The world of cyber security is a fluid one. The nature of the industry is a constant battle between hackers and cyber security professionals, each one trying to stay one step ahead of the other. As technology continues to advance, so do the attacks by cyber criminals looking to exploit gaps in the defences of organisations.
With this in mind, let’s take a look at some key topics our experts are looking out for in 2024 and beyond.
Artificial Intelligence (AI)
One term on everyone’s lips is Artificial Intelligence. At a glance, AI in cyber security is nothing new. Given the sheer number of logs they have to analyse, most Managed Detection and Response (MDR) solutions use some level of AI or algorithm to streamline the process (but it’s worth noting that the human element is still essential in these solutions). However, with the advent of powerful and publicly available AI writing tools such as ChatGPT, hackers in particular have been handed a leg up.
Starting last year, we saw how AI writing tools can help hackers write phishing emails with precision and on a massive scale in perfect English. Until now, broken English was an immediate red flag, but now non-English speakers can pump out well written phishing emails with little effort.
Last year we also saw the explosion of hackers using AI writing tools to create malware. Given how easy this makes the generally labour-intensive process of writing code, we expect to see a rise in this in 2024.
Finally, there has been some debate on how secure ChatGPT is as a platform. With the plethora of uses it has, it’s inevitable that some people are going to be inputting data they wouldn’t want to see exposed. Given AI synthesises output based on the data it processes, this could lead to inadvertent exposure of sensitive data.
With all this considered, it’s certain that AI will dominate the headlines for a variety of reasons in 2024.
Zero Trust
Another trend we predict to see more and more in the year to come is the adoption of a zero trust model.
What is zero trust? Zero trust is a cyber security framework that requires constant authentication, authorisation and validation for all users with the aim of reducing breaches. Whereas previously users may have only had to put in a password to log in and have full access, a zero trust network would ask for further authentication throughout a user’s session, using an authenticator app, a password, or even biometric scanning.
The unique modern work environment we’re currently experiencing shows no signs of changing, this means hybrid cloud work environments, ransomware, and remote working. Zero trust addresses these challenges.
Geopolitical Cyber Attacks
In today’s political landscape, nation states and political groups are increasingly using cyber attacks to further their means. Large scale state sanctioned hacking and bot farms have been used for years now by governments looking to destabilise their opponents without the repercussions and cost of more traditional offensive operations, one notable example being Russia’s interference in the 2016 US election.
The ability to sow discord in elections using the internet could not have come at a worse time. 2024 has been dubbed by many ‘the year of the election’ with a record 60 countries and half the world’s population going to the polls throughout the year. While an election in the UK is a strong possibility but by no means certain, voting in the US, European Parliament, India, Indonesia, Pakistan, South Africa and Bangladesh to name a few will undoubtedly bring major change to the world as we know it.
Along with election interference, key infrastructure is often a target of malicious actors. Private companies operating in vital areas such as energy, water and transport are often more likely to be hit than generally better defended state-owned targets, so should be just as vigilant.
As political upheaval is combined with continued tension and conflict in Eastern Europe, the Middle East and Africa, we expect to see large international cyber attacks taking an outsized role in hostilities as well as the headlines.
Cyber Security in the Boardroom
Only a handful of years ago, cyber security was an issue exclusively for IT. Even for many medium and larger organisations, digital defence was simply part of IT and wasn’t given much thought at board level.
Increasingly cyber security is becoming one of the biggest issues discussed in the boardroom. For all companies, not just those that are particularly online, cyber security is now too big an issue to leave at the department level. Gartner predicted last year that by 2026, 70% of boardrooms would include one cyber security expert, with CISOs and CIOs becoming some of the most important people in a business. We’ve also found that even non cyber security board members are now more clued up than ever, and more likely to want to know what’s going on in their information security departments.
This year expect to see more CISOs, CIOs and other senior cyber security roles on the board.
Summary – key topics for 2024 covered:
- Artificial intelligence
- Zero trust frameworks for defence
- Geopolitical cyber attacks
- Cyber security in the boardroom