The last 12 months have been seismic for cybersecurity, with successful hacks and security breaches continuing to dominate headlines. The task of keeping networks and data secure is constantly evolving, with hackers and cybersecurity professionals constantly in a state of cat-and-mouse game as they attempt to outwit each other. others.
Events of the past year, including widespread adoption and interest in AI, as well as new geopolitical challenges, have had a profound impact. They provide some clues about what 2024 might have in store.
The blurred line between real and online battlefields
In recent years, cyberattacks and, in response, cybersecurity, have begun to play a much larger role in geopolitical conflicts. Cyberspace is now a pillar of the weapons arsenal used by nation states involved in large-scale conflicts, and is an expected tactic when dealing with states engaged in war.
Cyberattacks in this context differ from kinetic uses. Usually, hackers aim to obtain sensitive data for which they can demand ransom. However, in times of geopolitical tension, targets tend to be critical infrastructure with the aim of disrupting energy and communications networks, thereby hindering coordination and movement of troops across territory. floor.
The prevalence of cyberattacks as a common component of geopolitical conflicts will undoubtedly lead to a continued escalation of cyber risks, as well as the creation of new and more sophisticated tactics. It could also have a ripple effect as adversaries extend their cyberattacks to companies and countries that support their allies. This growing cyber threat landscape will require enhanced security measures and international cooperation to effectively mitigate risks.
AI will completely disrupt the cybersecurity space
2023 will go down in history as “the year of AI”. AI as a concept has been around for decades, but it was primarily the toy of software engineers and had limited applications in fields such as biotechnology and mathematics. However, the release of ChatGPT brought the concepts of artificial intelligence and machine learning to the mainstream and expanded its use case to become part of people’s daily lives.
The dark consequence of this situation is that AI tools are now also much more available for bad actors to use to supplement their hacking arsenal. In the past, identifying and exploiting complex, one-time application programming interface (API) vulnerabilities required a lot of effort on the part of the person implementing the attack, and typically required a tailor-made solution tailored to specific API vulnerabilities. In 2024, AI will likely increase the sophistication and scalability of attacks.
The AI industry will take another giant leap
Even though current AI technology will continue to develop, the industry surrounding this technology will most likely experience its most tumultuous year in 2024. One of the main ways this will manifest is through the divide between the public sector and the private sector.
Governments have already talked a lot about AI governance because the technology is so new and its applications seem limitless. Policymakers around the world have already recognized the danger this could pose if left unchecked, leading to discussions around its regulation, such as AI Security Summit held in the United Kingdom in November 2023.
As the implementation of government AI policy takes shape, government agencies, as well as private companies, such as those involved in critical infrastructure, that are affected by the resulting policies, will be constrained to comply with it. However, a pronounced divide will emerge between regulated and unregulated businesses. These private entities will adhere to a wide range of approaches to AI, and many will choose to create their own policies, creating a divide in approaches to AI technology.
Another way the AI industry will evolve in 2024 will be through the consolidation of AI companies. The year 2023 saw explosive growth as AI became a hot topic and many investors wanted a piece of the pie, leading to many new companies trying to create their own ChatGPT. Most startups that build their own model are unlikely to succeed, and outside of OpenAI and Big Tech companies like Meta and Google, these startups will fail or be absorbed by larger organizations.
API regulation will continue to grow
Changes in technology regulations in 2024 will not only affect AI, regulations around APIs will also continue to evolve. APIs remain a major attack vector for hackers and represent a weak link in some organizations’ cybersecurity strategy.
Many companies don’t have a complete inventory of their APIs, and even if they do, they don’t know which ones handle sensitive data. This is concerning because it is often the weak links that are most vulnerable and likely to be targeted by individuals or groups seeking valuable data.
While more general asset management, particularly in banking, is traditionally overseen by regulators, APIs are emerging as a distinct category of assets that require their own dedicated oversight.
Therefore, API inventory discovery and lifecycle management are emerging as focal points for banking regulators, reflecting the evolving technology landscape and the essential role of APIs in modern financial systems.
In 2024, cybersecurity will likely continue to be dominated by the application of AI. While the debate over whether the technology is useful to the average person rages, it is clear that the use of AI in both offensive and defensive cybersecurity strategies will be prevalent. As a result, particular attention will need to be paid to APIs to ensure they are secure against increasingly sophisticated and frequent cyber threats.
Image credit: BiancoBlue/depotphotos.com
Karl Mattson is a field CISO at Security without a name.
