Week Ending: January 13, 2024

Cybersecurity is a constantly evolving field that requires staying on top of the latest developments, threats, and best practices. In this blog post, we will summarize some of the most important news, trends, and tips on cybersecurity that happened between Jan 7 and Jan 13, 2024.

News

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches¹: Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. An unauthenticated, network-based attacker could exploit this flaw to cause a denial-of-service (DoS) or RCE and obtain root privileges on the device. Users are advised to apply the patches as soon as possible or disable J-Web or restrict access to only trusted hosts as temporary workarounds.

Tenable Cyber Watch: See What Tenable Experts Predict for Cybersecurity in 2024²: Tenable, a leading provider of vulnerability management solutions, has published a video series featuring its experts’ predictions for cybersecurity in 2024. Some of the topics covered include zero trust, ransomware, cloud security, supply chain attacks, and artificial intelligence. The videos offer insights and recommendations on how to prepare for the emerging challenges and opportunities in the cybersecurity landscape.

Five cybersecurity trends for 2024 - Capgemini³: Capgemini, a global leader in consulting, digital transformation, technology, and engineering services, has identified five key cybersecurity trends for 2024. These are: zero trust goes mainstream, ransomware becomes more targeted and sophisticated, cloud security becomes a shared responsibility, supply chain security becomes a priority, and artificial intelligence enhances cybersecurity capabilities. The report also provides guidance on how to adopt these trends and leverage them for business advantage.

7 cybersecurity predictions to look out for in 2024 - MSN⁴: MSN, a web portal and related collection of internet services and apps, has shared seven cybersecurity predictions to look out for in 2024. These are: cyberattacks will increase in frequency and severity, cybercriminals will target critical infrastructure and healthcare, cybersecurity skills gap will widen, cybersecurity regulations will evolve, cybersecurity awareness will improve, cybersecurity innovation will accelerate, and cybersecurity collaboration will strengthen. The article also provides tips on how to protect yourself and your organization from cyber threats.

Trends

Zero trust: Zero trust is a security model that assumes no trust in any entity, whether internal or external, and requires verification for every request and transaction. Zero trust is becoming more mainstream as organizations realize the limitations of traditional perimeter-based security and the need to protect their data and assets from insider threats, compromised credentials, and sophisticated attacks. Zero trust involves implementing principles such as least-privilege access, micro-segmentation, multi-factor authentication, continuous monitoring, and encryption.

Ransomware: Ransomware is a type of malware that encrypts the victim’s data and demands a ransom for its decryption. Ransomware is becoming more targeted and sophisticated, as cybercriminals use advanced techniques such as double extortion, data exfiltration, and ransomware-as-a-service to maximize their profits and pressure their victims. Ransomware is also targeting critical sectors such as infrastructure and healthcare, posing a serious threat to public safety and national security.

Cloud security: Cloud security is the practice of securing cloud-based data, applications, and infrastructure from cyber threats. Cloud security is becoming a shared responsibility, as cloud providers and cloud customers need to work together to ensure the security and compliance of their cloud environments. Cloud security involves implementing measures such as identity and access management, encryption, firewall, backup, and audit.

Supply chain security: Supply chain security is the practice of securing the entire supply chain of an organization, from its suppliers, vendors, partners, to its customers. Supply chain security is becoming a priority, as cyberattacks on the supply chain can compromise the integrity, availability, and confidentiality of the products and services delivered by the organization. Supply chain security involves implementing measures such as vendor risk management, third-party audits, secure development, and incident response.

Tips

Adopt a zero trust approach: Implement a zero trust strategy for your organization, by applying the zero trust principles to your network, data, devices, and users. Use tools and technologies that support zero trust, such as identity and access management, micro-segmentation, multi-factor authentication, continuous monitoring, and encryption.

Prepare for ransomware: Implement a ransomware prevention and response plan for your organization, by following the best practices such as backup, patching, awareness, and detection. Use tools and technologies that help you prevent, detect, and recover from ransomware, such as antivirus, firewall, backup, and decryption.

Secure your cloud: Implement a cloud security strategy for your organization, by following the shared responsibility model and the cloud security best practices. Use tools and technologies that help you secure your cloud, such as identity and access management, encryption, firewall, backup, and audit.

Protect your supply chain: Implement a supply chain security strategy for your organization, by following the supply chain security best practices. Use tools and technologies that help you protect your supply chain, such as vendor risk management, third-party audits, secure development, and incident response.