chat
expand_more

A Vision for a New Era of Cybersecurity: 5 Lessons Learned from Vision 2024

Discover what you missed at Vision 2024 with insights from our investors, partners, and email security experts and learn how to watch the entire conference on demand.
January 16, 2024

Two weeks into the new year, and we’ve already learned so much! If you attended Vision 2024 last week, you know what I mean—it was full of engaging presentations, great advice from security leaders, and best practices that you can start implementing for your organization today.

And if you missed it, never fear! The on-demand version is now available so you can discover what you missed. Prefer to read about it instead? Here are five of my favorite lessons from the conference.

1. AI Will Drastically Change the Game

“We are looking at a growing list of malicious generative AI models and large language AI models that are being utilized by bad guys. Just a very short and not extensive list includes Dark Bard, Dark GPT-3, WormGPT, ThreatGPT, WolfGPT, FraudGPT, and SpyEye, among others.”
Keren Elazari, Ethical Hacker and Cybersecurity Analyst

Every single session of Vision 2024 spoke about the threat of AI to some extent, but none more so than our closing keynote from ethical hacker Keren Elazari. During the presentation, she gave her insights into how AI has changed the threat landscape already, with predictions for how attackers will continue to evolve in the coming year. WormGPT alone can write business email compromise attacks with incredible accuracy—making them indistinguishable from real human communications.

This was also discussed by Evan Reiser, CEO of Abnormal Security, who predicts that AI will enable cybercriminals to send up to 10 times the number of attacks within the next three to four years. The sheer volume of these attacks (to say nothing about the increased sophistication) will result in a world where we simply do not have enough security analysts to keep up with the demand.

In fact, many of our speakers predicted that AI will change the entire cybersecurity landscape within the next few years—and Domino’s CISO Andy Albrecht stated that behavioral analysis will be the only way to prevent these threats.

2. Investing in AI-Native Cybersecurity Starts Yesterday

“It's like the early days of the internet except you can't ignore it because your competitor's not ignoring it.”
—Kevin O’Leary, Investor and Shark

Speaking of AI and behavioral analysis, our opening keynote focused on investing in the right solutions to prevent these coming threats, with advice from Mr. Wonderful himself. Known as one of the most ruthless investors on Shark Tank, Kevin O’Leary shared how he sees AI changing well, pretty much everything, and how he’s thinking about the future of AI for his own businesses. In doing so, he expects there to be a massive transformation similar to what we saw with the Internet two decades ago and reminds the audience that those who stay put will quickly fall behind.

Building on this, our panel of CISOs from the NFL, Choice Hotels, and Domino’s lamented how AI will drastically change the way humans interact with content, starting with the emails they receive and the business communications they read. As criminals begin to rely on AI, organizations must do so too—starting with the tools they implement to protect themselves.

Jason Stead from Choice Hotels showcased how proper AI-native tools can truly make a difference not only in stopping more attacks but also in freeing up the team to focus on larger priorities, stating that Abnormal has “dramatically reduced the volume of unusual or malicious or suspect things that get through to the end user. That's just really allowed us to take those resources elsewhere and stop spending time doing the investigation.”

3. BEC is Back… Among Other Cybercrimes

“From the US Secret Service perspective, we run a Business Email Compromise Mission Desk where we run a rapid response and incident response team, and I can't tell you how much work we did this year compared to prior years.”
—Stephen Dougherty, Financial Fraud Investigator, Secret Service

We continued the conference with insights from the federal government and a session in which Stephen Dougherty from the Secret Service spoke about cybercrime predictions for 2024. Looking back at the 2022 FBI Internet Crime Report, the trends seem to be mostly on investment fraud and business email compromise, with the latter continuing to grow dramatically year after year. Focused on how AI will change the threat landscape, Dougherty expects the report for this coming year to swing back in the other direction with BEC once again coming out on top. Of course, it’s not only BEC that we have to worry about, as phishing and malware remain favorites for email-focused attacks.

As our afternoon panel of CISOs from United Airlines, United Talent Agency, and Haleon reminded us, maintaining a proactive security posture is key to protecting your organization from costly damages due to these attacks. During that session, our speakers focused on the importance of data security as part of a larger cybersecurity strategy. Edmond Mack of Haleon stated, “Data security is not singular… It’s about reducing your risk posture across the organization and being in a state of better protections of knowing what you have, where it's at, who's accessing it, and that it has the correct controls around it.”

4. The Secure Email Gateway is a Relic of the Past

“And what he found once he went through that process with us is that he immediately was able to save $100,000 per year for his company just by eliminating that secure mail gateway.”
—Lane Billings, Director of Product Marketing, Abnormal Security

As the sessions turned to tools and how to better protect organizations, one theme was fairly constant: the secure email gateway no longer works. During this session from Abnormal Security, our two speakers showcased the seven lessons they’ve learned from replacing over 100 SEGs, but one of them really stood out: customers are happy with their decision. One customer example included a senior security leader from the F1000 who saw that his SEG was missing VIP impersonation attacks and the unwanted mail it let through was distracting employees. He also felt like he and his team were just way too in the weeds of the tactical reporting on email security. So he decided to replace his SEG—ultimately resulting in a much better security experience and reducing costs along the way.

This idea of new tools beating our incumbents was also key in the session presented by Dazz CTO Tomer Schwartz, during which he focused on autonomous cloud security remediation. We’re no longer in a world where there is a singular data center with a fairly static and contained on-premises environment. Instead, we have organizations with dozens or even hundreds of cloud applications being used across virtualized environments, which is ripe for attacks and breaches. All of this sets us up for a world where cybersecurity is constantly evolving and new startups and new platforms are beating out the incumbents.

5. Next-Generation Threats Require Next-Generation Security

“Attackers only have to be right once, but we as defenders need to think about how to be right all the time. They want an easy access point, so if you're making it more difficult for them, they're going to move on to somebody else, which is absolutely kind of a bummer for them, but it saves you. That's a function of thinking about how we can move to a position of supremacy.”
—Joel Spurlock, VP of Data Science, CrowdStrike

One last key theme present throughout the conference was the fact that cybersecurity will get much tougher in the coming year. The rise of AI and the democratization of technology has allowed adversaries to operate faster than ever. However, as speakers from multiple organizations pointed out, we now have the tools and integrations available to thwart actors like never before.

In particular, Spurlock called for a reevaluation of cybersecurity strategies in response to advancements in AI and ML. After all, as long as cybercriminals are successful, they will keep running their attacks. He believes that the only way to stop them is by constantly reevaluating our security platforms and making it so difficult to breach us that they simply stop trying. To do so, it is imperative that security leaders choose cutting-edge tools that protect the organization from next-generation threats, integrate with one another, and enable security leaders to gain back time.

Get More from Vision 2024

These are only a few of the insights presented by our speakers during Vision 2024. As you can see, there were incredible insights provided by our keynotes, panelists, and sponsors alike—more than anything we can summarize here. To hear these insights for yourself, check out the Vision 2024 recording! Just like our live conference, you can receive one continuing education credit per hour from ISC2 with up to 6 CPEs available by watching the entire conference.

As we wrap up Vision 2024, we want to thank your incredible speakers for their insights and our sponsors for their work to make the conference a success. Huge shoutouts to sponsors CrowdStrike, Cyera, Dazz, and Torq, and thanks to SecureWorld for their partnership.

And finally, Vision 2024 may be over, but there’s still more to come. Check out the Abnormal Resource Center for more insights, and stay tuned for Vision 2025… coming soon!

A Vision for a New Era of Cybersecurity: 5 Lessons Learned from Vision 2024

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 MKT477 Energy Infrastructure Data Blog
Energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. Learn more.
Read More
B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More