Tag Archive for: Quantum Computing

Cyber Trends to Watch for in 2024: Navigating the Evolving Landscape

/by

As technology continues to advance at a rapid pace, the cyber landscape is undergoing unprecedented transformations. As we step into 2024, it’s crucial to stay ahead of the curve and be aware of emerging cyber trends.

Keep an eye on these notable trends unfolding in the cybersecurity landscape:

1. AI-Powered Cyber Attacks

Artificial Intelligence (AI) is no longer just a tool for cybersecurity; it’s also becoming a weapon in the hands of cybercriminals. In 2024, we can expect a surge in AI-powered cyber attacks. Attackers are leveraging machine learning algorithms to automate and enhance their attack strategies, making it more challenging for traditional security measures to detect and prevent these threats. Automating attack path analysis and malware analysis with AI are a couple of ways to combat attackers using AI.

According to Springfield FBI, Cybercrime costs businesses more than $10 billion in the U.S. last year, a figure that could reach $10.5 trillion, globally by 2025, according to Cybersecurity Ventures. They also estimate ransomware alone will cost its victims around $265 billion annually by 2031—an astonishing 815 times more than the $325 million that organizations spent on ransomware in 2015.

The average cost of a data breach reached an all-time high of $4.45 million in 2023, according to IBM—a 15.3% increase over the cost in 2020. Knowing what assets you need to protect and important steps you can take to identify and mitigate them is crucial.

2. Quantum Computing Threats

While quantum computing promises revolutionary advancements, it also poses a significant threat to current encryption standards. In 2024, as quantum computing technologies mature, the risk of cryptographic vulnerabilities increases. The primary goal of a cryptographic system is to ensure the confidentiality, integrity, and authenticity of data. Cryptographic techniques are widely used in various applications, including secure communication over the internet, data storage, authentication, and digital signatures. Cryptographic systems play a crucial role in ensuring the security of digital communication and information in various domains, including online banking, e-commerce, secure messaging, and data protection.

The White House and the Homeland Security Department have made clear that in the wrong hands, a powerful quantum computer could disrupt everything from secure communications to the underpinnings of our financial system.

Organizations must start preparing for quantum-resistant encryption methods to safeguard their sensitive information.

3. Ransomware 2.0: Double Extortion

Persistent and evolving, ransomware attacks continue to pose a significant threat. In 2024, we anticipate the rise of “Ransomware 2.0,” which involves double extortion tactics. In addition to encrypting data, attackers are increasingly stealing sensitive information before locking it down. This dual-threat approach puts added pressure on victims to pay the ransom, as the exposure of sensitive data adds a new dimension to the consequences of non-compliance. Prioritizing vulnerabilities and automating compliance checks can improve the efficiency of your security team.

4. IoT Security Challenges

The Internet of Things (IoT) is expanding rapidly, connecting more devices than ever before. Research expert for the consumer electronics industry, Lionel Sujay Vailshery of Statista, estimates that more than 15 billion devices are on the Internet of Things, outnumbering non-IoT devices with 2 of 3 on IoT. However, this increased connectivity comes with heightened security risks. In 2024, we anticipate a surge in IoT-related cyber attacks as attackers exploit vulnerabilities in poorly secured devices. Strengthening IoT security protocols, such as through device authentication and authorization, securing communication channels, keeping firmware and software up to date, and security testing and vulnerability management, will be crucial to prevent widespread breaches. Knowing what is attached and who can get to it will help protect you in the future.

5. Supply Chain Attacks

Supply chain attacks are not new, but they are becoming increasingly more sophisticated, with cybercriminals targeting the networks of suppliers and service providers to compromise the security of the ultimate target.

In a supply chain attack, an attacker might target a cybersecurity vendor and add malware to their software, which is then sent out in a system update to that vendor’s clients. When the clients download the update, believing it to be from a trusted source, the malware grants attackers access to those clients’ systems and information. This is essentially how the SolarWinds attack unfolded in 2020, targeting 18,000 customers.

As organizations continue to rely on a complex web of third-party vendors, securing the entire supply chain becomes paramount in 2024.

6. Regulatory Developments

Governments and regulatory bodies are increasingly recognizing the importance of cybersecurity. We’ve already seen change in New York’s requirements for reporting breaches by company size and in 2024, we anticipate the introduction of more stringent regulations and compliance requirements. Organizations will need to stay abreast of these changes to ensure they meet the evolving standards and avoid legal and financial repercussions.

The cyber landscape is poised for continued evolution. By adopting proactive cybersecurity measures and embracing innovative solutions, we can collectively navigate the challenges and threats that lie ahead.

At RedSeal, we’re committed to fortifying your digital infrastructure. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.

Reach out to RedSeal or schedule a demo today.

Exploring the Implications of the New National Cyber Strategy: Insights from Security Experts

/by

In March 2023, the Biden Administration announced the National Cybersecurity Strategy, which takes a more collaborative and proactive approach.

RedSeal teamed up with cyber security experts, Richard Clarke, founder and CEO of Good Harbor Security Risk Management, and Admiral Mark Montgomery (ret.), senior director of the Center of Cyber and Technology Innovation, to discuss the latest strategy. Both have developed previous national cybersecurity strategies so we couldn’t be more privileged to hear their take on the newest national strategy’s impact on cybersecurity regulations. This blog covers the importance of harmonizing the rules, trends in resilience planning, the role of cyber insurance, the transfer of liability, and the need to keep pace with AI and quantum computing. Keep reading to learn more, or click here to listen in.

Expanding Cybersecurity Regulations

Although this is the first time the administration gives a clear and intentional nod to cybersecurity regulations, the federal government has regulated every other major sector for over 20 years. This step makes sense. Clarke points out, sectors with heavy cyber regulations have fared better in the past two decades than those without. Montgomery predicts that most changes will happen in areas where regulations are lagging, such as water, oil pipelines, and railroads.

But many agencies don’t have the resources for effective enforcement. The government must thus use a combination ofregulations, incentives, and collaboration to achieve meaningful outcomes.

The Importance of Harmonizing the Rules

The new strategy aims to “expand the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety and harmonize regulations to reduce the burden of compliance.” But the expansion of cybersecurity regulations must come hand in hand with better coordination.

Clarke observes, today’s regulations aren’t well-coordinated. Agencies must share lessons learned and align their approaches. Private sectors will benefit from the standardization of various regulations to streamline compliance, reducing cybersecurity complexity and lowering costs.

However, coordination and standardization doesn’t mean a one-size-fits-all solution. Agencies must tailor their regulations to each specific sector. The good news is that we can apply the same network security technologies to any industry and encourage knowledge-sharing across verticals. For instance, we can take the high standards from the defense industry and apply them to healthcare and transportation without reinventing the wheel.

A Focus on Resilience Planning

The cybersecurity definition of resilience has evolved as the world has become more digital. We will get hacked. It is a certainty. Instead of only looking to protect systems from attacks, regulatory mandates must also focus on prompt recovery. The government should also hire industry experts to assess digital resilience plans and stress-test them for reliance.

Cyber resilience must be applied to national security as well as private business. Transportation infrastructure must be able to operate without extended interruption. The economy (e.g., the power grid and financial systems) is our greatest weapon, and must keep functioning during conflicts and crises. Lastly, we must have the tools to quickly and effectively battle disinformation, a new frontier in the fight against nation-state threats.

The Impact of the Internet of Things (IoT)

Regulations must also cover IoT devices, but focus on the networks instead of the thousands of individual endpoints. Clark suggests that organizations should install sensors on their networks and conduct regular vulnerability scans. Montgomery adds to this, emphasizing the need for certification and labeling regimens as part of a long-term plan to make vendors responsible for their products’ performance and security.

Shifting Liability to Vendors

Speaking of making vendors responsible for their products’ performance and security, the new strategy intends to transfer liability to software vendors to promote secure development practices, shift the consequences of poor cybersecurity away from the most vulnerable, and make our digital ecosystem more trustworthy overall.

Clarke agrees that this approach is necessary, but holds that the current regulatory framework can’t support the legal implementation. IT lobbyists, some of the most well-funded and influential players on Capitol Hill, will make enforcement of such a shift an uphill battle. Clarke believes that, unfortunately, this hard but necessary shift may not happen until a tragedy shakes the nation and leaves it the only way forward.

Keeping Pace with AI and Quantum Computing

We, as a nation, have many issues to consider around AI, including beyond security. Clarke points out that we must establish rules about transparency: what’s the decision-making process? How did AI get to a conclusion? Is it searching an erroneous database? Is the outcome biased? Large language models (LLMs) are constantly learning, and adversaries can poison them to impact our decision-making.

While AI is the big problem of the moment, we can’t afford to continue ignoring quantum encryption challenges, cautions Montgomery. We have already fallen behind and must spend a substantial sum today to prepare for what’s in store in 10 years. We must start building quantum security into our systems instead of attempting to jury-rig something on later, adds Clarke.

The Rise of Cyber Insurance and Real-time Monitoring

Montgomery predicts that, if run properly, the cyber insurance market can bring these pieces together. Insurance companies may, for instance, encourage proactive measures by reducing premiums for organizations that invest in cybersecurity upfront and establish a track record of reliability and resiliency.

But organizations must prove they’re continuously protected instead of merely showing “point in time” compliance to take advantage of lower premiums. Real-time monitoring will play a critical role in lowering premiums and maintaining cybersecurity.

A Step in the Right Direction

The new National Cyber Strategy introduces timely and much-needed shifts. We must harmonize regulations to maximize the benefits without overburdening the private and public sectors.

In anticipation of the impending changes, organizations must approach their cybersecurity strategies proactively and implement the right tools and services to stay compliant. These include a comprehensive network security solution for complete visibility and ongoing monitoring, cloud security tools to protect all IT assets, and professional services to ensure airtight implementation and continuous compliance.

RedSeal has extensive expertise and experience in delivering government cybersecurity and compliance solutions. Get in touch to see how we can help you stay ahead in today’s fast-evolving digital environment.