While overwhelming, it is critical to stay ahead of the game when dealing in cybersecurity. So with 2024 now in full swing, it’s time to look ahead at what might drive the field throughout the next 12 months. If some of the latest industry news tells us anything, it’s that a focus on healthcare, industrial supply chains, AI, and OT will certainly be behind the wheel.
As we have seen in the manufacturing space, digital connectivity and IoT has brought about both transformative benefits and an expanded threat landscape. The same has unfolded in the healthcare sector. In 2023 alone, cyberattacks impacted organizations such as the Tennessee-based firm Ardent Health Services and a hospital chain in California.
With the growing prominence of this trend, it has been reported that the Biden administration plans to issue new cybersecurity requirements for hospitals. According to The Messenger, the Centers for Medicare & Medicaid Services are helping to craft rules that call for hospitals to establish “digital security defenses in order to receive federal funding.” These include solutions such as multi-factor authentication and programs designed to address software vulnerabilities.
The cybersecurity lens will also continue to focus on the industrial sector, particularly OT and supply chains. Like with healthcare, cybersecurity risk is no longer a new topic within this realm. It is just an increasingly present one. Recent research shows that “Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology (OT) than ever before,” as Robert Lemos writes for Dark Reading. Many cases stemmed from direct OT impact or through IT systems that were connected to OT. For example, a slate of water facilities across the U.S. were the target of a larger cyberattack campaign attempted in late November.
In heightening attention on industrial settings, the topic of securing supply chains also comes up. In other research, the relationship between cybersecurity and supply chain risk management was examined. When looking specifically at the defense sector, analysts concluded that the potential damage to defense industrial products caused by a cyber incident was far worse than other risks. Understanding the rising magnitude of risk, the Defense Department has published its proposed regulations for the Cybersecurity Maturity Model Certification (CMMC), a program created for contractors to meet certain cybersecurity demands.
Alerts and AI
Whether in healthcare, defense, or industrial facilities, more regulations and requirements coming out also mean that more clarity is necessary on how to fulfill them. Security advisories and alerts have come up against this challenge. According to Cyberscoop’s Christian Vasquez, computer security researchers argue that alerts, especially those informing stakeholders of nation-backed exploits, “often lack key information, causing delays in addressing them.”
Officials are warning that AI is breaking down the boundaries to cybercrime, making it easier for those with and without extensive technical knowledge to conduct attacks. Therefore, it is critical moving ahead that operators are prepared to prevent issues before they occur and know how to fix them in the event that they do.
- “After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding” – Eric Geller, The Messenger
- “Ransomware, Data Breaches Inundate OT & Industrial Sector” – Robert Lemos, Dark Reading
- “Cyber risks to defense industrial supply chains are ‘substantially worse’ than other concerns” – Anastasia Obis, Federal News Network
- “Researchers want more detail on industrial control system alerts” – Christian Vasquez, Cyberscoop
- “AI advances risk facilitating cyber crime, top US officials say” – Luc Cohen, Reuters