As 2024 is upon us, the cybersecurity landscape is characterized by dynamic shifts and evolving threats, presenting both challenges and opportunities for businesses, particularly small and medium-sized businesses (SMBs). As certain threats, such as ransomware and phishing, become increasingly commonplace, the emergence of AI-driven advancements and heightened attention from nation states in the cyber arena are fostering an environment of evolving threats. This necessitates ongoing vigilance from organizations of all scales and individuals alike. SMBs in particular need to develop their awareness of the evolving threat landscape as they increasingly become the targets of threat actors.
We will explore some of the key areas which we believe warrant attention, and which need to be on the radar of all organizations wishing to maintain a strong cybersecurity posture:
- Increased Focus on AI and Machine Learning in Cybersecurity: The integration of Artificial Intelligence (AI) and Machine Learning (ML) technologies into cybersecurity solutions is reshaping the way organizations detect, prevent, and respond to cyber threats. Threat detection, through technologies like those developed by NTT, has long been an arena where Machine Learning has been a critical component. We can now expect the use of AI to extend beyond merely performing detection, but also into the entire SecOps process. In 2024, we can anticipate a heightened focus on AI-driven security tools, enabling SMBs to bolster their defenses against increasingly sophisticated attacks through proactive threat detection and automated response mechanisms.
- Growing Importance of IoT Security: With the proliferation of Internet of Things (IoT) devices across various industries, ensuring the security of these interconnected devices is paramount. SMBs must prioritize IoT security by implementing robust device authentication mechanisms, encryption protocols, and continuous monitoring to mitigate the risk of IoT-related cyber threats and safeguard sensitive data.
- Expansion of Remote Work and Cybersecurity Implications: The widespread adoption of remote work, accelerated by the COVID-19 pandemic, has fundamentally transformed the traditional workplace paradigm. In 2024, even SMBs must grapple with the cybersecurity implications of remote work, including securing remote access channels, implementing robust endpoint protection measures, and fostering a culture of cybersecurity awareness among remote employees.
- Evolution of Phishing Attacks - Use of AI and Improved, Professionalized, and Scaled Phishing: Phishing attacks continue to evolve in sophistication, leveraging AI-driven techniques and increasingly professional tactics to deceive unsuspecting victims. SMBs must increase their vigilance against phishing threats by implementing robust email security solutions, conducting regular employee training on phishing awareness, and deploying advanced threat intelligence platforms to detect and mitigate phishing attempts effectively.
- Taking Advantage of Trust: Through its Global Threat Intelligence Center, NTT is seeing increasing numbers of breaches occurring through the use of legitimate credentials (via stolen or leaked credentials or account takeover) to take advantage of trust within environments. We have also seen this with the trust being placed in cloud, third parties, supply chain and SaaS providers to gain access to corporate environments. The use of multi-factor authentication can minimize the ability of threat actors to utilize stolen credentials, while the adoption of zero trust security, and especially the adoption of the principle of minimum privilege (i.e. only giving users access to the resources they really need) can help to reduce the “blast radius” of breaches if they do happen.
- Enhanced Focus on Mobile Security and Growing Prevalence of Mobile Cybercrime: With the proliferation of mobile devices in the workplace, mobile security is emerging as a critical priority for SMBs. With Bring Your Own Device (BYOD) policies increasingly prevalent for mobile devices, organizations cannot rely on their staff alone to maintain the security of mobile devices and the business data stored on them. It is becoming increasingly important to bolster mobile security posture by implementing mobile device management solutions, enforcing strong encryption protocols, and conducting regular security assessments to mitigate the risk of mobile cybercrime and data breaches.
- Edge Device Abuse: We expect to see a continued uptick in abuse of edge network devices. These devices, including routers, firewalls, and IOT devices, typically aren’t monitored as well as internal systems, don’t have as verbose logging for forensic or hunting purposes and typically don’t support security software such as application whitelisting, antivirus or EDR like a Windows host would. Adversaries are using these devices as proxies into the network for access, persistence or data storage and staging for exfiltration.
- Activities of Nation States, Espionage, and “Sleeper Botnets”: Nation-states and cybercriminal organizations are increasingly leveraging advanced techniques, including "sleeper botnets," for espionage and cyber warfare purposes. Companies must remain vigilant against nation-state-sponsored attacks by keeping hardware and software patched and up to date with security patches, conducting regular security audits, and collaborating with government agencies and industry partners to detect and mitigate advanced threats effectively. We have seen threat groups like Volt Typhoon taking advantage of outdated routers and firewalls to “pre-position” themselves in order to be able to execute attacks sometime in the future.
- Cybersecurity Skills Gap and Education: The cybersecurity skills gap continues to pose a significant challenge, especially for SMBs, hindering their ability to recruit and retain qualified security professionals. SMBs must invest in cybersecurity education and training programs for their employees, leverage external resources such as managed security service providers (MSSPs), and collaborate with industry partners to bridge the cybersecurity skills gap effectively.
- Discovery of Significant Dwell Times: While ransomware and extortion actors are focused on getting in and getting data out as quickly as possible, nation state or more advanced adversaries are looking to remain within an environment as long as possible. We have seen several high profile breaches lately where an actor may have been in the network for months or even years. It is expected that these types of breaches will continue to be discovered and announced. Combined with an increase in dwell times is a greater prevalence of Living off the Land (LOTL) attacks, where threat actors abuse legitimate software tools in an environment to either establish their presence (for future action) or to access and exfiltrate data.
- Increasing Attacks on Major Events, Especially the 2024 Paris Olympics: Major events, such as the 2024 Paris Olympics, are prime targets for cyber attacks, including ransomware attacks, DDoS attacks, and data breaches. If NTT’s experience with the 2020 Tokyo Olympics, where it dealt with 450 million security events, is anything to go by, the Paris Olympics will be a major target for cyber attacks. Companies, especially SMBs, involved in organizing or supporting major events will need to pay particular attention to their security posture.
- Consolidation Around SecOps: The convergence of security operations (SecOps) and DevOps practices is driving a shift towards more integrated security approaches, enabling organizations to streamline security operations and improve incident response capabilities. Even SMBs will need to embrace SecOps principles by fostering collaboration between security and development staff, automating security workflows, and leveraging security orchestration and automation platforms to enhance their security posture.
In conclusion, navigating the complex cybersecurity landscape in 2024 requires proactive risk management, continuous monitoring, and a collaborative approach to security. SMBs will need to increasingly make cybersecurity an area of focus, in order to protect their businesses as they catch up to larger businesses in terms of security posture. A key component of this is SecOps, where SMBs will need to adopt the tooling required to detect threats, manage investigations and respond to incidents. XDR brings the capabilities that larger enterprises have developed over many years within the reach of SMBs through the provision of an affordable set of integrated tools which are delivered from the cloud. To experience the advanced security operations tooling needed by modern businesses at a price that is within reach of an SMB’s budget, start your 30 Day Free Trial of Samurai XDR today.
Featured articles
How to Build a Resilient Cybersecurity Strategy for MSPs
26 September 2024 | Webinars
In today's rapidly evolving threat landscape, MSPs are on the front lines of cybersecurity. As threats become more sophisticated, MSPs...
Tips for Implementing XDR in Multi-Cloud Environments
19 September 2024 | Cybersecurity 101
As businesses increasingly adopt cloud environments, securing hybrid and multi-cloud infrastructures has become critical. Extended Detection and Response (XDR) solutions...
Top Cybersecurity Risks for Small Businesses in Remote Work
17 September 2024 | Cybersecurity 101
Remote and hybrid work environments expose SMBs to greater cybersecurity risks. Effective strategies like VPNs, Zero Trust, and multi-factor authentication...