Palo Alto Networks, the global cybersecurity leader, has recently released its 2024 cybersecurity predictions for Asia Pacific – 5 key insights from industry leaders to help organizations ensure a secure future.
2023 saw organisations witness unprecedented levels of cybercrime. Palo Alto Networks’ State of Cybersecurity Report found that the Philippines experienced the highest number of disruptive attacks in Southeast Asia, with 29% of local organisations experiencing a 50% or more increase in incidents. Furthermore, the firm also received the most number of calls to its incident response team ever in October 2023. Cybercriminals have used ransomware to target critical infrastructures and found novel techniques to exploit emerging technologies like generative AI to ill-effect.
Predicting cybersecurity trends for 2024 will be especially important if organisations want to get ahead of modern cyberattackers. With stakes higher than ever, organisations need to take a holistic approach – accounting for macroeconomic factors, emerging technologies, and cloud risks among others.
Ian Lim, Regional Chief Security Officer, Palo Alto Networks, said, “In 2023, we’ve seen mature organisations, who invest heavily in cybersecurity, still falling victim to debilitating cyberattacks. This is due to the tenacity and ingenuity of attackers who exploit cyber hygiene issues or find novel ways to compromise legacy defences. Another key reason for these breaches lies in the complexity of security capabilities in most modern organisations. They use an average of 31.58 disparate security tools to protect their highly interconnected and innovative environments. The lack of correlation and the level of noise generated by these tools creates immense visibility gaps and dampens their ability for detection and response.”
He added, “Going into 2024, highly motivated cybercriminals, nation state attackers and hacktivists will continue to innovate, expand and exploit – not much we can do to slow that down. However, we could and should definitely address the complexity of our security capabilities with AI to make them more effective and cost efficient.”
Here are the five cybersecurity trends to watch out for in 2024:
Hacktivism: the modern crusade
2023 saw numerous instances of broadcast events being disrupted by climate activists. This year, this protest could take the shape of a cyber-first-campaign. With significant events like the Olympics, the Euros, and regional elections coming up, hacktivists will look to further their cause to audiences in the millions. Previously, a high level of technical expertise was necessary, but the cybercrime-as-a-service model has lowered this threshold. Now, it only takes an extremely motivated activist with sufficient funds.
Tumultuous geopolitical climate will provide opportunities for hacktivists to gain notoriety for their group and sympathy for their cause. Most hacktivist activity is via Distributed-Denial-of-Service (DDoS) attacks. For example, during the G20 Summit in India, more than 30 groups of hacktivists from neighbouring countries attacked more than 600 websites of government and private entities through DDoS attacks, defacements, and data leaks.
In 2024, organisations should evaluate their risk profile according to the evolving threat landscape and ensure coverage not only for financially motivated attacks but also for hacktivism and nation-state attacks.
AI’s role in cybersecurity will evolve, for good and bad
Since ChatGPT’s launch in October 2022, there have been concerns worldwide regarding its potential to democratise cybercrime. Despite having guardrails to prevent malicious applications, a few creative prompts can get ChatGPT to generate near flawless phishing emails that sound “weirdly human” at immense scale. We’ve seen attackers use Gen AI in novel ways like deepfake and voice technology to scam banks out of millions. Companies adopting Gen AI must be wary about the vulnerabilities of model poisoning, data leakage, prompt injection attacks, etc. Attackers will continue to exploit innovation gaps with the increased use of Gen AI for legitimate use cases.
Hence, one of the AI Cybersecurity trends we expect to see in 2024 is the maturation on how we protect enterprise-level use of Gen AI. This involves making sure that security controls, vulnerability management and threat monitoring activities are embedded through the entire lifecycle of AI development projects. Gen AI will further embed itself into cybersecurity capabilities. Its ability to summarise, weed through noise, and give concise summaries of security events is far greater than a human analyst’s (especially at the scale a modern SOC operates). With LLMs getting better by the day, we are bound to see more sophisticated applications that move beyond just being a clever and occasionally-hallucinating chatbot.
Operational technology will remain the low-hanging fruit
Operational Technology is the heart of any industrial organisation. As the primary generator of revenue, OT systems must have a high level of cyber maturity. However many organisations still believe OT environments are protected by an air gap, whereas IT/OT convergence has resulted in OT being more connected than ever to IT and also, in many cases, to the cloud. This has expanded the attack surface and greatly increased the risk to OT networks, without the investment in cyber controls.
A breach of OT systems can not only result in lost revenue, but also potentially, injuries or loss of life. A cyber secure OT environment is also a safe and reliable OT environment. A Zero Trust architecture will protect the most critical OT systems from threats, while allowing organisations to focus on their digital transformation. 2024 will see organisations invest in OT cyber security maturity to protect their most important business systems and manage the increased risk to an acceptable level.
Consolidation to enable the next frontier in cybersecurity
Unit 42’s Cloud Threat Report (Volume 7) found that on average, security teams take approximately 6 days to resolve a security alert, with 60% of organisations taking longer than 4 days. In a threat landscape where attackers only require a few hours to find and exploit vulnerabilities, 4-6 days is just way too long. Organisations with disparate security tools that are not well integrated have a harder time deploying automation and orchestration. This is a major setback to reducing the mean time to detect and the mean time to respond.
In addition to the lacklustre threat response, organisations with siloed solutions are having a hard time securing their rapid digital transformation initiatives. Alongside macroeconomic headwinds and workforce challenges, enterprises are looking to consolidate their vendor spread and reduce complexities. Put simply, it is way easier to manage the cybersecurity stack if there is one point of contact when a crisis inevitably strikes. Over the long term, it reduces costs and yields better results. This is thanks to the increased visibility and seamless integration that comes with a unified security offering. More organisations are waking up to these benefits and thus 2024 will see customers focus on reducing complexities and turning to consolidated cybersecurity stacks.
Securing multi and hybrid cloud will be a focus
Per the State of Cybersecurity survey, APAC organisations are moving large chunks of their infrastructure to the cloud, with 44% adjusting their cybersecurity strategy to adopt cloud security. Early adopters of cloud typically start with a single hyperscaler. Naturally, the single cloud model would adopt native security tools from their chosen Cloud Service Provider (CSP). Through the course of time they experience issues and outages that can only be addressed by adopting a multi or hybrid cloud strategy. This multicloud journey would most likely necessitate a review on their existing cloud security paradigm as native CSP security tools do not seamlessly translate to different CSPs.
In 2024, organisations that have to contend with multi or hybrid cloud projects would move to establishing a more unified approach to security when dealing with more than one cloud provider. Rationalising cloud security tools across the entire development lifecycle will also be a focus as this provides much higher visibility, correlation and security monitoring.