The concepts of ‘exposure’ and ‘resilience’ as expected to dominate the cyber security strategies of organisations.

By Richard Ford | Integrity360 CTO

Integrity360 | Best Security Consultancy of the Year 2023

As every year in cyber security proves, the landscape is constantly evolving. We are witnessing threat actors leveraging novel techniques and advanced technologies like AI to challenge organisations and their security teams.

Integrity360 research highlighted this trend, with a notable increase in security alerts handled by Sec Ops teams and AI & Data Theft ranking high among concerns. Another key trend was the widespread adoption of MSSP and MDR services, now considered standard practice for nearly all organisations. This shift underscores the importance of selecting the right partners to augment internal security teams and empower organisations to achieve their goals securely.

The past year was characterised by significant upheaval and transformation, setting a complex backdrop for the cyber security landscape. The ongoing conflict in Ukraine, economic uncertainties, and the advent of groundbreaking generative AI tools like ChatGPT have all contributed to a rapidly shifting environment. Amidst these changes, the cyber threat landscape has remained alarmingly active, with record-high levels of cyber-attacks, including some of the world’s largest companies falling victim to sophisticated breaches.

In 2024, the concepts of ‘exposure’ and ‘resilience’ are expected to dominate the cyber security strategies of organisations. ‘Exposure’ in this context refers to the extent to which organisations are vulnerable to cyber threats – the attack surfaces that can be exploited by malicious actors. This includes everything from technical vulnerabilities to human factors and the increasing interconnectedness of digital systems. Managing and reducing this exposure is critical to safeguarding data and infrastructure.

‘Resilience’, on the other hand, is about an organisation’s ability to withstand and recover from cyber-attacks. It’s not just about having robust defences in place but also about the capacity to respond effectively when breaches occur. This encompasses having well-practiced incident response plans, the agility to adapt to new threats, and the capability to maintain critical operations under duress.

Exposure Management

Continuous Threat Exposure Management (CTEM) is expected to take hold as a core concept in the industry. CTEM will enable organisations to be more proactive about identifying and assessing key problem areas in the attack surface that has grown substantially in the last couple of years. However, this will extend beyond just identifying and addressing vulnerabilities, into developing a more comprehensive understanding of exposures, enabling organisations to alter their posture, configuration security, external digital risk, looking at users, security controls, supply chain, and other key pieces of the puzzle needed to change to ensure the highest risks are mitigated efficiently and effectively on an ongoing basis. 

A more widespread embrace of CTEM is also likely to accelerate the convergence of key security tools.  

The Growing Importance

Exposure management will no longer be optional. Cyber threats have diversified, and having an extensive understanding of your organisation’s security posture is essential. The value of exposure management has surged, particularly in light of increasing internal security threats stemming from employees, contractors, third party tools, and even business partners. The industry has predominantly and logically focused on detecting and recovering from threats, but the continuous identification, prioritisation, and remediation of exposures will see a greater focus.

Resilience will be vital

At its core, cyber security resilience refers to an organisation’s ability to prepare for, adapt to, recover from, and grow stronger in the face of cyber threats or attacks. Unlike traditional cyber security approaches that focus solely on prevention, resilience accepts that no system is entirely impregnable. It’s not a question of if a cyberattack will occur, but when. Thus, resilience offers a more holistic view of cyber security, combining prevention with preparedness and adaptability. 

A resilient cyber security framework adopts a multi-layered strategy, bringing together technology, people, and processes. While technology handles preventive measures such as firewalls and endpoint protection solutions, organisations must create policies that foster a culture of security. Equally critical is the human element, which entails insider risk management, employee training, and awareness programmes to mitigate human errors and insider threats.

Artificial Intelligence – Friend, Foe or both?

Artificial intelligence (AI) is revolutionising the world, offering benefits like automating tasks and bolstering cyber security, but it also introduces complex cyber threats. This analysis focuses on the impacts of deepfakes, generative AI, and AI in social engineering on cyber security.

Deepfakes & Generative AI: These technologies are advancing rapidly, creating realistic false realities. Deepfakes, which can alter and synthesise faces, expressions, and voices, present significant risks, and the emergence of Generative AI engines makes the creation of Deepfakes relatively trivial without requiring in-depth technical knowledge. The internet already has numerous videos with mimicked voices of world leaders, which can harm reputations, impersonate officials, or influence stock markets. Deepfakes also facilitate financial fraud by generating fake IDs.

AI in Social Engineering: Social engineering attacks are becoming more complex with AI algorithms that can convincingly mimic human conversation, thus becoming more deceptive. AI-powered bots can engage in realistic interactions, significantly improving their ability to manipulate.

AI technology is also making it harder for threats like malware to bypass detections. As AI learns what’s normal for specific environments, malware must be tailored to individual environments to evade detection. Consequently, while threats increase, defences also advance with AI.

AI stands as full of promise but also risk requiring careful and informed management to prevent misuse. The deployment of AI technologies like Microsoft’s Co-pilot or Gen AI tools offers immense potential but also poses risks to sensitive data. These tools, while increasing productivity, streamlining operations and decision-making, can inadvertently expose confidential information, underscoring the need for robust security to protect data in the AI-driven business landscape.

The Cloud

Cloud security is set to advance significantly, addressing challenges created by agile, rapidly changing environments and complex attack surfaces. Firms are increasing their investment in cloud threat detection and response (CDR) and Cloud Native Application Protection Platforms (CNAPPs) with over a third planning significant budget growth.  Multi-cloud strategies will likely become prevalent, offering cost savings and flexibility but also complexity in data management and integration. Cloud computing will drive innovation in IoT, blockchain, and quantum computing, facilitating rapid experimentation. 

 Sustainability will be a focus, with major cloud providers aiming for net-zero emissions and renewable energy use. Privacy concerns will be addressed through technical, legal, and regulatory measures, ensuring data safety in the cloud. Serverless computing models will offer cost efficiency and operational focus, charging only for resources used.

Prepare for the future

Organisations must prioritise understanding and mitigating their exposure while simultaneously building resilience to endure and bounce back from inevitable cyber incidents. This dual focus will be crucial in navigating the complex and evolving cyber threats, and it’s inevitable that AI will be at least part of the answer.

Looking ahead, the cyber security horizon is influenced by a mix of ongoing growth in cyberattacks and significant geopolitical events. Conflicts around the world continue to fuel cyber-attacks, encompassing both nation-state actions and hacktivism.

Additionally, the upcoming elections in the UK and the US are expected to amplify these challenges. The role of deepfakes, AI, and social engineering in recent elections, combined with technological advancements, suggests a significant impact on future political events. This influence is expected to expand beyond traditional nation-state actors, with the democratisation of technology enabling even non-technical individuals to manipulate images and videos amidst global unrest.

While the nefarious use of AI by threat actors poses significant risks, we will also see AI technologies increasingly adopted to enhance business operations. Security leaders will need to treat AI as a double-edged sword, balancing enhanced productivity with the protection of sensitive data.

Another dominant theme for is cloud security. As organisations move beyond the initial “lift and shift” phase, the focus will shift to developing cloud-native operation models. Despite some organisations reassessing the cost benefits of the cloud and considering data repatriation, cloud security investment is expected to surpass traditional security spending. This trend highlights the necessity of embedding security by design into cloud infrastructure, impacting not only technology but also people and processes.

The ongoing consolidation and convergence within the security technology landscape will continue to shape the industry. Security leaders will need to navigate a rapidly evolving technology environment, described as “today’s products, tomorrow’s features.”

Given the increased attacks, use of AI, geopolitical threats, and a complex, evolving landscape, the future is one where organisations need to focus on building resilience.

This involves strengthening resilience in our people, processes, and technology. The complexity of IT systems introduces vulnerabilities, making it crucial to understand, manage, and mitigate exposure across the extended IT estate comprehensively.

Integrity360 is committed to helping our customers harness AI and other managed services to boost their resilience and successfully tackle the security challenges of the future.

Securing a cloud enterprise requires a different approach that doesn’t assume trusted network boundaries or put implicit trust in any user, device, or application. This reality has given rise to two complementary security paradigms that are poised to reshape cybersecurity in the cloud era: zero trust security and secure cloud transformation.