Emerging Cybersecurity Trends for 2024

Organizations face an unprecedented array of cyber threats that constantly evolve in complexity and sophistication. It is imperative for security and IT leaders to stay ahead of the curve by exploring merging cybersecurity trends that will help safeguard their organization’s valuable assets and maintain a robust security posture.

From the convergence of networking and security to threat intelligence and the Cybercrime Atlas, we explore the transformative trends shaping the future of cybersecurity.

 

1. Convergence of Network and Security

 

Before the rise of hybrid clouds and networks – an estimated 76% of organizations use more than one cloud provider – businesses would build their security layer on top of their networks. However, the architectural complexity of this approach led to poor user experience, increased cybersecurity risk, and presented many challenges in maintenance and troubleshooting.

As the threat landscape evolves alongside technological advancements, organizations need a modern approach to security and networking which offers end-to-end visibility to allow quicker identification and reaction to potential threats.

One way to do this is by converging networking and security. The three main aspects of this are:

1. Adopting a distributed firewall: Also dubbed a hybrid mesh firewall by Gartner, organizations need to secure across their entire network infrastructure including location, device, content, and applications by implementing a network-wide security policy such as Zero Trust.
2. Consolidating vendors: Instead of selecting vendors based on the “best of breed”, companies should consolidate technology vendors to just a few that can work together in the ecosystem. Solutions that are designed to work together will lead to a well-integrated security network allowing security teams to optimize their strategies.
3. Implementing OT-aware strategy: Organizations must create a layer of defense around the OT components connected to their network using capabilities like Network Access Control, data segmentation, and micro-segmentation.  to strengthen the security of OT devices on the network, moving toward a zero trust model.

Evolving approaches and perspectives to network and security are imperative to meet changing organizational demands, the fluctuating threat landscape, and emerging technological advancements.

 

2. Threat Intelligence

 

Also known as cyberthreat intelligence or CTI, threat intelligence is data regarding cybersecurity threats that are collected, processed, and analyzed to understand potential targets, attack behaviors, and motives. Threat intelligence enables security teams to be more proactive and data-driven in their prevention of cyberattacks. It also helps with more efficient detection and response to attacks that may occur. All this results in reduced cybersecurity risks, prevention of data breaches, and reduced costs.

IBM notes that cyber intel reveals trends, patterns, and relationships that will give an in-depth understanding of actual or potential threats that are organization-specific, detailed, contextual, and actionable. Threat intelligence is becoming an indispensable tool in the modern cybersecurity arsenal.

According to Gartner, the six steps to the threat intelligence lifecycle are:

1. Planning: Analysts and stakeholders within the organization come together to set intelligence requirements that typically include questions stakeholders need answers to such as whether new strains of ransomware are likely to affect their organization.
2. Threat data collection: Based on the requirements defined in the planning stages, security teams collect any raw threat data they can. For example, research on new malware strains, the actors behind those attacks, and the types of organizations that were hit, as well as attack vectors. The information comes from threat intelligence feeds, information-sharing communities, and internal security logs.
3. Processing: The team then processes the data on hand in preparation for analysis. This includes filtering out false positives or applying a threat intelligence framework. There are threat intelligence tools that can automate this stage of the lifecycle which utilize AI and machine learning to detect trends and patterns.
4. Analysis: The raw data is analyzed by experts who will test and verify the identified trends, patterns, and insights to answer the questions raised and make actionable recommendations tailored to the organization security requirements.
5. Dissemination: The insights gained are shared with the relevant stakeholders, which can lead to action being taken based on those recommendations.
6. Feedback: Both stakeholders and analysts look back on the latest threat intelligence lifecycle to identify any gaps or new questions that may arise to shape the next round of the process.

 

3. Employee Trust

 

Though zero trust is growing as a cybersecurity principle – and it has proven to be effective in protecting organizational assets – the overapplication of this approach on employees could lead to negative effects at the workplace.

Cerby’s State of Employee Trust report found that 60% of employees reported that when an application is blocked, it negatively affects how they feel about the organization. The erosion of employee trust and reduced job satisfaction is a result of overreliance on controls that block, ban, and deny employees from using specific applications. In fact, 39% of employees are willing to take a 20% pay cut if they could have freedom to choose their own work applications.

Though the zero trust approach lowers the cost of data breaches by 43% (IBM), the same approach cannot be applied to employees. The Cerby study found that higher employee trust led to higher levels of workplace happiness, productivity, and contribution.

Experts recommend that organizations adopt an enrolment-based approach to security that balances cybersecurity and compliance requirements with trust-forward initiatives. This will help organizations build digital trust with their employees by giving them more control over their tools while maintaining security and reliability.

Other trust-based initiatives that can build employee trust include:

• Ongoing training and support to keep employees updated on the latest tools and technologies.
• Incorporating employee feedback into the decision-making processes.
• Constantly communicating with employees on their workflows and security needs.

 

4. Cybercrime Atlas

 

The Cybercrime Atlas is an initiative announced by the World Economic Forum (WEF) back in June 2022 to create a database by mapping cybercriminal activities. Law enforcement bodies across the globe can then use this database to disrupt the cybercrime ecosystem. The first iteration of the Cybercrime Atlas was officially launched in 2023. The concept was ideated by WEF’s Partnerships against Cybercrime group that is made up by over 40 public and private organizations. The Cybercrime Atlas itself is made by WEF in collaboration with Banco Stander, Fortinet, Microsoft, and PayPal.

Though the Cybercrime Atlas won’t be available for commercial use, its use by law enforcement agencies will create ripples in the cybersecurity landscape. Analysts from around the world were gathered to come up with a taxonomy for the Atlas. From there, 13 major known threat actors became the initial focus. Analysts used open-source intelligence to collect various information about these threat actors from their personal details to the types of malicious services they used. The information collected was investigated and verified by humans. The data will eventually be shared with global law enforcement groups such as Interpol and FBI for action.

The goal of the Cybercrime Atlas is to create an all-encompassing view of the cybercrime landscape including criminal operations, shared infrastructure, and networks. The predicted result of this is that the security industry will be better able to disrupt cybercrime. By February 2023, the project moved from its prototype phase to a minimum viable product. Essentially, there are now dedicated project managers and contributors working to build the database and work out the relevant processes.

It was also noted that the information being used to build the database is open-source, meaning there is no issue with country-specific regulations on data. Once the open-source repository is created, there will not be security or proprietary constraints in sharing the data with local law enforcement agencies.

Though commercial organizations will not be directly using the Cybercrime Atlas, they will still indirectly benefit from it. As the project develops and matures, law enforcement agencies will be better equipped to investigate cybercrimes and catch threat actors.