Mike Wilson, founder and CTO of Enzoic, recently shared his security predictions for the year 2024 and beyond, and concluded that while Artificial Intelligence (AI) won't play a prominent role, automated security tests and Machine Learning (ML) driven solutions will become crucial for combating advancing threats.
One major topic Wilson pointed out is the rising popularity of API attacks. "Cloud API Attack Traffic Will Soar," he says. "APIs in the cloud are an increasingly popular threat vector for cybercriminals as, if breached, they expose sensitive data. Part of the appeal is that they are often the easiest way for hackers to access a company's network." Wilson posits that the increasing number of these attacks will result in more organisations deploying security test automation solutions to combat the problem.
He continues to note the changing tactics of cybercriminals, specially their turn towards a subscription-based model. "Various malware, including ransomware and infostealers, will now only be available via a Malware as a Service (MaaS) subscription, making it easy for a bad actor with limited experience to launch sophisticated, targeted attacks at scale," he warns.
The projection also observes the rampancy of cybercrime, regardless of the economic circumstances. "Cybercrime remains immune," Wilson states. "Despite a gloomy outlook for the economy which naturally causes a growth in cyber insurance premiums and double-digit increase in the financial impact of a breach." He stresses that until cyber resiliency becomes a priority for organizations, the cybercrime market will continue to multiply.
Wilson further discusses how a cybersecurity labour shortage, focused around mid-level employees, will cause strain on companies. He notes that many companies are struggling to implement basic measures like Multi-Factor Authentication (MFA) or Single Sign-On (SSO), ⠀mainly because they lack employees with the required skills. "If organizations want to stave off the onslaught of attacks, it's vital that they bolster their teams with proven talent," he advises.
The CTO considers passkeys to be the hot authentication solution of 2024, but warns against assuming that digital credentials fully remove the problem with passwords. "These solutions rely on passwords as the underlying authentication mechanism or MFA, which has its own security flaws," he explains. "Private keys are starting to be allowed to roam between devices, which in turn introduces the risk that users share their keys willingly or unwillingly in a phishing attack".
Wilson highlights the need for a more modern, layered approach to authentication, driven by the recurring failures of MFA. "In 2024, I think we'll see a collective recognition that MFA is no longer a security fail-safe," he says. 'We've seen instances of infostealers being used to bypass MFA, and this will only intensify as enterprises continue the mass migration to MFA."
He is hopeful for more stringent cybercrime regulations in the future, which he believes could help curb the flourishing cybercrime rates. "Regulations will be introduced that will materially punish organizations that continue to ignore the requirements", Wilson suggests.
Finally, he talks about the major security threats posed by open-source code and IoT devices. "Open-source is the foundation for nearly all software, meaning that an exploited vulnerability in the code could create a devastating ripple effect across the supply chain," warns Wilson. "In 2024, you can expect a slew of new ML-driven solutions to enter the market to help address this growing problem with IoT devices."