Entering 2024 brings us well into the third decade of the new millennium. Do you recall how tentatively and maybe naively we approached the year 2000? We stressed over two bytes in COBOL programs and regression tested every line of code to make sure all of our systems were ready to go at midnight on January 1, 2000. The world breathed a collective sigh of relief and off we went - to create web, mobile, and cloud apps; to turn embedded software into the internet of things (IoT) and democratize computing in a way that was only a dream just a short 23 years ago.
With massive shifts and changes in computing in the wake, where are we going in 2024 and what cybersecurity opportunities and challenges lie ahead?
It’s the business that matters – maturing of the industry
Cybersecurity is not about fear, uncertainty, and doubt (FUD); it is about delivering business outcomes such as board a plane quicker to mitigate flight delay penalties, heat or cool my house efficiently to manage energy consumption in a variety of climates, or reduce waste in manufacturing to minimize product recalls.
Notice there was not one mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes. This is what we have to aspire to when thinking about our businesses and cybersecurity. It has to be about the business first, advancing the experience of the customer, and removing friction.
Cybersecurity is now a business requirement and to be part of the business, cybersecurity teams need to act, well, like a member of the business team.
Over the past three years, cybersecurity as a market rapidly matured. We are in the midst of market consolidation with individual point products being acquired by and integrated into platform offerings. These platform offerings will continue to evolve through acquisition of smaller vendors, partnering, and innovation.
The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider.
In 2024, expect to see the continued maturation of the cybersecurity business and platform vendors embrace the idea of delivering on cybersecurity-as-a-service. The tooling companies of yesterday want to be the business partner of today. There is far more value in the relationship of being a business partner vs. being a provider of a commodity technology solution. Platforms are critical to a business while tools are tactical to help at a given point in time.
SOC of the future
With the democratization of computing comes the expansion of the attack surface. The more digital the world becomes, the greater the attack surface. This is simply a fact. Securing that ever-expanding attack surface is where we will see innovation.
The security operations center (SOC) needs to modernize to keep pace with the always-on and digital-first world that is being delivered through edge computing. The SOC of the future will need to expand to address:
Edge computing: Edge computing is real. Defined by three primary characteristics: software-defined, data-driven, and distributed; edge computing use cases are expanding to deliver business outcomes.
And, as these use cases deliver advances for the business, all of the technology changes – networks with lower latency, applets that are ephemeral, and a digital-first experience are the requirements for all edge computing use cases.
Edge computing needs to be addressed and managed by the SOC. There are diverse endpoints, new software stacks, and a rapidly changing attack surface that needs to be mapped and understood.
Edge computing is a sea-change in the world of computing. In 2024, expect to see SOCs begin to determine how edge computing needs to be secured. SOCs will explore a variety of management activities including understanding diverse and intentional endpoints, complete mapping of the attack surface, and ways to manage the fast-paced addition or subtraction of endpoints.
Data security: Edge computing is the next generation of computing and is all about data. A characteristic of edge computing says that the applications, workloads, and hosting are closer to where data is being generated and consumed. And edge computing is about a near-real-time and digital-first experience based upon the collection of, processing of, and use of that data.
The data needs to be free of corruption to assist with decisions being made or suggested to the user. This means the data needs to be protected, trusted, and usable.
In 2024, expect strong data lifecycle governance and management continue to be a requirement for edge computing use cases. Data security is something a SOC will begin to manage as part of its management of edge computing.
Endpoints plus: Endpoints are diversifying, expanding, and maturing. Industry analyst firm IDC projects the worldwide spending on IoT to surpass $1 trillion in 2026. Recent research shows 30% of participants expanding their endpoints to include new diverse and intentional assets such as robots, wearables, and autonomous drones – while 47% use traditional endpoints such as phones, tablets, laptops, and desktops. Endpoints are critical to business.
Today, most SOCs offer some type of endpoint detection and response (EDR) or extended detection and response (XDR), but how are SOCs preparing to not only manage but identify in precise detail the status, location, make, and model of this rapidly expanding world of endpoints?
In a world of edge computing comprised of diverse and intentional endpoints, it is important for the SOC to know the precise location of the endpoint, what the endpoint does, the manufacturer of an endpoint, whether or not the endpoint is up to date with firmware, if the endpoint is actively participating is computing or if it should be decommissioned, and host of other pieces of pertinent information. Edge computing expands computing to be anywhere the endpoint is – and that endpoint needs to be understood at a granular level.
In 2024, expect to see startups provide solutions to deliver granular detail of an endpoint including attributes such as physical location, IP address, type of endpoint, manufacturer, firmware/operating system data, and active/non-active participant in data collection. Endpoints need to be mapped, identified, and properly managed to deliver the outcomes needed by the business. An endpoint cannot be left to languish and act as an unguarded point of entry for an adversary.
In addition to granular identification and mapping of endpoints, expect to see intentional endpoints built to achieve a specific goal such as ease of use, use in harsh environments, energy efficiency. These intentional endpoints will use a subset of a full-stack operating system. SOCs will need to manage these intentional endpoints differently than endpoints with the full operating system.
Look for significant advancements in how SOCs manage and monitor endpoints.
Mapping the attack surface: The attack surface continues to expand. We continue to add diverse endpoints and new types of computing. As we add new compute, legacy computing is not retired – complexity and the attack surface continue to grow.
It is important for the SOC of the future to understand what the attack surface looks like visually. This sounds simple, but it is difficult to distill the complex into a simple representation.
In 2024, expect SOCs to seek a way to easily map the attack surface and correlate relevant threat intelligence to the mapping. To effectively do this, other aspects of the SOC of the future will need to be realities.
Overall, 2024 brings opportunities to SOCs to modernize their offerings and extend their strategic value.
MFA gets physical
Multi-factor authentication (MFA) is a way of life. The benefits far outweigh the slight inconvenience imposed. But is our current way of thinking about MFA as something you know, a passcode; something you have, a phone; and something you are, a fingerprint sufficient?
Think about why MFA is so critical. MFA helps with authorization and authentication for mission-critical and safety-critical work. It prevents unauthorized access to critical information. MFA is an easy to implement step for good cyber hygiene.
Now, let’s take this a step further and look at how the something you are part of MFA can enhance safety to a greater extent. Today, the something you are part of MFA routinely accepts fingerprints, facial recognition, or retina scans. Biometric and behavioral MFA can go a step further in helping with business outcomes.
Biometric and behavioral MFA can help with identifying the veracity of an individual as well as the fitness to perform a function. For example, a surgeon is given access to the hospital, restricted areas, and the operating room through a series of MFA verifications. But, once in the operating room how is it determined that the surgeon is fit to perform the surgical task? Behavioral MFA will soon be in play to make sure the surgeon is fit by adding another layer of something you are.
Behavior MFA will determine fitness for a task through identifying things such as entering a series of numbers on a keypad, handwriting on a tablet, or voice analysis.
In 2024, expect to see more discussion of expanding MFA and the something you are aspect to include fitness for a task. This is an outstanding bit of innovation that will continue to evolve our digital world.
Know your AI terms
This blog would be remiss without mentioning the term AI. In 2023, AI became the most talked about technology because of the broad usage of generative AI for everything from writing term papers to marketing materials to legal briefs. The lowest common denominator of AI usage was released. However, generative AI has struggles with hallucination, collapse, and a garbage-in-garbage-out irony.
Generative AI will impact social engineering and make phishing, quishing, and smishing more difficult to detect. Intentionally malicious code may be more difficult to detect and, in some cases, may be integrated into legitimate branches of source code. All of this means we have to be more aware and vigilant.
Machine learning has long been a tool of data scientists, security researchers. and threat intelligence teams. The technology is superb at scanning large data sets and pattern matching.
Next up in the AI frenzy is something that few are discussing, deep learning. Deep learning is about producing predictions based upon complexities in data. This can help in predicting a threat before it happens. Deep learning models have a large enough dataset to use past observations to predict future activity.
In 2024, expect deep learning to enter the cybersecurity conversation to take the industry to places that machine learning is not able to take us. More data and more observations help hone future predictions.
A new year is always exciting and moving into 2024 is no exception. Technology continues to surprise and delight us.
Timing is ripe for innovation, and we were treated to a glimpse of the future in 2023.
Looking ahead, 2024 is the year of the business understanding security and security starting to understand the business.
Here’s to a year of innovation!
Theresa Lanowitz is Head of Evangelism at AT&T Cybersecurity.