Cybersecurity risks continue to transform rapidly. Attacks are increasing, threats are evolving, and the regulatory landscape continues to get more complicated. Here is a breakdown of emerging trends that may define the industry as the new year progresses.
Generative AI
This year will see an evolution of attacks against large language models (LLM) that drive generative AI, including attacks that poison the models as well as those that trick the AI into revealing sensitive data. Threat actors will continue to advance their usage of generative AI to find new vulnerabilities, write malicious exploit code, and craft realistic phishing messages. AI will also be used to craft lifelike deep fakes and disturbingly accurate video and voice impersonations based on social media and other publicly available posts. As company AI solutions lag, another unfolding challenge will be the use of BYOAI (bring your own AI) and shadow AI.
Guard Against It
- Take advantage of increased integration of generative AI with security tools, which can aid in predictive analysis and adaptive security
- Monitor emerging LLM threats
- Prevent shadow AI with a Business-centric AI program that has security built in from the start
New Attacks in the Cloud
Cloud migrations continue to outpace the ability to properly secure code, infrastructure, and data. Building on existing vulnerabilities and common misconfigurations, new threats are leveraging insecure API, insider compromise, and the blurring lines of BYOD to obtain access. Supply chain attacks are also on the rise, with bad actors targeting trusted authentication and network management systems that cloud management depends on.
Guard Against It
- Move to zero-trust architecture as soon as possible
- Enforce strong authentication and enable access to cloud systems from managed corporate devices only
- Invest in continuous developer training and test often for exploitable vulnerabilities
State Sponsored Cyber Warfare
As war rages in several parts of the world, and political tensions run high in others, state sponsored cyber warfare can be expected to rise. In addition to government and military targets, nation states also target critical infrastructure, including financial services. They engage in corporate espionage, IP theft and sponsor cybercrime to raise funds. This makes state sponsored attacks a threat to all organizations.
Guard Against It
- Understand that it is incredibly difficult to thwart state sponsored attacks (without the resources of a state). However, good cyber hygiene and defense in depth make a good deterrent and can help slow attacks
- Document and frequently test incident response, DR, and BCP plans
- Participate in peer intelligence sharing groups and industry ISACs
- Maintain relationships with law enforcement and government agencies that can help if needed
Growing Skills Gap
The persistent gap between available and necessary cyber security talent continues to plague enterprises large and small. The shortage applies at all levels and across all cybersecurity disciplines, leading to understaffed security teams, increased workloads, and high attrition rates. This in turn limits the ability of many organizations to respond effectively to threats, implement robust and innovative security systems, and adequately protect data.
Guard Against It
- Attract great leaders and talented practitioners with competitive salaries and by promoting diversity and inclusion
- Retain talent with constant training, opportunities to innovate, and by minimizing energy-sapping administrative work
- Maintain a pipeline of succession with clear cut career growth plans for everyone at every level
Regulatory Roller Coasters
The new year will see new legislation surrounding privacy, data protection, and the use of AI, along with increased scrutiny from regulatory agencies around the world.
Guard Against It
- Demonstrate that cyber risks are a core business concern by involving Business leadership and board of directors in strategic cybersecurity oversight
- Train for regulatory readiness and prepare for exams well ahead of time
- Stay ahead of the regulatory curve with innovative security programs that exceed baseline requirements
And What Else?
The race is on to compromise satellites, spacecraft, orbital surveillance networks, and space weapons. With major elections in more than 60 countries, 2024 is bound to see some issues (real or imagined) with voting security. Cryptocurrency hacks, quantum decryption, and metaverse threats may not make it to the top of the list, but they are interesting enough to keep an eye on.
Mostly, though, it will be more of the same. Phishing, ransomware, password theft, disinformation, and the occasional DDOS.