by Morey Haber, CSO, BeyondTrust
As the year draws to a close, it's a moment to offer informed insights into what the technology and cybersecurity landscape may hold in 2024.
The preceding year witnessed notable technological progress, particularly in Artificial Intelligence (AI), laying the groundwork for upcoming developments. Organisations can anticipate even more complex security challenges in the next 12 months.
In particular, the innovation in AI, particularly Generative AI, has meant it has quickly become a pivotal force in the technology landscape. ChatGPT in particular has disrupted norms and seeped into many facets of daily life.
Its proliferation is also streamlining many business operations, from coding to accounting, and promises to improve productivity.
However, the adoption of AI is also leading to a significant transformation of the cyber threat landscape. With this in mind, the predictions for 2024 are:
AI will spur a rapid evolution of cyber threats:
During the year, AI will change the threat landscape in fundamental ways. Firstly, the convergence of human ingenuity with AI capabilities will serve as a ‘force multiplier’ for cyber threat actors. This amalgamation will broaden both their reach and technical prowess.
Security teams have already observed AI’s use in generating ransomware and malware, however in 2024 that use will quickly increase in other ways. The technology will enable cybercriminals to exploit specific areas, quickly detect vulnerabilities, and evade detection.
Also, the evolution of AI holds the promise of ushering in autonomous, computer-based threat actors capable of executing end-to-end cyberattacks. This advancement could empower a single threat actor to perform in the same way as a large group, replacing human technical skills and gaining a competitive edge over security tools and teams.
AI’s role in enhancing existing attack vectors such as phishing will continue, however, the technology will also be used to craft new attack vectors thanks to the increasing quality of output produced by Generative AI tools.
AI even has the potential to reshape human understanding of reality by fabricating deceptive content across various mediums including articles, legal cases, correspondence, videos, advertisements, and historical data.
Additionally, the widening adoption of AI assistants by programmers might somewhat paradoxically lead to an increase in errors in software development, breeding security vulnerabilities within source code.
Studies reveal that developers who rely on AI assistants are more prone to injecting vulnerabilities into their outputs. Cloud services and AI-generated errors may therefore pave the way for unintentional software security flaws.
Dedicated applications will face obsolescence:
The era of dedicated applications and icons will begin to fade during 2024 in the wake of Generative AI’s transformative influence. The foundations will be put in place that will allow the creation of a future where tasks that were once app-bound are seamlessly navigated through AI interfaces. This will make things such as mobile applications for banking, travel, and information retrieval redundant.
UCS will become the future of communication:
Unified Communication Services (UCS) will increasingly replace POTS and dedicated VOIP systems during the coming year. This, in turn, will offer a seamless, cloud-driven communication experience that transcends traditional phone systems. However, this revolution in communication will also bring with it vulnerabilities and exploits that challenge a once-secure communication landscape.
Subscription overload will increase:
The shift towards subscription-based access to myriad products and services will herald a new era in ownership during the coming year. While offering convenience, this evolution will also cause concerns about data loss and security breaches when gaps in subscription licensing occur.
USB-C standardisation will continue and vulnerabilities emerge:
The standardisation of USB-C will usher in compatibility and ease of use, but will also introduce a new avenue for threat actors to exploit physical connections. This will lead to an upsurge in so-called ‘juice jacking’ and related attack vectors.
A rise in exploit mapping for ransomware:
Ransomware’s evolution will shift from extorting data to selling exploits and vulnerability information. Threat actors will increasingly seek to sell information that can compromise an organisation rather than directly engaging in ransomware attacks.
The standardisation of cyber insurance will progress:
The maturation of cyber insurance will evolve towards a more standardised approach. This will involve the consideration of core controls and frameworks that can help to mitigate risk andliability across providers.
To sum up, 2024 holds the prospect of an intriguing blend of technological progress and evolving security issues. Security teams and their Chief Information Security Officers (CISOs) who understand these trends will be well-placed to reap the rewards while navigating potential challenges effectively.