Palo Alto Networks’ Cybersecurity Forecasts for Asia Pacific in 2024
Palo Alto Networks, the global cybersecurity leader, today released its 2024 cybersecurity predictions for Asia Pacific – 5 key insights from industry leaders to help organisations ensure a secure future.
2023 saw organisations witness unprecedented levels of cybercrime. Palo Alto Networks unveiled that in 2023 one-third of Malaysian organisations recorded a 50% surge in disruptive cybersecurity incidents. Cybercriminals have used ransomware to target critical infrastructures and found novel techniques to exploit emerging technologies like generative AI to ill-effect.
Understanding the cybersecurity developments and outlook for 2024 is especially important for organisations to get ahead of modern cyber attackers. Keeping in mind that by 2025, Malaysian GDP is expected to see a contribution of 22.6% from the digital economy. As digital technologies become intertwined with everyday life and business activities, the potential consequences of cyber threats on the country’s economic landscape are significant. With stakes higher than ever, organisations need to take a holistic approach – accounting for macroeconomic factors, emerging technologies, and cloud risks among others.
Ian Lim, Regional Chief Security Officer, Palo Alto Networks, said, “In 2023, we’ve seen mature organisations, who invest heavily in cybersecurity, still falling victim to debilitating cyberattacks. This is due to the tenacity and ingenuity of attackers who exploit cyber hygiene issues or find novel ways to compromise legacy defences. Another key reason for these breaches lies in the complexity of security capabilities in most modern organisations. They use an average of 31.58 disparate security tools to protect their highly interconnected and innovative environments. The lack of correlation and the level of noise generated by these tools creates immense visibility gaps and dampens their ability for detection and response.”
He added, “Going into 2024, highly motivated cybercriminals, nation-state attackers and hacktivists will continue to innovate, expand and exploit – not much we can do to slow that down. However, we could and should definitely address the complexity of our security capabilities with AI to make them more effective and cost-efficient.”
Here are the five cybersecurity trends to watch out for in 2024:
1.Hacktivism: the modern crusade
2023 saw numerous instances of broadcast events being disrupted by climate activists. This year, this protest could take the shape of a cyber-first campaign. With significant events like the Olympics, the Euros, and regional elections coming up, hacktivists will look to further their cause to audiences in the millions. Previously, a high level of technical expertise was necessary, but the cybercrime-as-a-service model has lowered this threshold. Now, it only takes an extremely motivated activist with sufficient funds.
Tumultuous geopolitical climate will provide opportunities for hacktivists to gain notoriety for their group and sympathy for their cause. Most hacktivist activity is via Distributed-Denial-of-Service (DDoS) attacks. Last year, these hacktivism activities have even prompted government bodies such as NACSA, the Malaysia National Cybersecurity Agency to warn the public of a surge of cyber activities focusing on DDoS, from parties that may have geopolitical agendas.
In 2024, organisations should evaluate their risk profile according to the evolving threat landscape and ensure coverage not only for financially motivated attacks but also for hacktivism and nation-state attacks.
2.AI’s role in cybersecurity will evolve, for good and bad
Since ChatGPT’s launch in October 2022, there have been concerns worldwide regarding its potential to democratise cybercrime. Despite having guardrails to prevent malicious applications, a few creative prompts can get ChatGPT to generate near-flawless phishing emails that sound “weirdly human” at an immense scale. We’ve seen attackers use Gen AI in novel ways like deepfake and voice technology to scam banks out of millions. Companies adopting Gen AI must be wary of the vulnerabilities of model poisoning, data leakage, prompt injection attacks, etc. Attackers will continue to exploit innovation gaps with the increased use of Gen AI for legitimate use cases.
Hence, one of the AI Cybersecurity trends we expect to see in 2024 is the maturation on how we protect enterprise-level use of Gen AI. This involves making sure that security controls, vulnerability management and threat monitoring activities are embedded throughout the entire lifecycle of AI development projects. Gen AI will further embed itself into cybersecurity capabilities. Its ability to summarise, weed through noise, and give concise summaries of security events is far greater than a human analyst’s (especially at the scale a modern SOC operates). With LLMs getting better by the day, we are bound to see more sophisticated applications that move beyond just being a clever and occasionally hallucinating chatbot.
3.Operational technology will remain the low-hanging fruit
Operational Technology is the heart of any industrial organisation. As the primary generator of revenue, OT systems must have a high level of cyber maturity. However many organisations still believe OT environments are protected by an air gap, whereas IT/OT convergence has resulted in OT being more connected than ever to IT and also, in many cases, to the cloud. This has expanded the attack surface and greatly increased the risk to OT networks, without the investment in cyber controls.
A breach of OT systems can not only result in lost revenue but also potentially, injuries or loss of life. A cyber-secure OT environment is also a safe and reliable OT environment. A Zero Trust architecture will protect the most critical OT systems from threats while allowing organisations to focus on their digital transformation. 2024 will see organisations invest in OT cyber security maturity to protect their most important business systems and manage the increased risk to an acceptable level.
4.Consolidation to enable the next frontier in cybersecurity
Palo Alto Networks Unit 42’s Cloud Threat Report (Volume 7) found that on average, security teams take approximately 6 days to resolve a security alert, with 60% of organisations taking longer than 4 days. In a threat landscape where attackers only require a few hours to find and exploit vulnerabilities, 4-6 days is just way too long. Organisations with disparate security tools that are not well integrated have a harder time deploying automation and orchestration. This is a major setback to reducing the mean time to detect and the mean time to respond.
In addition to the lacklustre threat response, organisations with siloed solutions are having a hard time securing their rapid digital transformation initiatives. Alongside macroeconomic headwinds and workforce challenges, enterprises are looking to consolidate their vendor spread and reduce complexities.
Put simply, it is way easier to manage the cybersecurity stack if there is one point of contact when a crisis inevitably strikes. Over the long term, it reduces costs and yields better results. This is thanks to the increased visibility and seamless integration that comes with a unified security offering. More organisations are waking up to these benefits and thus 2024 will see customers focus on reducing complexities and turning to consolidated cybersecurity stacks.
5.Securing multi and hybrid cloud will be a focus
Per the State of Cybersecurity 2023 survey, reliance on the cloud is viewed as a key cybersecurity challenge for organisations in Malaysia, with 52% adjusting their cybersecurity strategy to adopt cloud security. As part of the Digital Economy Blueprint and MyDigital initiative, Malaysia has forged strategic partnerships with leading cloud service providers (CSPs) and invested heavily in hyper-scale data centres. These efforts reflect the government’s commitment to rapidly establish a robust digital infrastructure, as outlined in the initiatives launched in 2021.
Early adopters of cloud typically start with a single hyperscaler. Naturally, the single cloud model would adopt native security tools from their chosen Cloud Service Provider (CSP). Through the course of time they experience issues and outages that can only be addressed by adopting a multi or hybrid cloud strategy. This multi-cloud journey would most likely necessitate a review on their existing cloud security paradigm as native CSP security tools do not seamlessly translate to different CSPs.
In 2024, organisations that have to contend with multi or hybrid cloud projects would move to establishing a more unified approach to security when dealing with more than one cloud provider. Rationalising cloud security tools across the entire development lifecycle will also be a focus as this provides much higher visibility, correlation and security monitoring.