Bob Huber, CSO and Head of Tenable Research, Tenable
Attacks on AI Systems will Spell Big Trouble
There will be an increase in attacks against AI platforms that will far exceed our understanding and ability to protect them resulting in data leaks, data poisoning and cyber-physical effects.
Shai Morag, SVP and General Manager Cloud Security, Tenable
New Skills Unlocked: Cloud Architects take on Security
Over the past year, executives have come to understand that security must be a key objective in the delivery and deployment of applications – rather than something that is added on as applications move into production. In response, we’ll see more cloud architects that are responsible for the security of their applications.
At the same time, solutions originally designed for security practitioners will provide increasing value for developers, so they are able to continuously improve the security of their applications without slowing down development.
Demand for Comprehensive Solutions will Reach New Heights
There will be increased demand for solutions and practices that enable organisations to evaluate their total attack surface and prioritise weaknesses to maximise remediation efforts. Traditionally security pros have thought in terms of technologies like network, workloads, identities, but now more and more security executives understand that attackers look at the big picture as well, finding a foothold and then moving laterally until they reach their goal.
Arick Goomanovsky, VP of Tenable Cloud Security
More Consolidation Ahead
Consolidation of cloud security products and vendors will accelerate throughout 2024 because of demand from customers, who now understand the power of cloud native security to transcend traditional siloes and provide a unified, contextual risk picture. This means not only more secure applications, but better optimisation of resources, skills and time, during a period when organisations are stretched to the limit.
Marty Edwards, Deputy CTO for OT/IoT, Tenable
Cyber Insurance Puts Pressure on Industrial Companies
The increased amount of due diligence required by cyber insurance providers and the changes in the cyber insurance market will continue to put more pressure on industrial companies to be proactive about their security, rather than being reactive and waiting for the incident to happen, hoping the insurance company will cover it.
Cyber insurers will limit their policies to exclude payment for ransomware. Companies will be forced to evaluate other options for dealing with this risk – whether that’s self-insurance, a proactive approach, system redundancy, or others.
OT Security Investment in the Forecast
CFOs and CISOs will look at the cost-benefit analysis of investing in IT vs. OT security, and they’ll see there’s more benefit to investing in OT than IT in 2024 than at any point until now. For every $1 spent in OT, organisations get more than what they get with $1 in IT security investment. OT investments buy down your risk much more so than IT security.
Amir Hirsch, head of Tenable OT Security
Ransomware is a Brand Building Strategy
As attackers fully understand the magnitude of damage that can be inflicted on OT-dependent businesses, especially in the manufacturing industry, they will increasingly go after these lucrative targets – mainly with ransomware attacks.
However, that is not the only motivation. OT targets also provide threat actors with brand awareness and publicity as these attacks tend to be high-profile. Hacktivist groups in particular will target factory farming and energy producers in line with their ideolog, for maximum exposure and notoriety for their causes.
Beware of Consequences Related to Energy Saving OT and IoT
With the growing attention and increase of costs and penalties around energy usage and carbon emissions, companies will turn to smarter management of their operations, which will increase OT-based sensor deployment and controls. We’ll see more and more IoT and OT devices in smart buildings, factory management and building management systems. These trends will expose companies to further risk as they will expand their attack surface and often connect these environments to the internet.
Scott Caveza, staff research engineer, Tenable
Ransomware’s Ideal Target? Collaboration Technology.
Ransomware groups will continue to evolve their tactics to hit multiple targets with collaboration technologies. MOVEit was just the beginning, we’ll continue to see these groups target zero-days and n-days in order to claim as many victims as possible. While dozens of
nations have pledged to not pay ransoms in cyberattacks, organisations of all sizes will continue to pay, even with no guarantees that the attackers will delete the stolen data. Data will be 2024’s most sought-after resource for ransomware groups and their affiliates.
Identities are at Risk and Cyber Spending will Reflect This
Investment in Identity and Access Management (IAM) tools will continue to grow in 2024 as years of increasing threats from ransomware groups and major increases in successful hack-the-human attacks (phishing, smishing, etc) have seen major breaches at organisations of all sizes. With cloud adoption increasing and resource constraints from a growing shortage of qualified cybersecurity professionals, organisations are going to heavily invest in IAM tools and technologies in hopes of staying ahead of bad actors and limiting access to 2024’s most valuable resource, data.
Satnam Narang, senior staff research engineer, Tenable:
Bitcoin Halving Event is Ripe for Exploitation
Cybercriminals will aggressively target the Bitcoin Halving event with AI-generated and deepfake video content, leading to the theft of tens of millions of dollars.
Pig Butchering on the Rise: Those Butterflies may be Red Flags
In 2024, investment scams, including pig butchering, will continue to increase exponentially around the world, exceeding $5 billion in losses ($3.8 billion in 2022)