We're proud to be named a 2024 Publisher's Choice winner!

We're an RSA Conference 2024 Innovation Sandbox Finalist!

As we hurtle into this new year, it’s already clear that there is an evolving set of cyber risks that organizations will need to contend with successfully to manage threats and grow their organizational resilience in 2024. Below, I’ll outline three of the biggest ones, sharing recommendations and execution checklists that can help enterprises enhance their threat readiness and elevate security postures as the threat landscape continues to evolve.

Trend #1: The Growing Danger of SaaS Breaches

SaaS is everywhere in modern organizations—for identity, customer relationship management (CRM), human resources (HR), operations and many other common use cases. In a world where organizations increasingly rely on SaaS providers, there is also growing danger.

Looking back over 2023, there is no shortage of SaaS breaches that had a broad impact.

Among the many incidents was the Okta breach in October which exposed organizations to risk at the identity layer for SaaS. Sumo Logic also disclosed an impactful SaaS breach, advising its many users to reset API keys in early November.

While individual breaches are a concern, the bigger problem is that most companies lack sufficient control and visibility over all the SaaS apps utilized by employees thought the organization, along with the potential threat these apps introduce to their environment. This creates systemic risk, as compromised SaaS credentials can potentially provide wide access to sensitive systems and data. If an attacker breaches a SaaS provider, they could instantly access troves of customer information or operational data. However, visibility and control over SaaS usage is often lacking. Given the vast attack surface, assuming a breach will occur is prudent.

How to protect against SaaS risk in 2024

Individual organizations that are customers of SaaS vendors have very limited (if any) ability to completely prevent a breach at a SaaS provider. Just because individual organizations can't fully prevent SaaS breaches, it doesn't mean there is no ability to limit risk.

Rather than just trying to prevent any SaaS breach, organizations need resilience by improving detection capabilities and rapid response. Simply put you need to be ready to respond rapidly. The ability to respond is predicated on several capabilities including collecting all the needed telemetry from SaaS applications, having the right tools, expertise and services for SaaS incident response. Given that SaaS breaches are likely, it's also a good best practice to regularly simulate breaches of key SaaS apps to help prepare.

Execution checklist:

Trend #2: The Mind Games of Cyber Warfare

The evolution of psychological warfare tactics, known as PsyOps, will redefine cybersecurity. The historical use of PsyOps has evolved from technical disruptions to sophisticated tactics like threats of publicly releasing stolen data, intensifying psychological pressure.

New regulations requiring companies to publicly disclose breaches faster than ever, including recent U.S. Securities and Exchange Commission (SEC) guidelines have amplified the leverage attackers gain through these mind games. Facing mandated disclosure timelines, organizations feel pressured to respond on the hacker’s terms. “If you don't pay, we're going to talk about how we attacked you,” a criminal may threaten. In fact that exact situation recently played out, with the Alphv/BlackCat ransomware gang filing a complaint with the SEC, that an organization the ransomware gang breached, had not actually disclosed the incident.

So now, not only is there the potential 'fear' of being breached, but also the fear of having a breach disclosed without an organization first detected. Going a step further, a threat adversary can claim that a breach has occurred, causing reputation and perhaps financial damage to an organization, even though an actual breach never happened.

How to protect against psychological operations in 2024

Defenders need the capability to rapidly gather detailed breach information to respond appropriately and rapidly.

Simply put, you need to have information. The only way to fight against misinformation and disinformation is with information. If you know everything that happened, then you can decide what you share. If a threat adversary makes a claim, you can respond, because you know exactly what, if anything, happened.

Tabletop exercises can also help security teams prepare by rehearsing incident response plans for emerging psychological threats.

Execution checklist:
  • Collect and retain log and observability data
  • Define “materiality” in advance, and make sure you have the procedures and tools to assess materiality during an incident
  • Enable rapid response to claims
  • Tabletop testing for incident response

Trend #3: Smarter Attacks Driven by AI

In 2023, across the entire IT landscape no one trend was perhaps as pervasive as the growth of generative AI.

Attackers have not sat idly by in the emerging AI revolution. Attackers are increasingly utilizing AI in a variety of ways to exploit organizations. AI will enable the same types of attack vectors and techniques we have seen for years, but now we'll see many more of them. AI enables attacks, like phishing for example, to be executed faster than ever before. No longer is language a barrier for attackers, as well written phishing attacks have become easier to generate.

What's happening with generative AI is that we are going to have more phishing and social engineering attacks because it's easier to do. What used to require significant effort by an attacker to collect information and then tailor the message can now be done almost with a click of a button using generative AI.

Generative AI will also increasingly be used by attackers in support of psychological warfare operations. Attackers can potentially generate content to make it look like something occurred that in fact did not. This is an area where the possibility of "deepfakes" for different forms of content can represent a real risk.

AI also helps to enable scale and automation for attacks that organizations will need to defend against in 2024.

How to protect against AI attacks in 2024

The volume, speed and sophistication of AI-powered attacks are things that organizations need to prepare to defend against in 2024.

In the past, when it was harder and took more time for a phishing email campaign to proliferate, an organization could afford having a person taking a day or more to investigate it. In the AI-powered era, if it takes an hour for the phishing campaign to be deployed, then you need to be able to respond to that in an hour. This is where organizations need to introduce automation and advanced logic to respond to the amount and quality of attacks that are generated by AI. Once again, rapid access to telemetry and evidence is crucial for incident response. Being able to find fake information with real information is critical.

Execution checklist:
  • Collect and retain log and observability data
  • Enable automation for rapid incident response

Advanced preparation is key to managing these pivotal 2024 threats. Organizations must build modern capabilities to rapidly gather breach intelligence, conduct AI-powered threat analysis, and prove false information wrong. With the right focus on preparedness and resilient incident response, security teams can effectively navigate the year ahead to help their enterprises thrive.


April 23, 2024

Don't miss these stories:

Mitiga Wins Global InfoSec Award for Cloud Threat Detection Investigation & Response (TDIR)

We’re proud to report that at the open of today’s RSAC24, Mitiga was awarded the Publisher's Choice Cloud Threat Detection Investigation & Response (TDIR) from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine.

Here's Why Traditional Incident Response Doesn’t Work in the Cloud

Traditional incident response (IR) learned from on-premises investigations doesn’t work in the cloud. Today's threat actors are finding misconfigurations and vulnerabilities to allow them to penetrate cloud environments.

Why Did AWS Replace My Role’s ARN with a Unique ID in My Policy?

After several years of working with AWS, IAM remains one of the most frequently used services in my daily routine. Yet, despite my familiarity with it, a recent production incident taught me that there’s always more to learn.