CS Mar-Apr 2024
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>2024</strong> predictions<br />
UNCERTAINTY THE ONLY CERTAINTY<br />
PART 2 OF COMPUTING SECURITY'S DELVE INTO HOW THE 'DARKER FORCES'<br />
OF CYBER SECURITY MIGHT IMPACT THE INDUSTRY IN THE MONTHS AHEAD<br />
With <strong>2024</strong> awell underway, how it is<br />
likely to pan out for the security<br />
industry is a matter of certainty,<br />
conjecture, opinion and guesswork. What is<br />
certain is that it won't be any easier a ride than<br />
previous years when it comes to warding off<br />
the hackers and attackers, the ransomware<br />
demands, the less appealing aspects of AI or<br />
the many other threats that have to be faced<br />
up to and resisted. With those caveats in mind,<br />
here are the thoughts on what lies ahead,<br />
delivered by several of those in the know.<br />
JEFF WILLIAMS, CTO AND CO-FOUNDER,<br />
CONTRAST SECURITY:<br />
"Now that many people are working from<br />
home, due to coronavirus, businesses up and<br />
down the land are facing unprecedented<br />
cybersecurity challenges. Unfortunately, one of<br />
those challenges is that hackers are already<br />
attempting to capitalise on the crisis by<br />
attacking with viruses of their own. In fact,<br />
thousands of COVID-19-related websites are<br />
being launched by<br />
cybercriminals.<br />
"As organisations and workers navigate this<br />
new work-from-home world and the threats<br />
that come with it, the World Economic Forum<br />
has provided a checklist of ways that individual<br />
users and businesses can protect from cyberattacks<br />
during COVID-19 that are helpful:<br />
"Better understand threats to the organisation.<br />
Since more employees are working<br />
from home, security teams need to identify<br />
likely attack vectors and prioritise the protection<br />
of their most sensitive information<br />
and business-critical applications<br />
"Provide clear guidance and encourage<br />
communication. Companies need to<br />
ensure that security policies for workers<br />
are clear and easy to follow. This includes<br />
instructing employees to communicate<br />
with internal security teams about any<br />
suspicious activities<br />
"Ensure the right security capabilities.<br />
Organisations need to ensure that all<br />
corporate-owned or managed devices are<br />
equipped with the best security capabilities,<br />
extending the same network security best<br />
practices that exist within the enterprise<br />
to all remote environments."<br />
PHILIP BRIDGE, PRESIDENT, ONTRACK:<br />
"Changes in our work habits can cause us<br />
to make mistakes that we might not have<br />
ordinarily made. Remote working has added<br />
a huge number of endpoints to organisations<br />
that may not have been there previously.<br />
Systems that are now being used to connect<br />
to a company's infrastructure may not have<br />
been vetted or provided by the employer.<br />
These new endpoints may be lacking in the<br />
security controls that corporate machines<br />
would have.<br />
"Remote working also gives corporations less<br />
control over their employees - what they are<br />
doing and when. More distractions at home<br />
can lead to increased engagement in risky<br />
behaviour such as clicking on links they<br />
wouldn't usually click on if they were in the<br />
office.<br />
"We have to remember that cybersecurity is<br />
mostly a human issue; the employee<br />
controlling the computer will always be the<br />
weakest point of any system, for example;<br />
ransomware through a phishing email only<br />
has legs, if an employee clicks on the link in<br />
the email. Employees need to be extra vigilant<br />
when remote working to ensure they are<br />
keeping optimal security practices."<br />
COREY NACHREINER, CHIEF SECURITY<br />
OFFICER, WATCHGUARD TECHNOLOGIES<br />
"The most prominent attacks and information<br />
security trends the WatchGuard Threat Lab<br />
believes will emerge in <strong>2024</strong> include: malicious<br />
prompt engineering tricks targeting large<br />
language models (LLMs); managed service<br />
providers (MSPs) doubling down on unified<br />
security platforms with heavy automation;<br />
'Vishers' scaling their malicious operations with<br />
AI-based voice chatbots; and hacks on modern<br />
VR/MR headsets… to name a few.<br />
"Every new technology trend opens up new<br />
attack vectors for cybercriminals. In <strong>2024</strong>,<br />
we believe that emerging threats targeting<br />
companies and individuals will be even more<br />
intense, complicated and difficult to manage.<br />
With an ongoing cybersecurity skills shortage,<br />
the need for MSPs [managed service<br />
providers], unified security, and automated<br />
platforms to bolster cybersecurity and protect<br />
organisations from the ever-evolving threat<br />
landscape has never been greater.<br />
"While people are experimenting with LLMs<br />
to increase operational efficiency, threat actors<br />
are learning how to maliciously exploit LLMs,"<br />
states Nachreiner. "Using techniques like<br />
prompt injection or prompt extraction, threat<br />
18<br />
computing security <strong>Mar</strong>ch/<strong>Apr</strong>il <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk