Are we learning enough from 2023’s attack trends and our own cybersecurity mistakes to prepare better for next year’s threats?

It is no secret that AI’s ability to deliver precise predictions, detect anomalies, provide network visibility and reduce noise makes it an invaluable tool for cyber threat detection and response.

However, AI tools have also been weaponized by cybercriminals to create more sophisticated challenges and risks for the public.

As we move into 2024, the question to ask is this: will AI be the driving force for cybersecurity advancement in the new year, or will it, in turn make cybercrime harder to fight? Here are Vectra’s predictions for the year ahead.

    1. Attackers will move from endpoints to networks
      Traditional ransomware relied on human error — such as someone clicking a link in a phishing email. In 2023 there has been a rise in network infrastructure attacks that are harder to catch and are far more detrimental. This type of attack includes many instances in which even security vendors have inadvertently let attackers in the ‘back door’ through a vulnerability. The shift to new avenues of attack has also led to traditional controls and security measures failing to keep organizations protected. More specifically, lateral movement of attackers is something that organizations are finding very difficult to stop, an unfortunate trend that will amplify in the new year.
    2. GenAI will address the talent gap while also enabling attackers
      As a search engine on steroids, generative AI (GenAI) has the ability to deliver an abundance of context and information. From a defenders’ perspective, this can be hugely beneficial in aiding rapid and successful response. This is where we expect to see a lot of growth around many implementations with Help Desks and applications that empower human security teams. Of course, GenAI will also enable attackers, with the likes of social engineering attacks growing in sophistication. Japan, for example, has been hit in a way the country never has before, simply because the AI is able to translate and communicate in other languages much faster and more convincingly.
    3. More will turn to XDR to stop lateral movement attacks
      As security teams try to stop lateral movement and streamline security investment, they will be turning more towards the detection capability that sits behind prevention. As it becomes inevitable that organizations will be breached, defenders will need to make sure they can identify the attacker and respond at great speed. This also includes regularly testing systems and knowing how effective the response will be. Traditional defense measures are the equivalent of building very high walls, but if someone jumps over, we may not be able to catch them until they have left, and the damage can be significant. With extended detection and response (XDR) defenders can understand how an attacker has infiltrated defenses and eradicate them from the environment. As AI functionality helps in both detection and response, this is also where we can understand the impact of AI beyond what is making headlines.
    4. Organizations will adapt to zero trust and beyond
      Many organizations look at zero trust as a product, when in fact it is a long-term strategy. Overall, the challenge is that regardless of our commitment to zero trust, it is inevitable we will trust some service outside of our full control, and in 2024 organizations will understand this further. For example, in a Windows domain there are certain ports that must remain open for authentication to occur. Authentication is the backbone of zero trust — at a network level, there may be segmentation, but attackers can just fly through the entire network on these backbones of trust that are required for authentication to occur, unless micro-segmentation prevents it. Therefore zero trust and micro-segmentation are helpful, but as organizations move through authentication and cloud transformation strategies and implementations, they will want to include another layer of security that will help to identify attackers and respond early on.
    5. Increasing need to securing platforms across hybrid infrastructures
      Whether a platform and infrastructure is cloud-centric or on-premises, defenders need to be realistic about what they are protecting, and at the moment this is not happening to the degree it should. For instance, many organizations will say they are cloud-first yet still have a massive data center footprint — and the latter needs protecting. If the focus is on cloud and all current investments are going into this area, it can be easy to neglect the data center services. Ultimately, attacker do not care where we are innovating, they will come from any avenue they can, and it is important to ensure coverage of lateral movement inside of an organization. In 2024 we will see more organizations operating on this thinking, working to innovate and secure their platform without compromising either.

As we move into a new year, CISOs need to balance the interplay between innovation and risk for their organization. Enterprises will be hybrid forever and so will attackers. This is a time where detection solutions are not only useful but necessary, and the likes of XDR powered by applied and adaptive AI can underpin overarching strategies such as zero trust.