Unusual, thought-provoking predictions for cybersecurity in 2024

Read Time:3 Minute, 43 Second

This is part one of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking and provocative and to encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog.

Entering 2024 brings us well into the third decade of the new millennium.

Do you recall how tentatively and maybe naively we approached the year 2000, otherwise known as Y2K? We stressed over two bytes in COBOL programs and regression tested every line of code to ensure our systems were ready to go at midnight on January 1, 2000. The clock struck 12, and the world breathed a collective sigh of relief – we survived the predicted digital disaster.

And just like that, off we went – to create web, mobile, and cloud apps, to turn embedded software into the Internet of Things (IoT), and to democratize computing in a way that was only a dream just 23 years ago.

With massive shifts and changes in computing in the wake, it’s time to ask: where are we going in 2024, and what cybersecurity opportunities and challenges lie ahead?

Maturing the industry: It’s the business that matters.

Cybersecurity is not about fear, uncertainty, and doubt (FUD). It is about delivering business outcomes such as boarding a plane quicker to mitigate flight delay penalties, heating or cooling my house efficiently to manage energy consumption in various climates, or reducing waste in manufacturing to minimize product recalls.

Notice there was no mention of security, data, network, coding, or anything remotely IT-centric or technical in the stated business outcomes above. We must aspire to this when thinking about our businesses and cybersecurity. It must be about the business first, advancing the customer experience, and removing friction.

Cybersecurity is now a business requirement. For cybersecurity to be part of business planning, cybersecurity teams need to become members of the business teams.

Over the past three years, the cybersecurity market has rapidly matured. We are in the midst of market consolidation, with individual point products being acquired and integrated into platform offerings. These platform offerings will continue to evolve by acquiring smaller vendors, partnering, and innovating.

The platform vendors clearly see the need for cybersecurity to be a part of the business conversation and want to act as a business partner and trusted advisor, not merely a product provider.

Cybersecurity budgets are changing, creating an approach to get funding differently.

This year, our research revealed an unexpected change: money is being redistributed as computing moves closer to the data source. Our respondents reported they are investing in new computing development – in this case, edge computing – in a way that’s different from what we’ve seen in the past. They are proactively investing in strategy and planning, the network, application development, and security to create a balanced, collaborative ecosystem.

The big surprise isn’t a new secret weapon or killer application. The surprise is what’s needed: a new way of thinking about resource allocation. You’ll still need your usual hardware, software, storage, and security buckets. How you balance those expenses is what’s different.

As computing moves closer to the data source, every deployment should contribute to the bottom line. By working closely with your business partners, I believe business leaders will be able to identify how to cost-justify use cases that include investments by IT.

Cybersecurity-as-a-service (CSaaS) will help organizations do more with less.

In 2024, expect the continued maturation of the cybersecurity business, and platform vendors embrace the idea of delivering on cybersecurity-as-a-service. The tooling companies of yesterday want to be today’s business partners. There is far more value in the relationship of being a business partner vs. being a provider of a technology solution that becomes commodified. Platforms are critical to a business, while tools are tactical to help at a given time.

Watch for traditional cybersecurity product vendors to enter the consulting or managed security services market. These platform vendors will offer specific and targeted services with other closely aligned vendors. Platform vendors will form alliances with startups that offer new technology to complement the platform. Organizations of all sizes and types are seeking an extension of their cybersecurity teams, and services from a trusted vendor are the next step.

Stay tuned for part 2: Cybersecurity operations in 2024: The SOC of the future, tomorrow!

Read More

Adobe ColdFusion Access Control Bypass (CVE-2023-26347, CVE-2023-38205)

Read Time:46 Second

What is the vulnerability?
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by Improper Access Control vulnerabilities that could result in a Security feature bypass. According to the National Vulnerability Database (NVD), exploitation of this issue does not require user interaction. Exploitation of the vulnerabilities could give attacker access to the ColdFusion Administrator (CFM and CFC) endpoints.

What is the Vendor Solution?

Adobe released patches for the security bypass flaws in June 2023, find more information on CVE-2023-26347 at the following reference:
[Link]

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “”Adobe.ColdFusion.IPFilterUtils.Authentication.Bypass” in place for CVE-2023-26347, CVE-2023-38205 since Aug 2023 and Endpoint Vulnerability signature to detect any vulnerable systems.

FortiGuard Labs recommends companies to scan their environment, find vulnerable Adobe ColdFusion servers, and upgrade as per vendor advisory and always follow best practices.

Read More