Security Think Tank: Expect more from GenAI in 2024

by -85 Views

Reflecting on the trends likely to determine the year ahead, the cybers ecurity industry faces a range of issues that must be factored in to managing organisational risk. Many of these are ongoing, threats that carry on evolving as technology continues to develop. But 2024 also feels slightly different; the past 12 months have seen generative AI burst on to the scene, and an exponential rise in its widespread use.

This has significantly impacted the cyber security landscape, both positively and negatively.

AI for good and bad

AI is becoming rapidly more sophisticated and traditional cyber security techniques such as antivirus software, firewalls and anti-malware engines are no longer sufficient to protect against threats produced by machine learning-powered attacks.

The spectrum of AI-enabled threats also includes deepfake social engineering attempts orchestrated using malware injections that can be quickly adopted into the IT landscape (and are extremely difficult to detect due to their intelligence and sophistication).

At the same time, the integration of AI into cyber security tools is also growing rapidly; a market of $8.8bn in 2019 is projected to grow to $38.2bn by 2026.

AI-powered cyber security is adept at handling large volumes of information over long periods of time. AI can promptly and efficiently analyse data from structured and unstructured resources and assist in rapid decisions about critical threats, significantly reducing the time between detection and response; in addition, AI and machine learning can understand trends, patterns and flows, work to predict them, and enable automated and trained incident response mechanisms.

AI can multiply threats and provide new routes for cyber criminals to exploit or accelerate their existing attacks, but also enhance defensive capabilities. However, organisations must have the right basic IT security defences to nullify today’s threats, as well as provide a better level of security against AI-enabled ones.

Next-level phishing

As noted above, the increasing adoption of generative AI will allow many more attackers to deploy more sophisticated and tailored strategies, such as deepfake attacks; the result will be an escalation of social engineering assaults, manipulating users into granting unauthorised access to organisational systems.

Attacks take many forms. Perpetrators, posing as trusted individuals, might trick an individual into clicking on an email link that reveals sensitive information, installs malware on their network or executes the first stage of an advanced persistent threat (APT). Text messages and voice calls can also be used to generate the attack, as can SEO manipulation that directs people to the hacker’s website and steals sensitive data when they interact with it.

Skills shortage

While far from a new issue, the continued shortage of skilled personnel and experts to safeguard companies from cyber threats remains a prevalent global concern. 50% of businesses have a basic cyber security skills gap in the UK for example, while 33% have an advanced skills gap.

There are various reasons for the ongoing lack of defenders, one of which is the highly stressful nature of cybersecurity roles – which causes many professionals to leave the sector. Last year Gartner reported that stress was behind nearly half of cyber security leaders planning to change jobs by 2025, with half of that number saying they would exit the security industry permanently.

As well as heightening the skills shortage, stress makes cyber security professionals less effective at their role; a 2023 report looking at the implications of stress found that 65% of CISOs in the US and UK felt stress compromised their ability to protect their organisation.

Zero trust

Zero trust means different things to different people, but it’s an evolving approach to network design that is also part of a wider mind-set as organisations look to tackle the increase in cybersecurity threats.

In short, zero trust assumes that active threats exist both inside and outside a network’s perimeter, with on-site and remote users alike required to meet stringent authentication and authorisation requirements before gaining access to a given resource. Every user is granted the least amount of access possible, based on a strict need-to-know basis, thus limiting the damage a threat actor can accomplish via lateral movement once inside a network.

Cyber warfare

The rise in geopolitical unrest has seen an increase in state-sponsored attacks.

Espionage is a common goal; nation-state cyberattacks might look to steal military intelligence, IP-intellectual property, and confidential information held by government organisations, contractors, and other businesses.

Another aim is major disruption – and possibly destruction. These attacks often target critical infrastructures such as the power grid or transport networks by using ransomware and malware (such as wipers that destroy an organisation’s access to files and data).

Some nation-state attacks focus on ‘hacktivism’, in which the sole intention is to make a political statement, for example by defacing a significant webpage.

As well as military conflicts, 2024 is the biggest election year in history, with those in the United States, United Kingdom and India being particularly significant; a surge in targeted cyber-attacks aimed at undermining the integrity of the democratic processes involved is anticipated.

Internet of Things (IoT)

With connected appliances including printers, cameras, thermostats, cars, lights, coffee machines, doorbells, music devices and refrigerators, the IoT has become increasingly integral to daily life. However, these ‘smart’, internet-enabled household devices result in a greater number of possible vulnerabilities for cybercriminals to exploit.

Design of these devices often prioritises user-friendliness and convenience over robust security measures; cybercriminals know that and, as some of the most vulnerable parts of home and corporate networks, IoT devices can easily be exploited for an initial foothold in the wider network.

In the first six months of last year, IoT-driven distributed denial-of-service (DDoS) attacks increased 300%, with the resulting financial losses estimated to be $2.5 billion globally. With the number of IoT devices engaged in botnet-driven DDoS attacks increasing from around 200,000 devices to approximately one million over the over the 12 month period to June 2023, the trend looks set to continue.

Not just for new year

But trend spotting is not limited to new year. Cyber security professionals continually scan the horizon for any threats likely to affect the safety of the organisation – that is the nature of their role.

Sumber: www.computerweekly.com

No More Posts Available.

No more pages to load.