CS Mar-Apr 2024
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>2024</strong> predictions<br />
?? ?<br />
security is the key to maintaining effective zero<br />
trust network segmentation that stops ransomware<br />
in its tracks. And keeping critical applications<br />
and data segmented, isolated and<br />
protected from automated attacks.<br />
"As any changes to device configurations -<br />
planned or unplanned - can expose networks<br />
and enable lateral movement through<br />
privilege escalation, organisations have woken<br />
up to the fact that it's no longer enough to<br />
assess devices once a quarter. Particularly as<br />
changes are potential indicators of compromise<br />
(IOCs) and should be assessed immediately.<br />
But achieving continuous network assurance<br />
in a practical way has previously been a<br />
challenge. <strong>2024</strong> should see organisations<br />
investing in solutions that change all this.<br />
"Proactively assessing network changes, as<br />
they occur, to determine when changes result<br />
in deviation away from a secure state - and<br />
then overlaying this risk data with ATT&CK<br />
vectors and adversary tactics, techniques and<br />
procedures (TTP)s - takes RBVM to the next<br />
level. Especially when we consider that less<br />
than 4% of known exploited vulnerabilities,<br />
according to CISA, have ever been used by<br />
attackers in the wild."<br />
And Robinson concludes: "Looking at<br />
vulnerabilities through an attacker's lens<br />
enables organisations to determine where they<br />
need to deploy resources to harden their<br />
networks to the best effect. Through this risk<br />
lens, organisations can view both their current<br />
posture to techniques being used in the wild<br />
and inform threat hunting with historic<br />
network posture analysis. Closing the loop,<br />
channelling remediation efforts on known<br />
exploited vulnerabilities that are most likely to<br />
be exploited right now, will help prevent any<br />
nasty surprises in <strong>2024</strong>."<br />
TIM FREESTONE, CHIEF STRATEGY AND<br />
MARKETING OFFICER, KITEWORKS<br />
Despite bans and restrictions, the number<br />
of businesses using generative artificial<br />
intelligence (GenAI) large language models<br />
(LLMs) are increasing as the competitive<br />
advantages become too significant to<br />
ignore, insists Tim Freestone, chief strategy<br />
and marketing officer, Kiteworks.<br />
"Even with advances in security controls,<br />
data breaches stemming from GenAI LLM<br />
misuse will rise in <strong>2024</strong>. This will force data<br />
security to be a central part of GenAI LLM<br />
strategies," he states.<br />
"Managed file transfer (MFT) tools are<br />
useful for the digital transfer of data.<br />
However, many are based on decades-old<br />
technology that have inherent security<br />
deficiencies. Two major MFT tools experienced<br />
zero-day exploits in 2023. It is likely<br />
that rogue nation-states and cybercriminals<br />
will continue to exploit such vulnerabilities<br />
in legacy MFT solutions in <strong>2024</strong>, too."<br />
Email remains the number one attack<br />
vector, he adds. "However, like legacy MFT<br />
solutions, legacy email systems lack modern<br />
security capabilities. Until organisations<br />
embrace an email protection gateway<br />
where email is sent, received and stored<br />
using zero-trust policy management with<br />
single-tenant hosting, email security will<br />
remain a serious risk factor."<br />
Data privacy is a global concern. "Gartner<br />
predicts that personal data for threequarters<br />
of the world's population will be<br />
covered by data privacy regulations by the<br />
end of <strong>2024</strong> and the average annual<br />
budget for privacy in a company exceed<br />
$2.5 million."<br />
In <strong>2024</strong>, businesses will be under<br />
heightened strain to protect confidential<br />
data, Freestone adds. "It is time for<br />
organisations to hit the reset button.<br />
"Only by adopting zero-trust architectures,<br />
detailed security models based on content,<br />
strong access management, integrated<br />
DRM, DLP and the like, can organisations<br />
mitigate the risks and uphold compliance."<br />
Irvin Shillingford, Hornetsecurity: the<br />
proliferation of generative AI has ushered<br />
in a new era of cyber-attacks.<br />
Tim Freestone, Kiteworks: data breaches<br />
stemming from GenAI LLM misuse will<br />
rise in <strong>2024</strong>.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Mar</strong>ch/<strong>Apr</strong>il <strong>2024</strong> computing security<br />
21