Given the recent slew of critical vulnerabilities and zero-days plaguing Ivanti VPNs, cybersecurity teams are left scrambling for solutions. The company has disclosed five VPN flaws in 2024, with two of them publicly announced weeks before patches became available. This is posing an existential threat to the business as critics, such as cybersecurity researcher Jake Williams, attribute the vulnerabilities and slow incident response to years-long neglect of secure coding and security testing at Ivanti. Recovering from this technical debt while rebuilding trust with customers will be a challenging task, and Williams is doubtful of Ivanti’s ability to do so.
On the other hand, the Middle East, Turkey, and Africa region have seen higher-than-expected cybersecurity growth, with IDC reporting that more than three-quarters of CISOs in the region are planning to increase budgets by at least 10% in 2024 due to geopolitical threats, the growth of generative AI, and increasing data protection regulations. This surge in spending is driven by the increase in successful cybercrimes, which has driven demand for consulting services in non-core countries where awareness is not as high compared to the core countries and a push coming from governments for improved cybersecurity. Countries like Saudi Arabia and the United Arab Emirates (UAE) are in a more high-growth spending trajectory than their peers, actively investing in national strategies to secure their networks and technologies.
Additionally, the US Securities and Exchange Commission’s new rules around cybersecurity are now in place, mandating that security teams bring more rigor to how they track key performance indicators (KPIs) and key risk indicators (KRIs) and how they use those metrics to advise and report to the board. This has led to recommendations for CISOs and cyber leaders to be fluent with the top security operational metrics in order to give the board a comprehensive report on risk levels and security performance.
Furthermore, telecom and VoIP providers will have to report data breaches to the FCC, the FBI, and the Secret Service within seven days of discovery starting next month. They will also have to issue data breach notifications to customers whenever there’s personally identifiable information (PII) involved. The new rules from the FCC mandate that carriers and service providers be more transparent when PII is exposed, a significant update from the Commission’s breach reporting requirements that were unchanged since 2017.
Overall, these recent developments highlight the complexities and challenges of cybersecurity in the modern age and the increasing need for robust security measures across all industries. With cybersecurity threats on the rise, organizations, especially in the Middle East, Turkey, and Africa, are recognizing the necessity of investing in cybersecurity to protect their networks and technologies. On the other hand, companies like Ivanti are facing the consequences of neglecting secure coding and the implications for their business and customers. As the cybersecurity landscape continues to evolve, organizations and security leaders must remain vigilant and proactive in addressing cyber threats to ensure the protection of their data and technologies.