The potential benefits and pitfalls of generative artificial intelligence technology. The ongoing conflict between Russia and Ukraine and new tension in the Middle East. Increasing scrutiny of cybersecurity leaders and their decisions. Ransomware attacks targeting casino resorts.
These are some headlines that made news in the cybersecurity community throughout 2023. While a significant portion of news coverage over the last 12 months has focused on generative A.I., including the recent upheaval at OpenAI involving its co-founder Sam Altman, sophisticated cyber attacks continue to damage networks and expose user data.
While full statistics for the year are still being tabulated, a recent report from the Identity Theft Resource Center cited 2,116 data compromises in 2023, a 17 percent increase from the 1,802 total compromises tracked by the organization in 2022. Another survey by security firm SonicWall noted that ransomware attacks increased by nearly 75 percent in the second quarter of 2023 compared to the first quarter.
As tech professionals start thinking about 2024, a look at some of the major cybersecurity issues of the last 12 months can bring perspective and help plot a course for the new year, as well as provide a roadmap for the skills and knowledge needed for career success.
To help understand these events and provide additional context, Dice spoke to several cybersecurity and tech experts and insiders to get their insights and perspectives on these cybersecurity issues and what they mean for tech pros.
A.I. Technologies Continue to Hold Promise, Challenges
Whether it’s OpenAI’s ChatGPT, Google Bard or another large language model (LLM), A.I. platforms—especially those generative A.I. breakthroughs that have produced virtual chatbots and other tools—dominated conversation in 2023 and will continue to do so well into 2024.
Generative A.I. is likely to further transform the role of cybersecurity throughout many organizations beyond automating manual tasks. It’s a reason why tech pros not only need to keep up with developments but also adjust their skill sets to demonstrate that they understand what the tech can do, as well as where the industry is headed.
“This will be an amazing tool that will change the way we do our jobs, including everyone from hackers to defenders and users,” said Bryan Willett, CISO at Lexmark. “Many forms of A.I. have been built into security tools for years. Generative A.I. creates an easy way for hackers to craft very good phishing emails. For security teams, it will increase the efficiency of the defenders, bringing key pieces of information together quickly to inform on the risk and actions to be taken.”
As the technology develops further, Darren Guccione, CEO and co-founder at Keeper Security, sees additional potential for cybersecurity, which also means tech pros must understand how it will change their jobs.
“For cybersecurity professionals, A.I.’s natural language processing capabilities enable it to streamline threat intelligence analysis, extracting valuable insights from vast datasets to stay abreast of emerging threats,” Guccione said. “ChatGPT can assist in real-time incident response by providing quick insights and suggestions during security incidents. Cybersecurity professionals can use these capabilities to analyze logs, identify potential attack vectors and recommend mitigation strategies.”
The flip side of these developments is that attackers are mastering A.I. as well, which then requires new ways of thinking about how tech and security pros need to defend their organizations.
“[This past year] also saw an increase in A.I.-powered cyber threats and the use of deepfake technology in cyber fraud,” said Mike Eisenberg, vice president of strategy, privacy and risk at consulting firm Coalfire. “These developments represent a new frontier in cyber threats, where the lines between reality and fabrication blur, demanding new approaches in cybersecurity strategies.”
A Greater Role for Government
While the private sector rushed to take advantage of generative A.I. technology over the past year, the government also took an active interest in the technology and how private businesses as well as threat actors were using it.
This led the White House to issue a sweeping executive order that looked to direct the development of A.I. Over the last year, the Biden administration has also taken a much greater and more active role in cybersecurity, creating other rules and regulations that address several issues ranging from increasing the cyber workforce to ensuring government agencies have the tools they need to react to cybersecurity threats.
“The executive orders and National Security Strategy are public, outward declarations of intent, but the more important result has been actions taken by collaborations of government and private sector security companies across borders. United States government agencies have collaborated more deeply with private companies and researchers this year than ever before, seeking advice and sharing information that is both actionable and timely—standing in contrast to what private industry has come to expect in years past,” said Randy Pargman, director of threat detection on security firm Proofpoint.
“There is no doubt that the government operations targeting cybercrime today are several times more effective and potent than the operations of just a few years ago, mainly due to unleashing the power of more agencies and intentional collaboration between public and private entities,” Pargman added. “There is still plenty of room for improvement, so it should be no surprise if this collaborative approach is even more effective in the years to come.”
Casino Cyber Compromise
While significant ransomware incidents make the news nearly every week, the attacks that targeted MGM Resorts and Caesars Entertainment in early September stood out for the disruptions that the incidents caused, the amount of data compromised and the damage to the two companies.
The attacks have been attributed to a cyber criminal dubbed Scattered Spider, and it’s believed that the incidents cost MGM $100 million in damages (the company did not negotiate) while Caesars paid out $15 million to the group, according to Reuters.
“These hackers breached MGM's network using social engineering, stole sensitive data, and encrypted over a hundred ESXi hypervisors,” said Sarah Jones, a cyber threat intelligence research analyst at Critical Start. “ESXi servers are integral to virtualization and play a crucial role in managing virtual machines, making them an attractive target for ransomware operators. Active ransomware groups are increasingly focusing on infiltrating and encrypting VMware ESXi servers, utilizing specialized Linux encryptors tailored for this purpose.”
What the ransomware attacks involving MGM and Caesars demonstrate is that attackers are getting better at working around protections such as multifactor authentication (MFA). In turn, organizations and tech pros need to rethink their security posture, noted RSA CISO Rob Hughes.
“I expect [organizations] will continue to be targeted in 2024, along with other methods that try to find ways around MFA,” Hughes said. “Organizations can prepare by reviewing their business processes and hardening them as appropriate for their risk level, developing a culture that puts security first, and establishing the identity verification capabilities and processes needed to give a path to resolve legitimate issues without endangering the organization.”
Coalfire’s Eisenberg added that these large-scale events also require organizations and their IT and security teams to take a step back to determine their weak points and what can be done to shore up defenses.
“The significant cyber events of 2023, especially the large-scale MGM and Caesars ransomware attack, serve as a stark reminder of the relentless and evolving nature of cyber threats,” Eisenberg said. “They underline the need for constant vigilance, innovative defense strategies, and collaborative efforts to safeguard against increasingly sophisticated cyber adversaries. Understanding and responding to these threats is not just a matter of technical necessity but a strategic imperative for the safety and stability of our digital world.”
Conflict Abroad and Compromises at Home
While world events can seem far away, the ongoing conflict between Russia and Ukraine, and now the war between Israel and Hamas, can bring these fights close to home, especially within the cybersecurity realm.
For over two years, security organizations have warned that malware and other cyber tools Russia is using against Ukraine could compromise other networks. The new conflict in the Middle East, which started in October, has also raised cybersecurity concerns, with the U.S. Department of Homeland Security and FBI issuing a joint public alert.
“As geopolitical tensions continue to rise across the globe and lines of affiliation are drawn and redrawn, it will be difficult to anticipate what, if any, direct effect wars will have on the enterprise threat landscape,” Heath Renfrow, co-founder of security firm Fenix24, said. “The lesson must be: We are always at war with cyber threat actors. The threat is present each and every day, and the consequences of breaches are severe; companies must always be on war footing, ignore trending data and continually evolve their defenses along with the evolving threats they face.”
International conflicts also give advanced persistent threat groups (APTs) a forum to demonstrate and deploy their techniques. In turn, cybercriminals can learn from these events, which then increases pressure on security teams to better protect their organization. This can require more skills to better detect these incidents.
“Cybercriminals are expected to further refine their APT techniques, complicating detection and mitigation,” Jones at Critical Start said. “This refinement may involve using artificial intelligence, machine learning and advanced social engineering in spear-phishing campaigns. The adoption of APT techniques by cybercriminals represents a significant shift in the cybersecurity landscape, impacting governments, businesses, and individuals.”
CISOs in the Crosshairs
Now that cybersecurity is critical to everyday business operations, the pressures on CISOs and security leaders have grown. A Gartner study finds at least half of these executives will change jobs due to the pressure of keeping up with breaches and attacks.
Adding to the stress, government regulators and law enforcement have also begun to ask tougher questions about cybersecurity policy and those responsible for it within organizations. In May, the former CISO for Uber was sentenced to three years of probation and fined $50,000 for his role in covering up a data breach.
In October, the U.S. Securities and Exchange Commission announced charges against SolarWinds and its CISO, alleging fraud and internal control failures relating to known cybersecurity risks and vulnerabilities linked to the infamous 2020 Russian-linked attack.
This scrutiny is bound to profoundly affect CISOs and other security leaders, which could change the nature of the job and those looking to climb the management ladder.
“This [SEC] lawsuit could touch any person in a management position in any company. The executive team does not have time to work on every risk detail in a company, and they rely on their management structure to make risk decisions regularly,” Lexmark’s Willett said. “When the CISO meets with the executive team, they need to focus on the highest-risk items related to their infrastructure and business. One important point to make: CISOs need to have a discussion with their directors, officers and insurance carriers to make sure they are covered.”
The increasing role that regulatory and government agencies are playing in cybersecurity requires new outlooks, new methods and new skills to address these changes, experts note.
“While the Wells Notice to the CISO of SolarWinds may seem ominous for CISOs, it should seem equally obvious that CEOs and boards are on the hook for full visibility and sign-off on security programs, giving CISOs some air cover,” Renfrow said. “While we have to take a ‘wait-and-see’ approach to how accountable leaders will ultimately be, one thing is certain: for the health of their business, they can no longer keep their heads in the sand.”
APIs: Hidden Security Threats Requiring Vigilance
While APIs might not seem top-of-mind when it comes to the biggest security threats, these software tools are increasingly vulnerable to attacks and compromise.
While ransomware might get more headlines, the last 12 months have had a fair share of stories about how compromised APIs have led to data breaches. One example is a breach at T-Mobile that allowed attackers access to the data of 37 million customer accounts.
These styles of attacks require tech pros to understand how many APIs an organization is using and where vulnerabilities are lurking.
“Organizations can make API security more attainable by fostering collaboration between security and engineering teams, utilizing code-generated API documentation for accurate testing, integrating security tests early in development pipelines, providing developers with contextual vulnerability information and automating routine security tasks,” said Scott Gerlach, co-founder and CSO at StackHawk, said. “This approach enables a proactive security strategy, minimizes vulnerabilities, and allows security teams to focus on complex testing, enhancing the organization’s overall API security posture.”
Understanding APIs, where the software is used within the organization’s infrastructure, and the vulnerability and flaws inherent in these is a critical skill now and in the future, said Nick Rago, Field CTO at Salt Security.
“Security teams within organizations must have the ability to continuously discover the APIs that exist in their environment. They must understand the purpose of each API to assess if it has the correct security posture and ensure it is exposing the correct level of data based on its purpose,” Rago said. “Organizations need proper API runtime protection. Runtime protection is essential to uncover potential threats and defend against data leaks. By seeing and understanding API behaviors as they are being used, organizations can spot anomalies to quickly identify and stop any API misuse or abuse when an adversary tries to take advantage of a badly designed or misconfigured API.”