2023 was a reminder that asymmetry wins when defenders treat novelty as noise. Adversaries found cheap, scalable ways to break assumptions. They combined old tradecraft with new tech and exposed brittle systems: physical perimeters that assume predictable vectors, software supply chains with blind spots, and global logistics that depend on single choke points. Defend like you expect the next surprise to be simple, cheap, and fast.
What hit hardest in 2023
The October 7 Hamas operation used multiple low-cost axes of attack at scale. Militants infiltrated by land, sea, and air, including motorized paragliders, and combined rocket barrages with ground raids that overwhelmed local defenses and caused mass casualties and hostage-taking. The attack showed how layered, mixed-mode assaults can defeat a system built to stop single-mode threats.
On the cyber side, the MOVEit Transfer zero day and the mass data theft campaign attributed to the Clop affiliate exposed how a single flaw in a widely used file transfer product can spill personal data and operational secrets across industries and millions of people. The exploitation began in late May and unfolded rapidly, forcing emergency mitigation and disclosure cycles across government and private sectors.
At sea and in the littorals, Houthi strikes and drone attacks against commercial shipping in the Red Sea and nearby waterways late in 2023 demonstrated how regional conflicts reach global supply chains. Attacks on tankers and commercial vessels forced reroutes and raised the cost and complexity of maritime security for shippers and navies alike.
Resolution 1: Assume compromise and build resilience now
Action: Make three immutable changes in the first 90 days. Require offline, immutable backups for critical data. Enforce tested incident playbooks that assume exfiltration already occurred. Run at least two realistic tabletop exercises this year that include legal, communications, and supply chain partners.
Why: MOVEit showed that detection often lags exfiltration. If you treat backups and recovery as optional, you will pay a ransom or lose customers.
Resolution 2: Stop thinking of technology as benign by default
Action: Inventory every aerial, maritime, and connected device that can be weaponized. That includes commercial drones, paramotors, small boats, and any IoT gear in your environment. For each class of device, set a minimum baseline: deny-by-default network posture, segmentation, signal detection, and physical barriers where feasible.
Why: The October 7 attacks and Red Sea incidents both prove small platforms scale risk. Low-cost aircraft and boats are now vectors. Defense must be layered: detection, countermeasures, and hardened physical procedures.
Resolution 3: Treat third parties like internal assets
Action: Map critical third-party services and prioritize patching and verification for any supplier that handles sensitive data or logistics. For each vendor, require an attestation to baseline security controls, right-to-audit clauses, and a tested transition plan in case of compromise.
Why: The MOVEit attacks exploited a vendor product and cascaded downstream. Your risk is only as low as your weakest vendor.
Resolution 4: Fund and practice layered detection and attribution
Action: Invest in telemetry that covers both network and operational domains. Ship security teams should get required funding for signal-intel and rapid attribution services. Run annual cross-domain hunts that include physical, cyber, and supply chain indicators.
Why: Rapid attribution shortens the window an adversary has to pivot. In 2023, response gaps amplified the effects of both kinetic and cyber attacks.
Resolution 5: Prioritize hardened communications and contingency logistics
Action: Build redundant communications for crisis leadership and critical supply chains. Confirm alternate routing options for shipments and test carry-through plans for 30, 60, and 90 day disruptions. Pre-negotiate charters and alternative suppliers before you need them.
Why: Maritime disruptions in late 2023 showed how localized conflict yields global chokepoints. Planning ahead turns delays into manageable operational issues rather than full-blown crises.
Resolution 6: Short, sharp maturity goals for the year
Action: Pick five measurable goals for the year. Examples: 100 percent inventory of internet-exposed managed file transfer services; 90 percent of critical vendors with attestation; two full disaster recovery drills; upgrade network segmentation to isolate vendor traffic; and procurement of one counter-drone capability for critical sites.
Why: Big strategy fails without measurable benchmarks. Set quarterly reviews and tie budget releases to progress.
Resolution 7: Rebalance privacy and security where necessary
Action: Where privacy rules allow, set legal rapid-sharing agreements with peers and government for indicators of compromise, aerial sightings, and maritime threat reporting. Forge a small working group across legal, ops, and security to maintain these agreements.
Why: Speed matters. Information sharing broke silos during 2023 incidents and must be normalized and practiced ahead of crisis.
Final note
2024 will not be quieter because the tools are cheaper and the incentives are clearer to attackers. You can spend on hopeful prevention or on practical resilience. After 2023, the smarter choice is obvious. Pick concrete actions, measure them, and stop treating surprises as acceptable. Security is an operational discipline. If you want a safer year, act like it.