December 2023 - A Look Ahead to 2024

As the calendar turns to 2024, cybersecurity professionals have a lot on their plate as they handle all of the challenges they had to deal with in 2023.

But as everyone in the security space knows, nothing ever stays static. A whole new slate of developments will arise in the coming year, and no one truly knows what will happen in the weeks and months ahead.

Still, it’s worth taking a look at what could be making waves. Here are some of the major topics BlackCloak thinks will make headlines in 2024, as well as some helpful tips to ensure you start the year securely.

First Things First, Secure Those IoT Gifts

As the holiday season comes to a close, there’s a good chance that either you, or your loved ones, received an internet of things device as a gift.

Internet of things devices have sensors in them designed to exchange data with other devices through the internet. These can include any type of “smart” device you may have seen, such as an Amazon Alexa or a Ring doorbell.

IoT devices are cool and can offer a lot of convenience, but it’s not a good idea to just install the device as quickly as possible.

A lot of IoT devices do not have the strongest security measures in place right out of the box. Don’t assume the device will be secure by default, as ignoring those security settings could leave your device vulnerable to bad actors.

Take the time to ensure each IoT device is set up properly. If you don’t, you run the risk of having 2024 start off on the wrong note.

Meta Rolls Out Default End-to-End Encryption for Facebook Messenger

Meta announced at the end of 2023 it would be rolling out end-to-end encryption for all messages and calls sent through Facebook and Messenger.

While users had the ability to turn on end-to-end encryption since 2016, the notable development here is that this capability will be turned on by default. Meta has outlined how it will implement end-to-end encryption on its Engineering page.

Meta has faced a slew of privacy and security concerns over the years, but the decision to implement end-to-end encryption on Messenger has been met with praise, although some concerns still remain.

For example, the Electronic Frontier Foundation applauded Meta’s announcement, but acknowledged it has questions regarding the handling of metadata and backups.

The rollout will begin over the coming weeks and months, and it will be worth keeping an eye on to see whether these issues, if any, arise.

CISOs On Guard Following SolarWinds Charges, Clorox Firing

Chief information security officers already face a litany of challenges, ranging from a talent shortage in the field to keeping abreast of new and developing cyberattacks.

Now, they have to stay as sharp as ever following a couple of notable developments. The SEC filed charges against SolarWinds and its CISO, Timothy Brown.

Brown and SolarWinds have been charged with fraud and internal control failure after they were accused of misleading its investors by overstating the company’s cybersecurity practices and “understating or failing to disclose known risks.” This came to light after it was discovered that SolarWinds had been the victim of a two year cyberattack.

A few weeks later, Colorox fired its CISO, Amy Bogac, after the company experienced a cyberattack of its own.

CISOs already have plenty of plates to spin. Now, they have to ensure every single part of their operations are sound, because not only are their jobs potentially at stake, but legal action could be taken against them as well if their actions are not on the level.

Verizon Data Disclosure Points to Potentially Dangerous Trend

The FBI launched an investigation into a man who was able to trick Verizon into turning over phone data belonging to another person.

The scheme wasn’t terribly complicated. The stalker claimed, via email and phone call, that he was a police officer. Verizon fulfilled the data request, turning over the victim’s phone logs and address to the stalker.

Perhaps it’s the simplicity of the scam that makes it alarming. Verizon is a massive, Fortune 100 company, and it fell for a rudimentary scam. The company apparently made no effort to verify whether the person who made the request was an actual police officer, and thus put an innocent person in danger.

Security professionals should take notice of this incident and develop strict practices for verifying and fulfilling data requests, if they haven’t done so already.

If not, data requests could be abused and customers may unknowingly be at risk of having their information landing into the wrong hands.

As we’ve seen, security professionals could face punishments for organizational failures, which is why the beginning of the year is as good a time as ever to review security practices and set themselves up for a strong 2024.

The Rise of Passkeys Offers a Positive Signal for the Future

When you think about logging into an online account, the first thing that probably comes to mind is your password.

Passwords have been the primary tool for logging into online accounts for years now, and while there have been efforts to better protect these important items, a better, more secure option is on approach.

If you are not familiar with passkeys, you should take the time to become acquainted. Passkeys are a pair of cryptographic keys that are produced by an authenticator, which could be your smartphone or a password manager.

One of the keys is public, while the other is private. When logging in, the authenticator will produce the public key for the server you are interacting with, and the server in turn will contact the authenticator’s private key, which it will respond to and allow you to complete the process of logging in.

The best part is the website will never know who logged in. Your login attempts can’t be traced back to you, offering a better level of security passwords can’t necessarily provide.

Apple and Google have only just started to tap into passkeys, and it’s not unreasonable to expect the technology to gather momentum in the year ahead.

The advent of passkeys offers everyone an important tool that can help better protect our online accounts and sensitive personal information, and in a time where cyberthreats continue to evolve, it’s heartening to see tools that can help everyone be all the more secure.