Top 12 Cybersecurity Topics in 2024 - Part 4
Thanks to everyone for the comments, questions and messages for the first 3 parts. Those are listed here: Part 1, Part 2, Part 3
We're finishing up with the last 3 items to keep on your watch list for 2024. However, it's up to you to take this list, prioritize and figure out which combination of these priorities is right for your organization. Much like the amazing sculpture above by Mark Peiser security is all about layers... defense in depth.. and finding the right perspective of what your solutions will look like.
We need to stop building BotNets. Over many conversations at local Hacker Conferences, I talk with people who have been in Cybersecurity, get some kind of a niche role, and then discover default passwords on industrial equipment being shipped out the door through suppliers. Though it’s been awhile since we’ve seen a large DDOS attack, and hopefully this indicates improvements in keeping our operating systems patched and separate from botnet systems. With the proliferation of IOT devices being introduced insecurely to the market and then left to “rot” on the internet, we may still see a new wave of devices available for hackers to use in negative ways. (Read my take here: https://www.linkedin.com/pulse/iot-security-efforts-must-keep-pace-ecosystem-brett-thorson/)
The end user needs to become savvier. Business e-mail compromise and romance scams are still being levied against unsuspecting internet users, which in turn fund varied illicit efforts like human trafficking. Educating and increasing the awareness of people most susceptible to these scams, and stemming this flow of cash are both educational and technological solutions in need of exploration. Luckily, it seems the number of people victimized by 419 scams have lessened. Still, GenAI video/audio tools will make the creation of convincing stories designed to swindle the unsuspecting public that much easier.
Speaking of education and awareness, 2024 is as good a time as any to consider your own business continuity, disaster recovery and incident response playbooks. Simply having them laying around won’t do any good. Dust them off and give them a good run-through with a Table Top Exercise / Wargame. It’s always better to have a well-practiced plan to deviate from, than to try teaching and improving upon a plan no one is familiar with mid-crisis.