TECH NEWS
2024 Cybersecurity Trends: What You Need to Know
Learn more about data security posture management, AI security risks, and other current threats to prepare your 2024 cybersecurity strategy.
January 18, 2024
By Brian Vecci, CTO at Varonis
Robbers don’t break into a bank to steal the pens. Similarly, today’s cyber threat actors aren’t interested in gaining access to your environment just to take a look around. They are after your most valuable and vulnerable asset: your data.
As security teams prepare for a new year, the pressure of continuous data growth, stopping multiple attack vectors, and shifting priorities from internal stakeholders and outside organizations can make choosing the right data security approach complicated.
Where should you focus your attention? We’ve got some ideas.
-
All things AI security
Artificial intelligence came into full force this year, and it’s no surprise to learn that the trend will continue in 2024.
While most of the attention on AI has been regarding the productivity gains the tech can provide organizations, security concerns have also begun to surface.
However, managing permissions in collaborative, unstructured data platforms can be complex. Whether your teams are using external AI tools like ChatGPT or generative AI tools like Microsoft Copilot, you need to make sure your data is secured and that only the people who need access to sensitive information are the ones with access. Using productivity tools like Copilot and Salesforce Einstein, for example, means that you could expose yourself to a massive amount of risk if your data isn’t secure first, and companies really struggle with this.
When Varonis conducts risk assessments, we typically see several files accessible through org-wide and external sharing links, essentially making a company’s sensitive information available to anyone on the internet. With shared links exposing massive amounts of data, organizations need to right-size access, which is not a simple process because of the rapid growth of information gen AI tools produce.
Generative AI is not only going to surface data for you and make you work more intelligently; it’s going to create data. And that data is going to be created at a much faster scale than any person can create it. It’s important to understand what these challenges are and how we can start to resolve or mitigate these risks to increase productivity.
-
The power of data security posture management
With data everywhere and continuously growing, it’s important to know where to focus. Where does your most prized data reside, how is it used, and how will you protect it?
The emergence of data security posture management (DSPM) promises to help organizations answer these questions and better identify business risks in the cloud.
At Varonis, the philosophy of DSPM has been baked into our mission since day one. And unlike other DSPM vendors, we go beyond just finding risks — we fix them.
We need to find sensitive data, but that’s not really solving anything if we are just able to find it. It’s important to understand where you’re focused on solving this, especially with there being a lot of market hype. Understand the solutions you’re looking at and marry the outcomes that you’d really like to achieve at the end of the day.
When choosing a DSPM vendor to work with, ensure their solution addresses the three dimensions of data security: sensitivity, exposure, and activity. If any of these facets are missing, it’s hard to make much progress with securing data, and it becomes impossible to automate.
-
Ransomware and other threats that keep you up at night
In addition to being aware of new tools and regulations, organizations have to contend with cyber threats, increasing incidents, and data breach trends that are heading in the wrong direction. Achieving a better signal-to-noise ratio is paramount.
With the average cost of a ransomware recovery nearing $2 million, ransomware continues to be a top concern for many organizations. With the popularity of RaaS growing, companies and organizations of all shapes and sizes should be well-versed in reducing the chances they’ll be victimized by a ransomware attack.
And AI’s productivity capabilities aren’t only being adopted by internal teams — attackers are taking advantage of artificial intelligence as well. A novice threat actor can become a sophisticated attacker in a matter of minutes just by using the new technology.
Waiting for a cyberattack to occur before getting your data protection efforts in order will place in a difficult situation. Right-sizing access controls now can help organizations limit the likelihood of a massive impact later.
The controls that AI providers put in place aren’t always sufficient. Productivity tools are an attacker’s and insider threat’s greatest tool as well, making it easy to gain access and analyze any data that a user has access to.
We don’t know what the next zero-day is going to be. We don’t know what the next APT is going to be. While the means change, it’s always about the data. If we protect the data where it resides, we have a much better position on being able to lower that impact and ultimately protecting the organization.
With data stored in a plethora of places, Varonis recommends that companies answer the following questions to get a clearer picture of their threat detection and response capabilities if a breach were to occur.
- Can I detect sophisticated attacks?
- Can I investigate and recover quickly?
- Can I protect cloud and on-prem data?
- How are we going to minimize the impact on our organization?
- Do we have the right processes, tools, and technologies to help us achieve our goals?
As you look at the triad of identifying sensitive data, look at the permissions and the activity around that data itself. Really double down on this; investigate where all your critical data is, not just in these silos. You need to be able to expand across your entire organization.
-
Achieving better data security
The trends we expect to see next year cover a wide range of use cases, but ultimately security teams need to increase visibility into their organization’s data to effectively reduce their blast radius.
The Varonis Data Security Platform continuously discovers and classifies critical data, removes exposures, and detects advanced threats with AI-powered automation. As a result, our customers can drastically reduce the likelihood of a data breach, all without manual effort.