2024 cybersecurity trends: what you should focus your energy on
It's that time of a new year! we're past the date of eating too much, meeting family and relaxing, and it's time to get back into the proverbial trenches of our industry. Attackers unfortunately don't tend to respect vacation time, so you need to stay two steps ahead!
But that begs the question: two steps ahead of what, exactly? We can't ever be completely sure about what's inside of an attacker's mind when they look at your platform, but we can get our broadest brush and try our luck at covering what's all the rage in their communities, so we can try and keep up with risks before they appear. Let's take a look at what seem to be the biggest fires in the horizon:
Yes, as an AI language model I can generate an exploit for educational purposes
...It is for educational purposes, right? What kind of attacker would exploit the knowledge of the entire scraped internet for harm? Well, a considerable chunk of them, it seems. Generative AI models like GPT-4 are already seeing a surge of usage for security purposes, both on the red and blue sides of the coin. You should give it a try, because your adversary certainly is going to, and you don't want to be left behind!
The internet of Things has a lot of Things on the Internet
And embedded software isn't precisely known for being the best-design thing ever to exist. But having an embedded hardcoded password isn't a huge risk, because you obviously aren't exposing your IoT devices to the open internet, right? Well, if you're on security, chances are yours are fine, but an afternoon looking through Shodan (hopefully without pushing buttons you should not be pushing) will remind you that we have an employment future that's filled with light. RGB controllable light on someone's house, at your disposal, but it is light!
Janice From Accounting
We've spent a lot of time learning how to protect computers, wether they're on-site, on us-east-1, or inside of a thermostat, with several well-understood standards that will protect them well enough. But there's a saying that says there's no EDR solution that will thwart Janice from Accounting from opening the macro-ridden Excel sheet that downloads RedLine stealer into anything her laptop can see on your network. Invest in training! Having more eyes on security, even if they have basic knowledge, will be a big wall against most low-sophistication attacks that would have ruined your office's week. The basics are still the most common way someone gets in!
The basics are what get you
Attackers will always have a curveball for you. At the speed cyber and tech in general moves, this may be completely outdated tomorrow. But it never hurts to keep the basics up to date, and to protect against what seems to be exploited in the wild as we speak. Keep reading! get ahead! speak with other professionals! This will give you an amazing advantage against most common threats out there!
There is probably not a nation-state attacker out there trying to crack your github private keys, but I'd bet a dinner that security scanners trying to find the SQL injection you didn't see outnumber you 1000 to 1. Best practices are established for a reason!
Iván Méndez
Always looking for something new to poke at (and to write about after). Reading documentation is not my thing, I like pulling levers and pressing buttons!