Features 01.02.2024
Five Technologies Threatening Cybersecurity in 2024
Take it with more than a pinch of salt, artificial intelligence should be at the top of every CISO’s watchlist for 2024
Features 01.02.2024
Take it with more than a pinch of salt, artificial intelligence should be at the top of every CISO’s watchlist for 2024
There’s only one constant in cybersecurity: change. The industry is in eternal flux, engaged in a never-ending game of cat-and-mouse between those looking to defend and those attempting to attack.
This makes it vital for cybersecurity professionals to be aware of the latest technologies and trends. If there’s a single thing you can bet on, it’s that the criminal counterparts will be.
And that brings us to this article. We’re attempting to shine some light on what’s coming next, specifically the tech that will shape cybersecurity in 2024, with the caveat that change is the one constant. To complement those predictions, we’ve asked industry experts for their advice on dealing with what comes next.
Of the five cybersecurity professionals that Assured Intelligence spoke with, all mentioned the impact artificial intelligence will have on the industry in 2024. This is the trend CISOs will spend the next 12 months grappling with.
This topic, though, is vast, so we need to delve deeper into specifics. As Manoj Bhatt, a cybersecurity consultant whose resume includes the Ministry of Justice and Accenture, tells Assured, we need to look beyond the simple narrative of “AI is going to mount more attacks…we need AI to defend [them].”
“AI is going to mount more attacks…we need AI to defend [them]” Manoj Bhatt
Is this true? Undoubtedly, but more specific examples of how the tech will impact cybersecurity need exploring.
There’s the integration of AI into pre-existing tools. One thing Bhatt stresses about artificial intelligence in cybersecurity is that it’s not all about external attackers using it; professionals have to “keep control of the internal threat,” too. This danger, he believes, will increase substantially in the coming months.
While there are many reasons for this, one key area of concern is pre-approved work tools that have introduced new AI features.
This, Bhatt explains, opens up a new actor vector for malicious parties and “the likelihood is that the cybersecurity team will [only] find out about these when the incident happens.”
He believes the key to fixing this is for CISOs and security professionals to get “closer and closer to the business,” understanding and analysing the tools people use and how they evolve.
Bhatt tells me one way of achieving this is increasing the number of roles — like Business Information Security Officers (BISOs) — that have in-depth oversight of software and can manage its use. Such a move, Bhatt declares, is “imperative.”
AI again, but this time more specific. Phishing has long been the bane of cybersecurity, and this will only worsen in 2024.
Paul Bischoff, consumer privacy advocate at Comparitech, tells Assured Intelligence that AI-created deepfakes will be more commonly used for “extortion, libel, and misinformation” this year.
“Here at Zscaler, we were hit with a fairly sophisticated voice deepfake attack” Marc Lueck
While there’s concern about artificial intelligence being leveraged in phishing attacks using chatbots or emails, interestingly, Bischoff and two other experts mentioned its use in voice cloning.
“Here at Zscaler, we were hit with a fairly sophisticated voice deepfake attack trying to directly extort money from some of our employees,” says Marc Lueck, the company’s EMEA CISO. This form of attack will only intensify in 2024, he adds.
One path to solving issues like this is education. Many people aren’t aware of AI’s current sophistication and need to be made aware of its potential to identify phishing attacks successfully.
But it’s impossible to stop all breaches. According to Lueck, “the savvy CISO should be looking to find ways to limit impact rather than prevent these attacks.”
He suggests implementing a “zero trust architecture” and changing processes so that financial transactions require more sign-off. Lueck reiterates that CISOs shouldn’t focus only on stopping hackers. Instead, they should ask, “How does the attacker get paid?” and then do all they can to disrupt that chain.
While we’ve spoken about artificial intelligence from the perspective of risks, it can also be highly beneficial.
According to Darren Guccione, CEO and co-founder of Keeper Security, CISOs and security professionals can use AI to “diligently monitor events that pose the biggest threats to [them].”
The best way to do this, he believes, is with things like security information event management (SIEM) software. This technology can log events and consolidate “information from disparate cybersecurity solutions into one central location,” he says.
As attacks rise and cybersecurity systems get more complex, artificial intelligence can do a lot of heavy lifting, spotting threats or anomalies that people may miss.
So, with three AI-focused technologies covered, it’s time to look at other forces shaping cybersecurity in 2024.
Another point of cybersecurity concern that multiple experts brought up was related to the MOVEit vulnerability, a managed file transfer (MFT) system breach that happened in 2023.
“I think we’ll see more attacks on large organisations related [to this],” says Bischoff from Comparitech. His reasoning? This vulnerability is now on cyber criminals’ radars.
David Emm, principal security researcher at Kaspersky, agrees. He says that the issues with MFT systems like MOVEit “have exposed the potential for bad actors to infiltrate sensitive data across supply chains, leaking company information without directly breaching a company’s security system.”
Businesses must act to secure themselves now. Emm states they must “not only secure internal systems, but also diligently scrutinise all third-party providers, as these can serve as potential backdoor entry points for cyber criminals.”
Amidst all the bleeding-edge tech hitting the security market, it’s ‘nice’ (we say that tongue in cheek, of course) to finish with something we’re more familiar with: malware and ransomware.
“Organisations should implement advanced threat detection measures and leverage threat intelligence” David Emm
Yes, there are old technologies, but what should trouble CISOs in 2024 is the continuing increase in their availability and professionalism.
“The commodification of the malware/ransomware market and the continued huge profits made by threat actors have significantly increased the level and sophistication of attacks,” Lueck from ZScaler says.
To counter these threats, Emm from Kaspersky has some advice. “Security professionals need to adopt a proactive stance,” he says. “Organisations should implement advanced threat detection measures and leverage threat intelligence.”
It’s clear that the biggest threat to cybersecurity in 2024 is artificial intelligence.
While the technology has become somewhat of a buzzword, CISOS need to dig deeper and discover precisely what it is about AI that could threaten their organisation.
In 2024, there will likely be new attack vectors on internal software and the rise of sophisticated phishing.
Of course, cybersecurity professionals shouldn’t just ignore other technologies because of the looming danger of artificial intelligence — issues with MFT systems and off-the-shelf malware are something they should ignore at their peril.
Fundamentally, though, we can try to guess what 2024 has in store, but the very nature of technology and its speed of advancement means that we’re simply trying to read tea leaves.
There’s only one guarantee: if a technology can be used to threaten or attack, you can bet your bottom dollar someone will do so. Change is the only constant, after all.