From Artificial Intelligence (AI)-driven phishing attacks to why enterprise IT teams need to be wary of new-starters, here are five key trends that we predict will influence cybersecurity and Data Loss Prevention (DLP) decision-making in 2024.
1. The endpoint becomes the critical threat vector for data loss
More than 70% of data loss incidents originate on employee endpoints – largely because IT investment and focus have been directed towards where data lives (the cloud) rather than where it’s lost (the endpoint). After several years of heavy investment in cloud security, 2024 will see attention turn to the endpoint as the number one threat vector for data loss.
What does this mean for cybersecurity teams?
When evaluating the risks of data loss, IT professionals must expand their focus beyond just protecting where their data lives, and look to also protect the exit points that leak data. Primarily, this comprises endpoint exit points including email, enterprise messaging, cloud uploads, printers, removable storage, Bluetooth connections, and more.
Recommendation
Solutions designed to protect cloud assets are unlikely to offer much protection at the endpoint. They also have no reliable method of control if the endpoint goes offline. Organizations should evaluate potential endpoint-based data loss use cases and look to invest in additional endpoint-based DLP solutions to augment their existing data loss strategies.
2. Endpoint Detection and Response (EDR) will need help to combat AI-driven phishing attacks
AI will make phishing attacks increasingly difficult to combat due to its ability to mimic human behavior and adapt tactics to the intended target. Advanced phishing attacks already employ AI-generated content to create deceptive emails that closely resemble legitimate workplace communications, potentially duping targets into divulging sensitive company data. As AI evolves in 2024, these attempts will become ever more sophisticated, increasing the risk of data loss incidents.
What does this mean for cybersecurity teams?
AI-driven phishing attacks on enterprises may begin to evade traditional rule-based detection systems and EDR deployments. Detection-only models will become ineffective, and organizations will require a more sophisticated defense approach that combines not only improved detection but also DLP to identify and block the unauthorized sharing of data following an undetected – but successful – phishing attempt on an employee.
Recommendation
Review your DLP programs and test policies against the most common exit points for phishing-related data loss (e.g., email); not only for file attachments, but also sensitive data included in the email body text.
3. New starters put their employers at risk of lawsuits
2023 showed us that it’s still all too easy for employees to exfiltrate valuable intellectual property (IP), and other sensitive data when they leave a business. Often, the theft goes undetected, but, last year, organizations started to realize the damage of such incidents. In fact, several lawsuits were filed by companies against the new employers of ex-employees. One example was Valeo, which filed a lawsuit against NVIDIA after one of its former employees allegedly took 6GB of data with them and downloaded it to their new NVIDIA laptop. Cybersecurity teams rightly focus on data loss, but, in 2024, unauthorized data ingress will become equally important.
What does this mean for cybersecurity teams?
Cybersecurity teams need to be aware of the data that new employees bring with them. Typically, there’s no malice behind the new employee’s actions. It’s simply a desire to keep hold of data that could benefit them in their new role. Perhaps a list of potential sales contacts, or, simply, some examples of their work they’d like to keep for reference. However, legal precedents have now been set, with lawsuits claiming commercial benefits have been gained from the data.
Recommendation
The portability of data (e.g., through removable media or personal file-sharing accounts) makes it easy for new employees to bring data with them and download it to their laptops. Review existing security tools and deploy controls to restrict the ingress of data on new-starter endpoints (e.g., restricting the use of removable media or access to common file-sharing services). Perform routine scans on employee endpoints using content aware discovery to identify potentially sensitive data-at-rest (e.g., financial data, PII, IP, source code).
4. macOS surpasses 25% enterprise market share
The share of macOS in the enterprise has grown rapidly over the past few years, and will continue to do so in 2024 In fact, IDC forecasts 20% growth for the period 2023-2024. This shift was accelerated by Apple’s move to its own silicon M-series chips, which has delivered improved performance and security. In fact, a year-long trial by Cisco across its own workforce in 2023 revealed that Macs were less vulnerable to cyber threats and required less IT-admin support, making them less expensive over time.
What does this mean for cybersecurity teams?
macOS is no longer an afterthought for enterprise IT teams. Unfortunately, many of the large platform cybersecurity solutions used by enterprises were originally designed for Windows devices and ported to macOS. This can leave gaps in protection, with poor feature parity between policies built for Windows and those for macOS.
Recommendation
Organizations must look to invest in solutions built from the ground up for the operating systems they need to protect. This improves feature-parity between policies, ensures OS-specific applications are protected, and that new OS releases are supported on day one.
5. Sensitive data at greater risk as companies figure out the hybrid work model
Many companies announced return-to-work mandates in 2023, choosing to adopt a more flexible, hybrid model with time shared between office and remote locations. So, while the levels of remote work certainly aren’t at the heights seen during the COVID-19 pandemic, the challenges of safeguarding sensitive data will remain.
What does this mean for cybersecurity teams?
One challenging byproduct of the remote work boom of 2020 is that sensitive data has never been more accessible or distributed. A more mobile workforce and an explosion in productivity and collaboration software mean greater opportunities for sensitive data to be shared beyond organizational controls.
Recommendation
In a hybrid work model, with employees jumping between locations, networks, connectivity states, and apps, the endpoint is the only true constant. Organizations should assess their existing security strategy to audit its effectiveness in applying DLP capabilities at the endpoint level. Gaps (e.g., the ability to stop data from being exfiltrated while an endpoint is offline or to identify and block unstructured data being shared through messaging apps) should be filled with endpoint-specific solutions.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.