The cybersecurity industry has long identified these AI trends, and every provider is developing AI capabilities to add to their products for threat detection, mitigation, and more.
Contributors:
-
Harshil Doshi, Country Director, India & SAARC
-
Augusto Barros, VP, Cybersecurity Evangelist
-
Findlay Whitelaw, Field CTO, Insider Threat Program, and UEBA Solution
-
Haggai Polak, Chief Product Officer
-
Securonix Threat Labs
2023 is almost over, which means it is now time for the cybersecurity industry to look back at major developments during the year and anticipate what trends, challenges, and opportunities lie ahead in 2024. 2023 saw numerous trends that are likely to continue into 2024 and beyond.
AI will play a crucial role for attackers and defenders.
2023 was the year that AI exploded on the public stage with the growth of large language models (LLMs) like ChatGPT. This trend will extend into 2024 as both hackers and cybersecurity professionals continue to evolve the use of artificial intelligence (AI) and machine learning (ML). Attacks will become more sophisticated as threat actors continue to use AI tools. 2024 will likely witness an increase in AI-assisted and AI-driven attacks successfully bypassing security controls such as MFA, zero trust, and other fundamental security technologies and defenses. Security professionals will have to adapt to these attacks through the development of their own AI-based tools to create effective defenses.
One particular threat will be the use of technologies like generative AI and deep fakes. They have been proven to be effective in improving phishing and other social engineering attacks that bypass security protocols to access sensitive information. 47% of Indians have been or know someone who is a victim of AI voice cloning attacks. These technologies also have wider social and political ramifications as they become more convincing and eliminate obviously identifiable artifacts, making it harder to distinguish real information from fraudulent or artificially generated content. The recent deepfake controversies with Rashmika Mandanna, Kajol, and Katrina have made this a public issue in India, with Prime Minister Narendra Modi commenting on the issue and instructing his government to pass appropriate regulations. With India and the United States both going into major election years, deep fakes are likely to continue being prominent in cybersecurity and misinformation campaigns.
The cybersecurity industry has long identified these AI trends, and every provider is developing AI capabilities to add to their products for threat detection, mitigation, and more. However, implementing AI in cybersecurity is a time- and resource-intensive endeavor where success is not immediate. It is an ongoing process that requires the collection and preparation of data that is fed into AI models that need to be fine-tuned and calibrated multiple times. This is without going into additional considerations that arise when integrating these solutions into existing security infrastructures. Choosing security vendors that are at the forefront of AI will be beneficial, as their expertise and familiarity will prove pivotal in navigating an increasingly AI-dominated cybersecurity landscape.
It is important to remember that, despite its many capabilities, AI is unlikely to make humans redundant. AI excels at handling large volumes of data and performing repetitive tasks at speeds and accuracies beyond human cognitive abilities. The productivity and efficiency benefits AI solutions can create will mean that we can expect some high-volume, repetitive tasks to shift from manual execution to automation and AI, if they haven’t already. However, AI lacks emotional and causal intelligence as well as the ability to fully execute complex decision-making roles, especially where judgment and ethical considerations are at play and there is a need for contextual or nuanced understanding. In 2024, we can expect AI to continue augmenting the capabilities of cybersecurity professionals rather than replacing them.
An increase in targeted, evasive cyberattacks and phishing
2023 saw an increase in highly targeted and evasive cyberattacks that have been attributed to cybercriminal groups and state-sponsored threat actors. Their effectiveness will mean that we can expect to see more such methods being used in 2024. The attacks have been persistent and can involve both state-sponsored malicious threat actors cyber espionage and disruption operations, as well as more traditional cybercriminals and ransomware operators exfiltrating and encrypting sensitive data. For example, the STARK#VORTEX campaign was used by a threat group to target the Ukrainian military by using pilot-in-command (PIC) drone manuals as lure documents to deliver malware. Attacks have also increasingly begun to use automation, third-party components, “grey areas,” and attack tools like remote monitoring and management (RMM). This will likely continue in 2024, bringing more ways for ransomware attackers to extort victims and gain leverage in ransom negotiations.
This trend is also likely to be replicated with phishing emails and social engineering exploits, which continue to be effective ways to breach an organization. Phishing attacks increased by 62% last year, and threat actors are going to continue leveraging phishing emails as a primary source of compromise in 2024 with new and evolved tactics, techniques, and procedures (TTPs). 2023 saw QR code-based phishing (quishing) gain popularity and witness an uptick in more advanced tactics such as man-in-the-middle (MITM) and adversary-in-the-middle (AiTM) attack methods that leverage tools like EvilProxy. In addition to phishing, advanced tactics like social engineering and malvertising will continue to be prolific.
Attacks on critical infrastructure will continue to escalate.
All businesses, large or small, are targets for threat actors from within and outside the organization, but certain sectors face additional risk. Financial services, healthcare, and education will continue to attract the attention of threat actors, as their economic importance and data value make them especially attractive targets. AIIMS Delhi, the premier medical institution that treats high-level government officials and foreign dignitaries, faced a crippling attack in late 2022 before successfully thwarting another in mid-2023. Governmental and non-governmental organizations working on important economic, justice, and civic issues are also likely to be targets of misinformation and cyberattack campaigns from foreign and domestic actors.
Geopolitical trends for the last few years have increasingly seen the growth of cyber as a theater for warfare, a trend that accelerates with every additional conflict. With recent events in the Middle East and continuing conflict in Ukraine, nation-state actors and state-sponsored cyberattacks may continue to escalate, leading to an increased focus on international cooperation and cyber deterrence strategies.
Continuous evolution
Cybersecurity is a perennial cat-and-mouse game. Cyberattackers continue to evolve their TTPs to avoid defenses, and cybersecurity providers continue to evolve new defenses to counter them. The development of current technologies like AI and future ones like quantum computers will dramatically change cybersecurity considerations, and 2024 will add further developments and complexities to the task of protecting organizations and individuals in the digital age.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.