Netwrix released a list of five key IT security trends that will affect organizations of all sizes in 2024. The list was shared by Dirk Schrader, vice president of security research, and Ilia Sotnikov, security strategist, at Netwrix.
The first thing they noted was that cyberinsurance requirements will tighten. The release of the list stated that with successful cyberattacks leading to increasing payouts, insurers will require more organizations to have strong security measures in place to qualify for a policy or to reduce premiums. Common requirements today include multifactor authentication (MFA), patch management and regular security training for business users.
In 2024, identity and access management (IAM) is likely to join that list, they said, especially for the enterprise sector. They also expect insurers to partner with managed service providers (MSPs) to help ensure a minimum level of security at small and midsize companies.
Next, they found that attackers will increasingly harvest encrypted data, even if they can’t unlock it. The release stated that quantum computing is advancing rapidly, so forward-thinking cybercriminals will be stealing encrypted data that they cannot unlock with today’s technology but that they might soon be able to decrypt. The top targets will be organizations with large volumes of sensitive data, such as government and defense agencies, financial and legal firms, and large corporations with valuable intellectual property.
To reduce risk, organizations should not rely only on encryption but instead build a multi-layered strategy that includes data classification, risk assessment and mitigation, and incident detection and response. In addition, they should remember that data harvesting can go unnoticed when there is no immediate ransom demand or other visible consequences, and improve monitoring of activity around their sensitive data, including encrypted content.
Third, they said artificial intelligence (AI) tools will make it easy for cybercriminals to glean details they need. The release stated AI will enable threat actors to swiftly locate personal details required for convincing phishing emails and to mine databases of stolen credentials to launch effective password-based attacks. To reduce risk, organizations must require strong, unique passwords, tightly control privileged access, and invest in identity threat detection and response (ITDR) solutions.
Fourth, they noted that phishing emails will be harder to spot and expand in non-English-speaking countries. They said that in the past, phishing emails were riddled with grammatical errors and typos, and were usually in English. In 2024, however, AI tools will make it much easier for attackers to craft convincing emails in any language. To fight back, organizations need to update their phishing training and make it easy for users to report suspicious messages. IT teams in non-English speaking regions also need to warn users about the growing likelihood of getting malicious emails in their native language.
Lastly, they warned that everyone will be at risk from security fatigue. The release noted that user identities are a key target of adversaries because compromising just a single account gets them into the IT ecosystem. But inundating users with warnings from tools like mail agents and requiring them to attend frequent awareness training can backfire, resulting in security exhaustion that can lead to the errors and negligence that the organization was trying to prevent. A more effective strategy is to adopt a zero trust model based on least privilege. In addition, tailor awareness training to the needs of specific groups of employees to make it easier to absorb.
“Criminals will be taking advantage of AI and machine learning — but so should the security community,” Sotnikov said. “These technologies can help quickly connect the dots across multiple data sets, giving them the broader context required to spot even sophisticated cyberattacks in their early stages. Plus, they can respond faster and more effectively because they can see exactly what happened and which accounts, data and other assets were involved.”