbers of downstream consumers.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*E0Xq_pVVv2Qv2RwBhwGJiA.png" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Supply Chain attacks, where a vendor is compromised so the attacker can gain passthrough access to their customer’s computing assets or impact organization operations downstream, are still relatively rare. Such attacks are often complex and typically take a high degree of skill. However, these represent powerful and far-reaching opportunities for those threat actors that can successfully pull them off.</p>
<p id="be7b" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Software, cloud-based services, and to a lesser extent hardware appliances will be the most sought-after targets. The goal will be to exploit the trust and access of suppliers and to compromise the intended targets, their customers.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">These attacks fit perfectly with the skillset and resources of aggressive nation-state threat actors, as they pursue Critical Infrastructure targets, high-value intellectual property, and intelligence. Once inside, they will work to remain undetected for as long as possible and resist being evicted while accomplishing their goals.</p>
<p id="fe81" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. Nation-state attacks on supply chains will double in 2024.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. Supply Chain attacks will be leveraged to target Critical Infrastructure targets.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. Recovery from supply chain attacks will cost 3x-5x more as compared to data breaches.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">4. More vulnerabilities and exploits in heavily used business products upend patching cadences and commitments</h1>
<p class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">The intense demand for vulnerabilities and exploits has reached newfound heights, driving more research and tool development, leading to a spike in discoveries and shortened windows for vendors to patch.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*tieYc0ftJGdc9sO9MEx9YA.png" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">The commercial and black-market prices can be in the millions of dollars for a single vulnerability and accompanying exploit with the most valuable being zero-days for popular operating systems and cloud environments. Research efforts will also scale across applications, operating systems, firmware, and hardware. We may see a small but growing number of highly specific Operational Technology (OT) system vulnerabilities abused by attackers.</p>
<p id="e454" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. Serious zero-day vulnerabilities emerge at a faster rate which adds multiplicative levels of complexity and challenges for victims, with follow-on exploitations appearing much sooner</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. Open Source will be a favorite target for moderate to highly sophisticated vulnerability exploitation efforts.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. Nation States will be the biggest buyers, willing to pay tens of millions of dollars for exploits of technology that is widely adopted. Supply chain types of attacks will be coveted the most.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">4. Use of new technologies, like AI, will be employed to discover vulnerabilities, chain exploits, and refine attacks to be faster, more impactful, and increasingly difficult to evict.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">5. Generative AI becomes the double-edged tool we have been waiting for and dreading</h1>
<p id="dacb" class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">The Generative Artificial Intelligence arms race has begun, as innovation and adoption swell to record-breaking levels, becoming a threat to digital security, privacy, and safety while also providing tremendously helpful capabilities to cybersecurity defenders.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*Z8RRjD41N1BBp-lllXbCxA.png" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Unlike its famous yet-to-be-created cousin General AI, Generative AI (GenAI) will not become sentient nor try to take over the planet, but it will be infused into every digital service and technology to make them better, cheaper, and faster to arrive to market. GenAI tools can do remarkable things from creating realistic images, personas, media, and original writings to identifying key elements in data or content. The popular Large Language Models, like ChatGPT, are phenomenal and analyze or synthesize information to answer questions in easily understandable ways or generate content to inform and advise. Such powerful capabilities that make things better and easier to use are one of the reasons they have skyrocketed in popularity with consumers and businesses.</p>
<p id="b971" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">The swell of consumer interest has fueled massive investments which in turn has produced insane levels of innovation and adoption. Tools and code are often open-source and freely available to anyone. The race of rapid integration for such code, tools, and services has left little time to focus on security evaluation, remediation, or assurance. The result is these systems are wrought with undiscovered vulnerabilities that represent a new and serious risk vector for all who embrace GenAI.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Like all powerful technology tools, AI represents a double-edged sword, enhancing the scalability and capabilities of attackers while simultaneously empowering the same for defenders. The timing and details vary, but it becomes an arms race to see which side can better utilize the untapped power of Gen AI.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p id="f892" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. Attackers will leverage AI for more scalable and effective social engineering attacks, disinformation campaigns, vulnerability discovery, and exploit amplification. AI increases the attacker’s agility and depth, therefore significantly reducing the time for defenders to respond. AI becomes a force multiplier for victimization and losses.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. For defenders, we will see the adoption of AI technologies, specifically Defensive Generative Adversarial Networks and Generative AI to identify vulnerabilities, defend systems, and miraculously translate vast quantities of security telemetry data into understandable information. The inability to interdict misinformation with GenAI will be an obvious missed opportunity for defenders.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. Overall, expect more accidental privacy exposures, higher quality and creative social engineering campaigns, better threat indication logic, no significant response by defenders to mute misinformation capabilities, and increased speed of vulnerability detection for both exploitation and remediation.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">6. New cyber regulations force operational changes for cybersecurity, risk management, and compliance.</h1>
<p class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">Recent introductions, updates, and enforcement of cyber regulations are forcing uncomfortable changes for security and compliance teams.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*qrb_cLfYTRzn9Zz2_4wx0g.jpeg" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Many new security and privacy regulations are taking effect across various sectors and technologies, that may require significant adaptation for organizations to be compliant. New regulations for the development and adoption of Artificial Intelligence will limit some exposures by slowing down the overall adoption process and allowing more understanding of the potential security risks. While reducing the risks of inadvertently introducing vulnerable AI systems, it also delays the potential security benefits of innovative AI security tools.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">New supply chain rules for government customers will increase the costs of compliance, but benefit from a greater confidence that suppliers are trustworthy in their operation and development of products.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Perhaps the most controversial regulations are from the US Securities and Exchange Commission (SEC), which requires public companies to report any material cybersecurity incidents to their shareholders within 4 days. This regulation protects longstanding investor rights to be informed promptly of risks to their investments by mandating a level of transparency to the public. The highly controversial regulation took effect at the end of 2023 and publicly owned businesses in 2024 are now held accountable for compliance. This is of significant concern to many public companies who prefer to conceal, delay public announcements, or spin a creative narrative to minimize shareholder perceptions and negative sentiment for cybersecurity attacks.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Enforcement of regulations is also causing serious tension. GDPR and other privacy cases continue to sting major internet properties, with the penalties for not safeguarding the confidentiality of sensitive personal information trending ever higher.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">SEC enforcement is making a substantial impression on the cybersecurity community. The case against the UBER Chief Information Security Officer (CISO) concluded with a conviction last year and the case against the CISO of SolarWinds, announced in 2023, is ongoing. Specifically holding CISOs accountable for fraudulent reporting is new and one of the most heated topics going into 2024.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p id="b20d" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. The regulatory landscape becomes more confusing as various regulations appear to overlap, seem unclear, and generate fear from misinformation. In the short term, unfounded fears of regulatory enforcement will grow among cybersecurity leaders and executives as non-compliance will not only expose the organization to regulatory prosecutions but also be a foundation for customer litigation cases.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. Regulations will drive more cohesion between cybersecurity, privacy, legal, AI, executives, and the board, resulting in enhanced overall digital trust by consumers, partners, and investors.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. Budgets may get a small reprieve to improve processes for compliance, but cybersecurity teams will not see major investments due to new regulations.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">7. Greater visibility of cybersecurity will create fear but drive better ownership of digital risk.</h1>
<p class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">Greater transparency of cybersecurity failures will highlight weak leadership, insufficient investments, and poor organizational stewardship but drive better practices.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*LlQcsYDT7ptNH-0iCdbFVg.png" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Competition fosters a focus on results. Organizations that are not serious about security will no longer be able to conceal their lack of commitment. As incidents become more public, the need to establish more robust cybersecurity capabilities becomes a priority to compete with businesses that successfully avoid such embarrassing breaches of trust.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Transparency for material attacks, mandated by the SEC for public companies, will begin to trickle down to private companies as well, as trust is a competitive advantage in the marketplace. It will start slowly, but funding and venture capital groups will drive better security oversight to protect their financial investments.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Overall better visibility contributes to more insightful metrics used to understand the scale of attacks, failures in security, overall impacts, and emerging best practices. Eventually, risk management, resource allocation optimization, and insurance modelling will benefit as a result.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. A spike in reported breaches and compromises will be seen in 2024, not due to more attacks, but rather because of the greater transparency mandated by new SEC regulations.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. The SEC's 4-day rule of notification for material cybersecurity events will force transparency for investment and leadership, driving more executive and board-level focus on cybersecurity deliverables to avoid or minimize losses.</p>
<p id="a2b9" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. News coverage of cybersecurity incidents will be timelier and provide a detailed analysis of winners and losers.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">4. This greater visibility of true impacts will help improve the efficacy of cybersecurity metrics and insurance risk calculations over the next few years.</p>
<p id="a1e9" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">5. More enforcement of privacy and SEC notification requirements, with CISOs at risk of being prosecuted, will create newfound pressure that will shift how CISOs conduct and interject themselves in risk reporting and marketing messages.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 id="ec7e" class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">8. Rising expectations for trust will crush weak cybersecurity strategies</h1>
<p class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">Everyone’s expectations for cybersecurity have significantly elevated to new levels, raising the bar of success and lowering the tolerance for failure, wreaking havoc on minimalist cybersecurity strategies.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*-0gj97JRV7BN_UXOSFE9ow.png" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p id="ca0c" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Security, privacy, and safety, the hallmarks of cybersecurity, matter more to everyone. Customers are savvier about breaches, theft, unavailability, and downstream impacts on their systems. Cybersecurity is now a growing purchase and loyalty criterion. Suppliers, vendors, and other 3rd parties are held to higher standards as their customers realize they assume some of the risks of vulnerable partners. Executives are more aware than ever that a cybersecurity incident can undercut profitability and place long-term barriers to organizational success. Boards are quickly maneuvering to enhance their cybersecurity insights as it becomes material to their shareholder duties. Auditors and regulators are also responding, being more particular and vigilant in their assessments. Across the spectrum, concern for cybersecurity is manifesting in greater expectations that organizations are acting in responsible, ethical, and trustworthy ways.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">CISOs will be expected to explain better and deliver more, with essentially the same level of resources. The biggest challenge for security leaders will be to understand and manage to the expectations within the constraints of budget, authority, and the allowance of security to add friction to the company.</p>
<p id="c6a6" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p id="aebd" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. We can expect more harsh criticism when cybersecurity attacks occur. With everyone perceiving a stake in the game, there will be lots of vocalizations and backlash. Companies will want to avoid serious brand impacts and may be quick to blame CISOs.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. An interesting self-feeding cycle will emerge where unsatisfied expectations of consumers and investors will drive legislators and oversight bodies to institute more regulations. More regulations are perceived to address the risks, thereby driving even higher expectations in consumers.</p>
<p id="a93b" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. Understanding the market pressures, boards will fully embrace the integration of cybersecurity expertise to help them navigate the business.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">4. The cyber insurance industry also acts on its elevated expectations and will demand more security oversight, controls, and capabilities as part of its policies, with severe increases in premiums or abandonment for non-compliance.</p>
<p id="efbd" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">5. Standard clauses for cybersecurity will be added to vendor agreement contracts</p>
<p id="f140" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">6. Marketing teams will fully commit to leveraging security, privacy, and safety as purchase criteria for a competitive advantage in their campaigns.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">9. Resource constraints mutate from fears to nightmares</h1>
<p id="f731" class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">The combination of greater expectations, more regulations, increased capabilities of threats, and more vulnerabilities to address, culminates in a situation where the required additional cybersecurity resources are far beyond what will be available.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*UTJJ2jpEJERW6Yl7g5jvVw.png" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p id="da88" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Cybersecurity is generally seen as an overhead cost, which should be optimized to reduce expenditures. In contrast, recent reports indicate that CISOs will on average ask for an additional 20% increase in their annual budgets. Few will get anywhere close to that amount and some may see a decrease, requiring cuts to be made to their programs.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">The disparity between what cybersecurity departments believe is needed and what will be provided will seriously widen, creating stressful dilemmas for CISOs to decide what will be funded. The CISOs understand the results will be unfavourable, but unclear to what extent until the bad things occur.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">In addition, the demand from traditionally resource-constrained Small and Medium Businesses (SMBs) will be on the rise. SMBs are realizing that it is more important than ever to benefit from cybersecurity leadership and insights to avoid catastrophic blunders. It is no longer optional as cyber represents a material risk to competitiveness and survivability. Without significant budgets to hire, they will look for alternate ways to obtain and benefit from professional cybersecurity insights.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p id="ec05" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. CISOs are asked to justify, in measurable dollars/sense or business value, the cost and friction introduced by cybersecurity. Selling Fear, Uncertainty, and Doubt (FUD) won’t be enough.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. Some thought-leading CISOs will begin looking at different ways to deliver and showcase value to justify the security budget, investment, and executive support.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. Acquiring and retaining cybersecurity talent will be even more difficult, especially at the leadership levels, giving rise to the virtual (vCISO), fractional (fCISO), and CISO-as-a-Service practices. These part-time and advisory CISO models will gain more traction as a resource utilization optimization opportunity, especially for Small and Medium Businesses (SMBs).</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<h1 class="nn no fz be np nq oo gv ns nt op gy nv nw oq ny nz oa or oc od oe os og oh oi bj">10. Cybersecurity responsibilities increase in scope and push organizations to adapt or break</h1>
<p id="a14b" class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj"><em class="ot">A perfect storm of constrained resources, more accountability, and greater responsibilities will push cybersecurity organizations to the brink, forcing CISOs to either adapt or fail.</em></p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><br /><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*ozA4mcRVHZ378IoeDosn4g.jpeg" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"> </p>
<p id="a64e" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Regulators, boards, and c-suite executives will look to their CISO to play a greater role in protecting the company from lawsuits and prosecutions. This will force CISOs into unfamiliar territory while still trying to manage the growing problems of managing the risk of loss due to cyber events.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">CISOs will be drawn into more discussions and accountability regarding contracts, audits, legal issues, and regulatory filings. CISOs will be expected to communicate directly with the board, and actively engage with the C-suite, partners, suppliers, vendors, investors, regulators, auditors, and customers.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">This will take a different skill set than traditionally seen in CISOs. Some organizations, that can afford to hire a Chief Trust Officer will split these new duties, but for most, it will fall on the shoulders of the CISO.</p>
<p id="d91c" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Training and certifications will expand for both security and board leadership to assist all parties in understanding the new regulatory and liability requirements.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">This situation will increase the already high levels of stress experienced by CISOs, forcing many of them to rethink their approach to justifying budget and for some, their career path.</p>
<p id="ab6e" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Maintaining an optimal level of security risk, given the aggregation of issues above, will push many security organizations to a breaking point. The risk of degradation and inability to satisfy the new expectations will become apparent as incidents occur and transparency requirements draw in public scrutiny.</p>
<p id="c61b" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">The best CISOs have been preparing for this eventuality and already have plans in motion that showcase clear operating goals, robust strategy, and plans with supporting metrics that are relevant. These elite CISOs will shift their value story, expanding from protection and compliance to also include elements of competitive advantage to support the overall corporate goals. They will be well-positioned to adapt.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Many of their counterparts will not.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">In 2024:</strong></p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">1. We will witness a spike in the number of CISOs who are fired, retire, or vacate their positions in search of less stressful environments. This will add to the talent gap problems in the industry.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2. The gap between available CISOs and the market demand grows even larger, with compensation also increasing.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">3. New training and certifications will emerge for CISOs and boards to inform and formalize new standards of risk management oversight.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">4. In the first half of 2024, CISOs will be more vocal regarding the concerns of new regulations and their impact on resources. It will be a particular pain point we will see discussed across the community. By the back half of the year, most of the fear will have dissipated as it will be seen as an accepted operating structure.</p>
<p id="d359" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">2024 will be a tough year for CISOs. A rise in expectations, regulations, attacker capabilities, and growing difficulty in obtaining the necessary resources to keep pace will push many leaders to the brink. Sadly, the challenges will only get tougher in subsequent years.</p>
</div>
</div>
</div>
<div class="ab ca na nb nc nd"> </div>
<div class="fs ft fu fv fw">
<div class="ab ca">
<div class="ch bg ew ex ey ez">
<h1 class="nn no fz be np nq nr gv ns nt nu gy nv nw nx ny nz oa ob oc od oe of og oh oi bj">Prologue: Final Insights — Not all cybersecurity fears will come to fruition</h1>
<p class="pw-post-body-paragraph lu lv fz lw b gt oj ly lz gw ok mb mc md ol mf mg mh om mj mk ml on mn mo mp fs bj">Although my concerns for digital risk run deep by nature, there are many things that I am not worried about in 2024. Contrary to many of my industry counterparts, there are aspects of cybersecurity that I believe we should not fear.</p>
<p id="b6c6" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">So, what disasters won’t happen in cybersecurity 2024?</p>
<div class="nj nk ee nl bg nm">
<div class="mq mr ou"><img class="bg lc mz c align-center" src="https://miro.medium.com/v2/resize:fit:700/1*CJrfpoUP-wxonlaYGnFpoQ.jpeg" alt="" width="700" height="325" /></div>
</div>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">· </p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">Cyber Pearl Harbor and the End of the World</strong> — Full commitment by sophisticated attackers to destroy massive parts of the global digital domain, like that of the United States, has severe unintended consequences that even aggressive nations states don’t welcome. Our digital world is heavily intertwined across borders with entrenched dependencies. For one nation to cause overwhelming destruction will likely result in severe backlash damage to their own critical online infrastructures. At this point, adversaries have no way to insulate themselves or gracefully limit the collateral damage from massive attacks. The nation-ending cyberattack, popularized in Hollywood movies, is not a realistic immediate threat.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">Severe meddling in US Elections</strong> — The world will be watching the US elections in 2024. Many fear attempts by foreign enemies to tamper with results and influence the outcome. Although this is a likely desire by many nations, the fact is that the US is ready and fully expecting such attacks. The element of surprise is gone and so is the realistic opportunity of attacker success. There will be a tsunami of disinformation, but that already comes from every angle, even the participants. Tampering with the voting infrastructure is a different story. Preparations to prevent tampering are already in high gear. Even on the disinformation front, there will be extra caution by reputable news and social sites, with citizen monitors ready to throw a red flag when they see potentially foreign foul play. Monitoring and detection capabilities will be greater than any previous election and the consequences to any nation attempting such actions will likely be severe. Rest assured that a small army of cybersecurity professionals is working to make the election fair and transparent, so do your civic duty and vote!</p>
<p id="a8b4" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">AI destroying our digital ecosystem and mankind as we know it</strong> — Although AI will be a powerful tool to help hackers, it will be in ways they already generally exploit. As for AI taking over the world, an old Hollywood trope, the reality is that such great advances in Generative AI that we see today, are a far cry from the General AI portrayed in self-aware systems of a dystopian future. For 2024, we are safe from AI overlords taking over humanity.</p>
<p id="d2e5" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">AI will put cybersecurity workers out of work </strong>— Like all transformational innovations, there will be more jobs created by AI than lost. AI is best served as a tool and the only people who will be out of work will be those who don’t know how to use AI.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">Cyber warfare doing more damage than traditional kinetic warfare</strong> — As fearsome as critical infrastructure attacks are, they still pale in comparison to what traditional warfare brings. As we have seen in Ukraine, cyberwar does not replace tanks and troops, but rather it augments them. Until the day that a cyberattack campaign can kill a hundred thousand people, we should keep our fears in perspective. Someday that will be an issue, but not in 2024.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj"><strong class="lw ga">Privacy will unravel</strong> — Contrary to what some will say, privacy is not on the brink of collapse. In fact, the privacy industry is healthy, full of tremendously smart people, and benefits from empowering legislation that is starting to be enforced! I believe there is great momentum in the privacy field and it will be much stronger still by the end of 2024.</p>
<p class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Matthew Rosenquist — CISO, Cybersecurity Strategist, & Industry Advisor — Cybersecurity Insights.</p>
<p id="c9df" class="pw-post-body-paragraph lu lv fz lw b gt lx ly lz gw ma mb mc md me mf mg mh mi mj mk ml mm mn mo mp fs bj">Follow on <a class="af ov" href="https://www.linkedin.com/in/matthewrosenquist/" target="_blank">LinkedIn</a> and subscribe to the <a class="af ov" href="https://www.youtube.com/CybersecurityInsights" target="_blank">Cybersecurity Insights</a> channel for more news, analysis, and discussions.</p>
</div>
</div>
</div></div>Cybersecurity Meetup – 2023 Cybersecurity Predictionshttps://www.cisoplatform.com/profiles/blogs/cybersecurity-meetup-2023-cybersecurity-predictions2023-07-10T18:30:36.000Z2023-07-10T18:30:36.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12143851086?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/pxcTzzr47pM" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>Check the calendar as Richard Stiennon and I discuss the forward-looking cybersecurity predictions for 2023 and beyond! With several decades of knowledge and experience between us, we take a pragmatic look into the crystal ball.</p><p>Those who have an understanding of what is coming will have an advantage to deal with the risks and seize the opportunities.</p></div>Will Cyber PMCs Rise in 2023?https://www.cisoplatform.com/profiles/blogs/will-cyber-pmcs-rise-in-20232023-03-09T22:01:23.000Z2023-03-09T22:01:23.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/uUn1NWuP1P8" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p>
<p class="graf graf--p">One of my cybersecurity predictions for 2023 is the rise of cyber Private Military Companies (PMC) to specialize in cyberattacks.</p>
<p class="graf graf--p">One of the most famous PMCs currently in the news is the Russian Wagner group that is fighting for Russia on the ground against Ukraine. I predict by the end of 2023 we will see similarly formal organizations, fielding cyber warriors, to service the lucrative cyber-offensive market. The discipline, focus, and access to nation-state resources will make Cyber PMCs a serious threat to global cybersecurity.</p>
<p class="graf graf--p">So, get ready for cyber PMCs in the future!</p>
<p class="graf graf--p">You can find a full rundown of my 2023 Cybersecurity Predictions here: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/watch?v=D210-ry7A4w&t=808s" target="_blank">https://www.youtube.com/watch?v=D210-ry7A4w&t=808s</a></p></div>Inaccurate Predictions about Cybersecurity is Dangeroushttps://www.cisoplatform.com/profiles/blogs/inaccurate-predictions-about-cybersecurity-is-dangerous2020-11-12T19:43:30.000Z2020-11-12T19:43:30.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><iframe width="560" height="315" src="https://www.youtube.com/embed/DS4wsFe90SM?wmode=opaque" frameborder="0" allowfullscreen=""></iframe></p><p>I may offend some people, so for those who don’t want to hear my rant, skip this video.</p><p>Recent cybersecurity predictions aren’t just wrong, they are dangerous</p><p>I am disappointed in the recent comments that Michelle Zatlyn, the co-founder and COO of Cloudflare, made regarding the future of cybersecurity. </p><p>She stated Cybersecurity would be "a thing of the past the next decade" and that instead it will work like a water filtration system.</p><p>She is wrong. Dead wrong.</p></div>