2023 was an active year for cyberattacks. Industry thought leaders and researchers share their insights into the most common attack vectors.
Rom Hendler, CEO and co-founder of Trustifi:
We saw a spike in late 2023 of close to 250 percent in phishing by way of QR codes, based on our data scans. The codes can circumvent traditional email filters since they’re treated like innocuous images. In addition, ChatGPT, FraudGPT, WormGPT, and other artificial intelligence (AI)-driven platforms have made it frighteningly easy for bad actors to churn out convincing malicious code, emphasizing the need for cybersecurity solutions that leverage robust AI.
Joey Stanford, VP of Data Privacy & Compliance, Platform.sh:
Ransomware was the most common type of attack in 2023, affecting 62 percent of organizations, driving the need for proactive ransomware defense to prevent data encryption, exfiltration, and extortion by cybercriminals. Organizations must implement backup and recovery strategies, endpoint protection, threat intelligence, and incident response plans to mitigate the impact of ransomware attacks.
Martin Hedley, Advanced Cyber Security Engineer at ISN:
We have seen supply chain cybersecurity attacks increase in frequency throughout 2023 and anticipate that trend line to keep increasing in 2024, especially as bad actors are also leveraging AI to create more malicious attacks faster than ever before. There are absolutely cybersecurity concerns companies need to be mindful of. The first is to determine what security controls are put in place to protect that company’s data when it’s shared with third parties. Also, organizations need to ensure that contractors and vendors have a strong internal security posture that follows industry best practices.
A couple of primary motives for attackers are financial gain and the ability to make a statement. Nothing makes a statement more than the widespread disruption caused by taking out critical infrastructure. This segment must be particularly strategic in how they manage supply chain cybersecurity risk to become more resilient to attack. The most critical part of tracking cybersecurity due diligence is making the process standardized, repeatable, and applicable to all supply chain participants.
To respond to this pervasive and growing threat, cybersecurity professionals and regulators are developing creative solutions to combat cyberattacks. Industry thought leaders share what they see as the most significant developments in 2023.
Leveraging Artificial Intelligence
This year, we saw the increased use of artificial intelligence (AI) and automation to enhance security capabilities, reduce human errors, and save costs. According to a report by Gartner, 64 percent of organizations have utilized AI for security capabilities, and another 29 percent are considering it. AI and automation can help detect anomalies, analyze vulnerabilities, and respond to threats faster and more effectively than human experts.
Dylan Border, Director of Cybersecurity at Hyland:
We’re in an industry that has been making use of AI functions for the past several years now and only saw it continue to accelerate functionalities in 2023. It’s one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible for us at scale in our tools, like SIEM and endpoint protection platforms. It’s also heavily used in sandbox tools, which analysts use to safely inspect malicious code and executables to understand exactly what these samples are trying to do, and how they could be used to impact their unique corporate environment. AI helps make these complex, manually intensive human tasks happen immediately – which ultimately helps keep companies more secure by having the answers we need so much quicker and providing the ability for security teams to act sooner.
Open Source Hardware Security
Ed Maste, Senior Director of Technology at the FreeBSD Foundation:
Software-centric security dominates cybersecurity discussion, but advances in open-source hardware security expanded that conversation in 2023. New and maturing instruction set architectures (ISAs) are enabling game-changing security strategies for developers by denying malware the right to access exploits or even operate on hardware in the first place. ISAs such as x86 and Arm have long included some hardware-based protections and newer extensions that make reliable exploits even harder.
But most recently, open-source CHERI (a research project extending a number of ISAs, including CHERI Arm and CHERI RISC-V) saw substantial momentum in 2023 with a breakthrough approach to controlling memory access with hardware-enforced bounds and permissions while retaining compatibility with existing software. The Morello platform from Arm, the most advanced prototype of this technology, now offers developers a fully memory-safe environment. At stake: millions of C/C++ apps with a long history of known memory exploits. Rewriting those apps is cost-prohibitive. CHERI researchers have demonstrated a full memory-safe desktop application stack built on open-source FreeBSD that required only minimal software adaptation.
Additionally, recently announced designs and products by Microsoft (in the form of the CHERIoT IoT-focused microcontroller) and Codasip, with a family of CHERI-RISC-V cores, are bringing CHERI to market.
Government Regulations and Enforcement
President Biden’s executive order on AI is certainly a step in the right direction and the most comprehensive to date; however, it’s unclear how much impact it will have on the data security landscape. AI-led security threats pose a very complex problem, and the best way to approach the situation is not yet clear. The order attempts to address some of the challenges but may end up not being effective or quickly becoming outdated. For instance, AI developers Google and OpenAI have agreed to use watermarks, but nobody knows how this is going to be done yet, so we don’t know how easy it’s going to be to bypass/remove the watermark. That said, it is still progress, and I’m glad to see that.
Cam Roberson, Director of Channel, Beachhead Solutions:
Complying with government agencies’ cybersecurity regulations isn’t the sexiest subject matter for most businesses to focus on. And yet, for many, regulatory enforcement is quickly becoming the single biggest cybersecurity-related risk they face, this year and even more so into 2024. Regulatory requirements and enforcement are expanding on just about every front—and the risks of non-compliance are real and accelerating.
For example, the FTC Safeguards Rule now requires any business that transfers money to and from customers (and isn’t already under the purview of another regulator) to effectively secure customer data. This affects millions of previously unregulated businesses that are now subject to six-figure fines per violation, additional fines that can personally target business leaders, and risk to their business’s licensing. Organizations in or adjacent to the healthcare field subject to HIPAA need to be aware that HIPAA fines have become more actionable. Regulators have shifted strategies from massive seven-figure fines that were rarely enforced to $35,000-$50,000 fines per violation that businesses are fully expected to pay.
While the ubiquity of cyberinsurance to protect businesses from these fines’ impact continues to be another key development to pay attention to, cyberinsurance policies require the same security protections as major compliance mandates. There will continue to be less leniency for organizations that don’t have the encryption, data access controls, and other non-negotiable capabilities required by most cybersecurity compliance regulations.
A Look Ahead
In light of cybersecurity trends that gained momentum in 2023, the industry can expect more of the same – and yet unseen risks in 2024. Zach Moore, Product Manager, Security at InterVision Systems, businesses, and organizations need to answer some questions to strengthen security:
“More than 50 percent of organizations will suffer a breach in 2024. The scale and cost implications of these breaches, however, will vary, increasing the importance of cybersecurity risk assessment. What investment costs are required to prevent, respond to, and recover business intelligence after a breach? How do those costs stack up to the inevitable costs of a breach, including long-term losses like customer loyalty and brand reputation damages?”
“Next year, organizations that answer these questions by consulting with a cybersecurity partner to determine effective risk mitigation will benefit significantly,” Moore concludes.