Generative AI to Drive Self-Service Cybersecurity and Board-Level Governance; Development of Quantum-Resistant Cryptographic Algorithms to Gain Momentum; in 2024
The previous couple of years saw tremendous focus on securing the hybrid working environment as new norms took hold for remote and office working, including widespread adoption of cloud, with scammers and cybercriminals upping the stakes by using advanced techniques for social engineering, phishing and business email compromise. In 2024, as generative AI gets embedded in business operation, we can expect criminals to take their attacks to the next level, requiring organisations to adopt new, astute and strategic approaches to cybersecurity.
Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, highlights the following cybersecurity trends, primarily driven by generative AI adoption, that will dominate in 2024:
Generative AI will drive self-service security, and help to alleviate the cyber talent shortage
Historically, security has been considered a highly specialised and technical profession. As a result, security teams in enterprises have borne the burden of keeping the organisation safe, alongside attempts to encourage involvement from technology users and staff to also take ownership by staying vigilant to help thwart phishing attacks and other scams.
Generative AI will change this in 2024, initiating a drive towards self-service cybersecurity. This technology will commoditise and democratise security by providing Natural Language Processing-based tools to enable employees to identify fraudulent activity independently and accurately, to effectively escalate to infosecurity teams as appropriate. Likewise, infosecurity teams will have at their disposal capabilities that automate time and resource-intensive processes across the cybersecurity spectrum. All this combined will make a marked stride in helping to alleviate the global cyber talent shortage.
Security governance expertise at the board level will become a priority
The world has reached a tipping point where need for continuous alignment of cybersecurity, business strategy and operation is indispensable. With the adoption of generative AI as a business tool, in addition to cybersecurity attacks, the risk of intellectual property and commercial data loss grows exponentially. The risk of breaching industry regulations such as HIPPA, GDPR and a host of similar country-specific data protection legislations is greatly increased too. ’Named’ expertise in and responsibility for active security governance at the board level will become a strategic priority.
Development of quantum-resistant cryptography will gain momentum
With growth in quantum computing, the cryptographic algorithms widely used to protect digital information appear to be falling short in their effectiveness. New quantum-resistant cryptographic algorithms are needed to protect against quantum computer-based attacks. Developing these algorithms will require planning, will take time, but the process will start in earnest in 2024. Organisations such as NIST and ENISA have already initiated this effort. Security developers will need to actively ensure that their software includes the latest cryptographic libraries as lagging behind in updating solutions will have serious implication for their customers.
Investment in security will see an upsurge to reflect generative AI
As much as AI is a tool that will help to make strides in strengthening cybersecurity defenses, it is also technique that is being widely deployed by threat actors to breach those safeguards with success. Following a period of relatively stationary budgets, enterprises will increase spending in security, investing especially in generative AI-based products, services and cybersecurity skills.
Whilst skills gap in the industry is a longstanding challenge, with the introduction of generative AI security products and the resultant growth of self-service solutions and demoncratisation of security, enterprises will revisit, both their cyber strategy and the type and level of skills needed for the future.