Looking Into The 2024 Cyber Crystal Ball: What Is Going To Happen???

 

From my experience, you usually do not hear what is predicted for the Cybersecurity landscape for the next year until you have reached Q4 of the existing year.  But since we are now in the halfway point of the year, people have already started to make predictions. 

But believe it or not, it is not for 2023, but rather, it is for 2024!!!  Yes, you read me correctly.  When I came across a couple of news articles that mentioned this, I had to rub my eyes a few times to make sure I was seeing things correctly.

But its true.  So what is predicted?  Let’s take the plunge:

1)     Cloud adoption will stop:

After the COVID-19 pandemic hit, many businesses started to realize the strategic benefits of moving to the Cloud (like AWS or Azure), on a 100% basis.  Of course, there are those companies that are still lagging behind on this; either their existing systems are too complex to the move to the Cloud (which means part of it will be in the Cloud and the other part will remain On Prem) , or the business owner is simply not convinced that the Cloud is the way to go.  In fact, some 59% of all businesses in Corporate America are now in the Cloud, at peak levels.  At the present time, one of the key advantages of the Cloud is that it offers fixed, and affordable pricing.  So the business owner will at least now what the expenditures will be for the coming year.  But it is feared that with these huge moves to Private or Public Hybrid Cloud deployments, this monthly fee will greatly escalate, thus making it far less affordable than what it is right now.  Also, there are fears that all of the great resources which are available right now will simply stall out because there will be a heavy reliance upon the major Cloud providers to come up with new innovations upon external, third parties.  But apart from this, the biggest fear is that of data privacy, and how well the PII datasets will be protected in the Cloud.  Data leakages are still a big issue, but keep in mind that this is not the fault of the AWS or Azure, but rather it is the fault of the Cloud owner, due to not configuring their infrastructure properly. In fact, it has been cited that some 63% of all data leakages that take place can be attributed back to some sort of misconfiguration (AWS S3 buckets have been getting hit hard in this respect).

(SOURCE:  https://cloudsecurityalliance.org/press-releases/2022/04/12/new-cloud-security-alliance-survey-finds-saas-misconfigurations-may-be-responsible-for-up-to-63-percent-of-security-incidents/#:~:text=of%20Security%20Incidents-,New%20Cloud%20Security%20Alliance%20Survey%20Finds%20SaaS%20Misconfigurations%20May%20Be,63%20Percent%20of%20Security%20Incidents).

2)     Activism will take a turn for the worse:

At the present time, many large activist groups are venting their frustrations and feelings out on the social media channels, most notably that on Facebook and Twitter.  While this so far has been contained, there is grave fear that by 2024 they could turn to the dark side, and launch Cyberattacks of their own, thus giving them the new founded term of “Hacktivists”.  The seeds have been sown with this with the Russian – Ukraine conflict, where many activists have come to the help of the latter by launching Cyberattacks against Russian targets.  While this can be deemed as an eye for an eye tactic, the concern is that by 2024, Hacktivist groups will start to attack the Critical Infrastructure of nations around the world in order to make their viewpoints and stances known. 

3)     Making use of Open-Source tools:

With everything now moving to the Cloud, and the respective providers now even embracing the use of Open-Source packages (to my surprise, I was surprised to see the sheer amount of Open-Source tools that are available in Azure) the software development community is now trending towards using more freely available tools that are available on the Internet, such as APIs to help in the source code creation efforts.  But as I have written about before, many of these APIs go untested, unpatched with many holes and gaps which exist in them.  Very often, this goes untested, making the final product full of backdoors for the Cyberattacker to penetrate into.  In fact Gartner has even predicted that by 2025, some 70% of all software projects that are created will have an Open-Source component to it that has not been fully vetted.

(SOURCE:  https://www.gartner.com/en/newsroom/press-releases/2021-11-10-gartner-says-cloud-will-be-the-centerpiece-of-new-digital-experiences).

My Thoughts On This:

Ok, so there are still two years out for all of this happen, if it does come true.  So what can you do mitigate these risks from happening to you:

1)     Try to remain as apolitical as possible.  I am not talking about doing this from your personal life, but rather from the standpoint of you being a business owner.  As far as possible, you should refrain (as well as your employees) from making sharp political stances, and posting them on social media sites.  In today’s digital world, you simply do not know who is watching you and where.  True, you can have all of the advanced technologies in your lines of defenses, but the best line of defense here is to simply stay mum and silent, and instruct your employees to do the same, at least when it comes to posting political things on company owned sites.

 

2)     With regards to the use of Open-Source APIs, your best bet is to sandbox them first, see where the holes and vulnerabilities lie at, and fix them, before you release the APIs into the source of the project that your team is developing.  In fact, source code checking has started to become a hot button topic today, and is expected to get more under the microscope.  In fact, I will be writing an eBook on this very topic in Q1 of 2023, so stay tuned.

 

3)     In terms of the Cloud, I would not worry about anything stagnating quite yet.  The truth of the matter is that the AWS and Azure will want to remain competitive with another as far as possible, so there will be many innovations that will be coming out.  If not, they will simply lose customers, which they don’t want to see happen.  I can’t speak for the AWS, but I know that so far, there has been a great job done by Microsoft in order to keep Azure glimmering with new functionalities.  But remember, just don’t make a sudden plunge into the Cloud.  You need to come up with a detailed plan first, and any migration must take a phased in approach.  Also in this plan, you need to detail how you will use the security tools and features that the AWS or Azure provide to you, and how you will make sure that all is configured properly to avoid data leakages.  Always make use of a Cloud Services Provider (CSP) if you can, as they can help you every step of the way, both pre and post migration.

Will there be now predictions made for 2025 even before 2022 is over?  Well, we will have to wait and find out.