In the initial half of 2023, Italy experienced a concerning surge in successful cyber-attacks, witnessing a 40% increase compared to the corresponding period in the previous year. This negative scenario, which already emerged in 2022, persists also throughout the first half of 2023. Looking at the picture from a quantitative point of view, in the last 5 years the situation has clearly worsened, following an almost constant trend. Comparing the number of attacks detected in the first half of 2018 with those in 2023, the growth was 86% (rising from 745 to 1,382). During the same period, the monthly average number of serious attacks increased from 124 to 230, translating to nearly 8 per day. Beyond the heightened frequency, the impacts of these attacks have intensified, with the estimated severity index steadily on the rise, acting as an additional multiplier amplifying the overall damage. This is what emerges from the latest Clusit Report 2023.
As we approach the conclusion of 2023, a crucial question arises: how has the second half of the year unfolded, and what can be anticipated for the cybersecurity landscape in 2024?
At the core of this discussion lies a fundamental element that demands attention: prevention. Many organizations are at risk every day and investing in cybersecurity – both at the individual and corporate level – is vital because it makes it possible to counter attacks that, without the right tools, would be successfully perpetrated. Successful cyber-attacks, in fact, can cause significant damage to companies: we are not just talking about major financial losses, but also business continuity disruptions, damaged reputations, damage to customers whose data has been leaked to the dark Web, and, in certain sectors, even threats to people’s health.
Cyberattacks in the industrial sector are anticipated to persist, fuelled in part by factors such as international conflicts. Consequently, both organizations and governments will find themselves facing a highly intricate scenario. Compounding this complexity is the growing pressure on security teams, intensified by a global shortage of cybersecurity professionals.
Looking ahead, here are our cybersecurity predictions, foreseeing the principal security challenges that will accompany the new year.
OT systems: an increasingly central role
In recent years, OT systems have undergone significant evolution. Originally, the applications, protocols, and firmware of OT devices were not designed to be connected. Consequently, security and data integrity measures, including traffic authentication and encryption systems, were not initially integrated and have only recently gained prominence. Complicating matters, the life cycle of these devices spans several decades, resulting in the persistence of outdated, unprotected devices within our networks which are very difficult to manage from a security point of view – all this without mentioning the organizational, governance, and process-related challenges.
The OT sphere is still perceived as marginal within organizations, but the upcoming years will see a heightened centrality for OT systems. Consequently, there is a growing need to ensure their adequate protection. Indeed, there will be a surge in attacks on these systems, with potential far-reaching social impacts. Such cyber-attacks not only jeopardize the information assets of a company, but also pose risks to the physical and mental well-being of individuals working in a plant, or of a population in a whole geographic area if we think of energy or water distribution plants.
This paradigm shift necessitates a more robust approach to protection, with an expected increase in investment in industrial cybersecurity and a revolution in supply chain security.
In addition, attackers will increasingly leverage IoT devices as vehicles for their malicious activities. This will happen in two ways: firstly, within botnets — networks of compromised devices, often referred to as “zombies.” Attackers will use these botnets to carry out attacks on third parties, thereby expanding the impact of their actions. Secondly, attackers will employ IoT devices to establish a “persistent” presence within a client’s network. Moreover, IoT devices, including cameras, access control systems, video conferencing and unified communication systems, and many others, fall outside the traditional IT management. Instead, they reside within the realm of “shadow IT,” constituting systems connected to the corporate network but managed by third-party departments, such as those overseeing physical security or building management, especially in the context of building automation systems.
Attackers are aware that such devices are less controlled than ordinary PCs or servers from a cybersecurity standpoint. Furthermore, due to their less sophisticated nature, they are easier to compromise, use to stay within the corporate network, study its characteristics, and provide the necessary information for orchestrating activities such as data exfiltration or initiating a ransomware attack. Certain themes, well-established in the corporate IT landscape, will assume paramount importance in the coming years. These include device lifecycle management, addressing vulnerabilities through effective patch management, and implementing robust identity and privileged access management protocols.
Critical sectors, where IT and OT technologies converge, face an elevated risk of cyberattacks, as malicious actors frequently target entities within these industries. Considering these risks, the adoption of the new NIS 2 Directive assumes a pivotal role: through this directive, the European Union aims to improve cybersecurity within its perimeter by promoting high standards, which are extended to new stakeholders. The goal is to safeguard digital infrastructures from cyber threats, ensuring the security of personal data belonging to European citizens. This initiative not only encompasses the most critical companies and institutions but also extends its protective measures to the associated supply chain.
Smart mobility & smart city: the cities of the future getting smarter and smarter
Smart, connected, secure, sustainable: cities are undergoing a period of great transformation, integrating digital technologies. In this era of evolution, innovation and security emerge as twin pillars crucial not only for the protection of citizens but also for facilitating the growth and technological advancement of the entire ecosystem.
The cities of the future will bring with them many benefits, but also new risks. Indeed, we will see an increase in cyber-attacks in this area. The evolution of increasingly connected cities, in fact, inevitably brings to the forefront the issue of cybersecurity and the crucial need to protect essential services from potential cyber-attacks.
Beyond traditional utilities like electricity and water, the focal points of cyber-attacks are expanding to include public transportation and smart mobility infrastructure. A paradigm shift is therefore essential, emphasizing the importance of contemplating the security of these ecosystems from their design rather than addressing vulnerabilities once they are already active on our roads. To date, in fact, there are security aspects that have either been overlooked or inadequately implemented.
Cloud Native: containers and microservices
The essence of being cloud-native lies precisely in designing platform-independent applications that can run seamlessly on any cloud infrastructure, in a portable and granular manner. To realize a cloud-native architecture, a mix of diverse technologies and management tools is imperative. In 2024, more and more companies will convert old applications to new ones, leveraging containers and microservices to foster evolution. Currently, there is still a skill gap regarding cybersecurity for all that is related to the container landscape — from ensuring secure development practices to dynamic certificate management.
More targeted attacks are expected. Companies will invest in large, innovative projects, but some of these may falter due to a lack of system resilience. At that point, the subsequent costs associated with implementing security measures and ensuring platform compliance will be prohibitively high. Therefore, a secure-by-design approach is paramount for any new cloud implementation in order to prevent any attacks from compromising projects and investments.
The impact of AI in security operations centers (SOCs)
The design and management of a SOC is one of the most critical factors within organizations: highly specialized skills and capabilities, continuous training and updates for team members are essential elements for a SOC to effectively navigate the evolving landscape of new threats and increasingly intricate cyber-attacks.
In 2024, a notable surge is anticipated in the number of new companies providing SOC services. Few organizations will be able to integrate AI to have more efficient and more scalable SOCs, with generative algorithms intended to transform decision-making, business communication, and threat management. This evolution promises to streamline existing processes, heighten detection capabilities, and automate threat hunting activities. In the medium term, this integration of AI is expected to gradually replace lower-level analysts, allowing them to redirect their focus towards higher value-added activities.
In fact, artificial intelligence is playing an increasingly important role in cybersecurity, acting as an impressive tool to identify and thwart cyber-attacks. The use of AI in cybersecurity facilitates the practical and effective handling of a multitude of threats. In the same way, however, not only companies will use artificial intelligence but also cybercriminals to develop and deploy increasingly sophisticated attacks.
Cybercrime is increasingly prevalent, and breaches have significant consequences for everyone, but the cybersecurity community can effectively counter threats. Collaborative efforts between the public and private sectors, the implementation of standardized incident reporting measures, and the cultivation of a corporate culture cantered on cyber resilience stand out as key strategies. Organizations also play a pivotal role in countering cybercrime, through cybersecurity training programs aimed at bridging the skills gap and the sharing of threat information for a more timely and effective response.
#WeMakeYouCyberSafe, discover our solutions!