I’ve never liked being pessimistic about cybersecurity. Because while cybercriminals are intelligent, capable, and motivated, so too are the CISOs, analysts, engineers, and investigators charged with keeping organizations safe.
But I don’t want to ignore the risks—or overlook the instances when cybersecurity fell short in 2023. Last year, cybersecurity suffered some significant, expensive, and headline-grabbing defeats. Ransomware attacks cost a Las Vegas resort roughly $100 million and forced hospitals to divert ER patients. The MOVEit vulnerability allowed threat actors to steal information from a facility used to dispose of defense-related nuclear waste. Nearly 7 million people’s ancestry data was stolen from 23andMe.
I don’t think these trends will change in 2024. In fact, I think they’re poised to get worse: between the U.S. presidential election, growing numbers of users, devices, entitlements, and environments, and the use of AI to create and refine cyberattacks, 2024 is going to be a challenge for the cybersecurity industry, critical infrastructure, and other industries. I think organizations will face significant economic and geopolitical volatility that will drive cyberattacks to an all-time high over the coming year.
Don’t get me wrong: I think we’re able to meet these challenges. But we can’t ignore them. We must prepare.
One of the ways that RSA is preparing is by speaking with our customers, partners, analysts, and team to anticipate the top trends in identity security that we believe will shape 2024. We’ve distilled those conversations into a new ebook that details some of the most concerning cyberattacks of 2023, the new technologies that will transform the threat landscape, and the trends that we think will frame the coming year.
Some of those trends began last year, with threat actors finding ways to bypass multi-factor authentication (MFA) or the recent targeting of IT help desks. Some represent the culmination of years of effort: this year, we expect that organizations will finally make significant progress in deploying passwordless authentication.
And some trends may have already come to pass: our ebook predicts that legal firms will come under attack this year. Unfortunately, the Orrick, Herrington & Sutcliffe breach seems to bear that out.
Our ebook also details the ways that MFA regulations are setting a higher standard for cybersecurity, and in turn compelling threat actors to up their game, explores why organizations that are moving to multicloud environments need Cloud Identity Entitlement Management (CIEM), details new mobile security threats, and much more.
Each of the trends we discuss in the ebook underscores the urgent need for organizations to prioritize their identity security now.
Identity—including how users authenticate who they are, the entitlements that they’re permitted to access, and the management of those credentials over time—is under attack. That’s not new to 2024: if you were to look back at any given year’s Verizon Data Breach Investigations Report, you’d likely find threat actors using compromised credentials in the vast majority of breaches.
What is new is the frequency and impact of those attacks. Between the operational disruptions, damage to an organization’s brand, and regulatory fines, the fallout from a given data breach is harder to endure. What’s also new is that threat actors simply have more targets to attack.
But organizations don’t need to wait for the future to happen to them. By gaming out the future, organizations can test their responses, evaluate their capabilities, and anticipate how thinking adversaries will look for a new gap to exploit.
As worthwhile as the predictions themselves are, what’s far more valuable is the actions that we take afterwards. By anticipating the future, we can change it. Let’s get started.