\nArtificial intelligence, and generative AI (GenAI) specifically, captured the world\u2019s imagination in 2023, as we all marveled at the technology\u2019s potential for good and evil. Cybersecurity teams were no exception.<\/p>\n
Yes, cyberattackers quickly leveraged GenAI for malicious purposes, such as to craft better phishing messages<\/span><\/a>, build smarter malware<\/span><\/a> and quickly create and spread misinformation<\/span><\/a>.<\/p>\n But cyber defenders also saw this powerful technology begin to find its way into their tool boxes \u2013 boosting a broad swath of cyber capabilities, including vulnerability detection, identity and access management (IAM), incident response, malware analysis and security operations.<\/p>\n In short, the optimism over AI\u2019s promise for cyber defense was palpable this year.<\/p>\n Among 3,800 senior executives surveyed for PwC\u2019s \u201c2024 Global Digital Trust Insights\u201d report, 69% said their organizations plan to use GenAI for cyber defense in the next 12 months, while 47% already use it for cyber risk detection and mitigation.<\/p>\n The \u201cState of Cybersecurity 2024\u201d report from the Computing Technology Industry Association (CompTIA), which polled 511 U.S. business and IT pros involved in cybersecurity, shows how respondents foresee using AI.<\/p>\n Tenable, whose products have had AI technology for years, was very much at the center of this trend, as it integrated GenAI capabilities across the Tenable One Exposure Management Platform<\/span><\/a> in 2023.<\/p>\n \u201cAI has the potential to change how cybersecurity professionals search for patterns, how they explain what they\u2019re finding in the simplest language possible, and how they decide what actions to take to reduce cyber risk,\u201d former Tenable CPO Nico Popp wrote in the blog \u201cAI Is About To Take Cybersecurity By Storm<\/span><\/a>\u201d.<\/p>\n For more information about using AI for cybersecurity, check out these Tenable resources:<\/p>\n VIDEOS<\/strong><\/p>\n Tenable CEO Amit Yoran discusses AI and preventive security on CNBC<\/span><\/a><\/p>\n How Generative AI is Changing Security Research: The Development of the G-3PO Tool<\/span><\/a> 2 – And an AI challenge: Using it safely and responsibly<\/strong> No small task. Global AI regulations are in flux, and organizations are scrambling to adopt usage policies. This year, we saw high-profile incidents in which employees inadvertently entered confidential corporate information into ChatGPT<\/span><\/a>.<\/p>\n McKinsey & Co.\u2019s \u201cThe state of AI in 2023: Generative AI\u2019s breakout year<\/span><\/a>\u201d surveyed 1,684 organizations, of which 913 are using AI in at least one business function. Among those, 548 are using GenAI.<\/p>\n The study found only 21% have GenAI usage policies; only 38% are actively mitigating its cybersecurity risks; and 28% are mitigating its compliance risks.<\/p>\n Of particular interest to cyber teams is the issue of protecting enterprise AI systems from cyberattacks, the topic of the Stanford University and Georgetown University report \u201cAdversarial Machine Learning and Cybersecurity: Risks, Challenges, and Legal Implications<\/span><\/a>.\u201d<\/p>\n Here\u2019s a small sampling of advice and recommendations issued in 2023:<\/p>\n 3 – CNAPP takes center stage in cloud security<\/strong> Here are some telling data points from the Cloud Security Alliance\u2019s \u201cCloud Native Application Protection Platform Survey Report,\u201d which was released in August and polled 1,200 IT and security pros:<\/p>\n (Source: Cloud Security Alliance\u2019s \u201cCloud Native Application Protection Platform Survey Report, August 2023)<\/em><\/p>\n To learn more about cloud security and CNAPP, check out these resources from Tenable:<\/p>\n VIDEO<\/strong><\/p>\n What is a Cloud-Native Application Protection Platform?<\/span><\/a><\/p>\n 4 – Cloud adoption further complicates IAM security<\/strong> Here\u2019s a telling stat: Roughly between mid-2022 and mid-2023, 90% of organizations suffered at least one identity breach. That\u2019s according to the Identity Defined Security Alliance\u2019s \u201c2023 Trends in Identity Security\u201d report, which surveyed 529 respondents in charge of IT security or identities.<\/p>\n Why the difficulty in protecting digital identities? Reasons respondents gave included:<\/p>\n Meanwhile, the U.S. Cyber Safety Review Board (CSRB) spotlighted IAM security in its August report of the Lapsus$ cyber extortion group. \u201cIAM weaknesses were a consistent theme in attacks across all targeted entities and present opportunities to make ongoing improvements,\u201d reads the report<\/span><\/a>.<\/p>\n Recently, Tenable CTO Glen Pendley stressed the importance of securing cloud identities in his Dark Reading article \u201cSecuring Cloud Identities to Protect Assets and Minimize Risk<\/span><\/a>.\u201d<\/p>\n \u201cMost attacks we see today are client-side attacks, in which attackers compromise someone’s account and use their privileges to move laterally and access sensitive data and resources. To prevent this, you need visibility into your cloud’s identity infrastructure,\u201d he wrote.<\/p>\n For guidance for beefing up IAM security, check out:<\/p>\n 5 – Known vulns: Everything old is new again<\/strong> That was a key insight from Tenable Research\u2019s \u201c2022 Threat Landscape Report<\/span><\/a> (TLR),\u201d released in February. Tenable Research found this issue so prevalent that it ranked known vulnerabilities first on the report\u2019s list of 2022\u2019s top vulnerabilities.<\/p>\n (Source: \u201cThreat Landscape Report\u201d from Tenable Research, February 2023)<\/em><\/p>\n However, putting all the blame on security teams for not patching these bugs would be naive and simplistic, Tenable CSO and Head of Research Robert Huber cautioned.<\/p>\n \u201cThe lesson here is that the broad array of siloed cybersecurity tools and systems organizations have in place is not helping to reduce risk,\u201d Huber wrote. Instead, cyber teams need a holistic view of their organization\u2019s attack surface to properly manage risk and exposures, he added.<\/p>\n In June, CISA disclosed<\/span><\/a> an incident that exemplifies this issue: Multiple attackers breached the web server of an unnamed U.S. federal agency by exploiting known, years-old vulnerabilities.<\/p>\n Further illustrating the challenge of prioritizing vulnerability remediation, CISA\u2019s Known Exploited Vulnerabilities (KEV) catalog<\/span><\/a> reached 1,000 items in September. By tracking known bugs exploited in the wild, it\u2019s meant to help vulnerability teams prioritize. CISA marked the milestone<\/span><\/a> in a blog and tackled the question of how to now prioritize \u201cwithin the KEV.\u201d<\/p>\n For more information about detecting, prioritizing and fixing vulnerabilities, check out these Tenable blogs:<\/p>\n 6 – The stakes get higher for OT security in critical infrastructure<\/strong> In terms of quantity, cyberattacks against critical infrastructure appear to be on the upswing globally, based on many reports that gather these stats for specific states<\/span><\/a>, countries<\/span><\/a>, industry sectors<\/span><\/a> and attack methods<\/span><\/a>.<\/p>\n The chart below, which tallies actual and projected global attacks costing victims more than $1 million, comes from the study \u201cImpact, Vulnerabilities, and Mitigation Strategies for Cyber-Secure Critical Infrastructure<\/span><\/a>,\u201d published in April by researchers from Florida International University and Utah Valley University.<\/p>\n (Source: \u201cImpact, Vulnerabilities, and Mitigation Strategies for Cyber-Secure Critical Infrastructure\u201d study from Florida International University and Utah Valley University, April 2023)<\/em><\/p>\n Governments, worried about these facilities whose services are essential to society and to national security, took steps to boost their cybersecurity.<\/p>\n For example, here are some CISA initiatives:<\/p>\n For guidance on critical infrastructure cybersecurity:<\/p>\n VIDEOS<\/strong><\/p>\n Tenable.ot Security Spotlight – The Ransomware Ecosystem<\/span><\/a> And a bonus item!<\/strong> Adopted in July and finalized with some amendments in September, the rules establish new requirements for publicly traded companies regarding disclosures about their cybersecurity incidents, risk management, strategy and governance.<\/p>\n Their goal? To make cybersecurity disclosures more consistent, comparable and useful for decision-making, which will benefit companies, their investors and the markets, the agency said in a statement<\/span><\/a>.<\/p>\n For example, with some exceptions, companies must disclose cyber incidents four business days after deeming them material, and describe their nature, scope and timing, as well as their actual or potential businesss impact. (In a bizarre pressure tactic, a ransomware gang filed an SEC complaint<\/span><\/a> against a victim, alleging it didn\u2019t comply with the new disclosure rules.)<\/p>\n \u201cFor a long time, the largest and most powerful U.S. companies have treated cybersecurity as a nice-to-have, not a must have. Now, it\u2019s abundantly clear that corporate leaders must elevate cybersecurity within their organizations,\u201d Tenable Chairman and CEO Amit Yoran told the Associated Press<\/span><\/a> in July. He shared more of his thoughts in this LinkedIn post<\/span><\/a>.<\/p>\n The new SEC rules are part of a broader trend by governments worldwide to place more accountability for cyber incidents on both technology vendors<\/span><\/a> and cybersecurity leaders<\/span><\/a>.<\/p>\n To get more details about the new rules, check out this July FAQ<\/span><\/a> from Tenable; this statement from the SEC\u2019s Division of Corporate Finance<\/span><\/a> director; and guidance from the FBI<\/span><\/a> and the Justice Department<\/span><\/a>.<\/p>\n Also, check out coverage and analysis from CyberScoop<\/span><\/a>, The National Law Review<\/span><\/a>, TechCrunch<\/span><\/a>, SANS Institute<\/span><\/a> and SecurityWeek<\/span><\/a>.<\/p>\n![\"\"](\"https:\/\/oberig-it.com\/wp-content\/uploads\/2024\/01\/risunok-1-tenable-obzor-klyuchevyh-tendenczij-kiberbezopasnosti-v-2023-godu-ot-speczialistov-tenable.png\")
<\/p>\n\n
\nMaking Decisions Easier with AI<\/span><\/a><\/p>\n
\nHere\u2019s another way in which AI impacted cyber teams in 2023: As organizations rushed to adopt AI to boost business operations, cyber teams \u2013 along with others like IT, GRC and legal \u2013 got tasked with ensuring AI use is secure, compliant and responsible.<\/p>\n![\"\"](\"https:\/\/oberig-it.com\/wp-content\/uploads\/2024\/01\/risunok-2-tenable-obzor-klyuchevyh-tendenczij-kiberbezopasnosti-v-2023-godu-ot-speczialistov-tenable.png\")
<\/p>\n\n
\nIn the vast cloud security landscape, one development stands out: The accelerated adoption of cloud native application protection platforms (CNAPPs), as cybersecurity teams grapple with growing multi-cloud complexity.<\/p>\n\n
\n– comprehensive visibility over security posture (25%)
\n– data posture understanding and data protection (16%)
\n– multi-cloud threat protection (13%)<\/li>\n<\/ul>\n![\"\"](\"https:\/\/oberig-it.com\/wp-content\/uploads\/2024\/01\/risunok-3-tenable-obzor-klyuchevyh-tendenczij-kiberbezopasnosti-v-2023-godu-ot-speczialistov-tenable.jpg\")
<\/p>\n\n
\nSecuring identity and access management (IAM) systems, a perennial challenge, remained complex in 2023, largely due to cloud adoption growth.<\/p>\n\n
\n
\nAnd in 2023, we re-confirmed that a frustrating scenario continues to play out: Attackers widely exploiting known vulnerabilities for which patches have long been available.<\/p>\n![\"\"](\"https:\/\/oberig-it.com\/wp-content\/uploads\/2024\/01\/known-vulns-everything-old-is-new-again.jpg\")
<\/p>\n\n
\nUrgency about the cyber safety of critical infrastructure grew in 2023. Threats multiplied and attacks intensified, especially from nation-state actors<\/span><\/a>, as the attack surface for these organizations expanded due to factors like the convergence of IT and OT systems, and cloud adoption.<\/p>\n![\"\"](\"https:\/\/oberig-it.com\/wp-content\/uploads\/2024\/01\/risunok-4-tenable-obzor-klyuchevyh-tendenczij-kiberbezopasnosti-v-2023-godu-ot-speczialistov-tenable.jpg\")
<\/p>\n\n
\n
\nTenable.ot Security Spotlight – Ransomware in OT Systems<\/span><\/a><\/p>\n
\nThis blog highlights six cyber trends, but it\u2019s the season of giving so here\u2019s one more: the new cybersecurity-disclosure rules from the U.S. Securities and Exchange Commission<\/span><\/a> that just went into effect.<\/p>\n![\"\"](\"https:\/\/oberig-it.com\/wp-content\/uploads\/2024\/01\/risunok-5-tenable-obzor-klyuchevyh-tendenczij-kiberbezopasnosti-v-2023-godu-ot-speczialistov-tenable.png\")
<\/p>\n