What’s Ahead for 2024 on Cybersecurity?
by Scott Register, Vice President, Security Solutions at Keysight Technologies
With the pace of technology quickening, 2024 is shaping up to deliver another round of breakthroughs that promise to fundamentally reshape how the world lives, interacts, and communicates. Pushing the boundaries of innovation, artificial intelligence (AI) and machine learning (ML) are poised to begin making serious impacts in every aspect of our lives, including cybersecurity.
Looking ahead, Scott Register, Vice President, Security Solutons at Keysight Technologies, shares cybersecurity insights in the era of AI, data privacy, and the increased attacks on critical infrastructure in 2024.
Cybersecurity in the AI Era: Good & Bad
AI is impacting every aspect of our lives, including cybersecurity. Adversarial AI will increasingly be a problem. For example, generative AI can collect information from social media, corporate email, blogs, and other sources to generate specific and realistic phishing emails that can be personalized and mass-produced with almost no human input. As a result, companies must deploy more advanced phishing detection systems, including those optimized to detect AI-generated content and improve employee training.
AI will increasingly be used to generate network or endpoint behavioural patterns to see if different security products can identify them. As a lot of detection occurs at the SIEM (security information and event management), this can be tested via log messages rather than actual behaviour, so AI is perfectly suited to take on this task. AI will increasingly take on a pivotal role in testing and evaluating security products.
Data Privacy Remains in the Spotlight
Data privacy is a critical component of cybersecurity, and how you think about it differs significantly from areas like intellectual property. Stringent enforcement of who and what has access to PII data (personally identifiable information) and how to manage it securely requires special attention and specific skills. Increasingly, organizations will outsource the management of PII to help step up their efforts to protect the data and shift more of the risk to a third party.
Supply Chain Diversification Key to Resiliency
Organizations will start to push more risk assumptions into the supply chain to protect themselves against inherited security flaws. In 2024, there will be stricter documentation requirements for secure design, implementation, and validation of supply chain components. To build resiliency, organizations will diversify their supply chain for critical parts.
Critical Infrastructure in the Cross Hairs of Threat Actors
Critical infrastructure is a key target of cybercriminals. If the wars in Ukraine or Israel spread, this will drive up the number of attacks from threat actors loosely aligned with nation-states. We’ve already seen increased attacks on utilities, and in 2024, this will expand to include connected medical and smart home devices.
Cybersecurity: People and Policies Trump Products
Products are an essential part of cybersecurity; however, people and policies are critical to fine-tune and strengthening defences. For example, testing your security stack and up-skilling your team will bolster your cybersecurity posture more than adding another dashboard.
International Harmonization of IoT Cyber Regulations
There are numerous country-wide regulations to improve IoT cybersecurity, including the Cyber Trust Mark in the US, the ETSI EN 303 645 standard in Europe, and a labelling program in Singapore. In 2024, there will be more harmonization of the legislation to avoid manufacturers having to grapple with a multitude of requirements, which slows production and drives up costs. However, a global standard will remain elusive for now.
Intelligent Security Testing is Non-Negotiable
Cybercrime is the world’s 3rd largest GDP, and organizations are under constant attack. Bad actors are already utilizing intelligent tools to try to access networks, so it’s vital for enterprises to strengthen their defences by integrating AI-driven security testing. Companies that fail to embrace intelligent testing are leaving flaw discovery within their network to bad actors. As always – you want to find it before they do!
