In the ongoing cyber war of humans-against-humans; AI-against-AI, what new trends and threats need to be addressed in the near future?
Among business leaders and thinkers in the cybersecurity space, a question foremost on their minds is, “What trends and developments need our attention in 2024 and next year?” With geopolitical tensions, hacktivism and unprecedented cyber incidents in the past two years bearing down on industry, keeping cyber intelligence one step ahead of today’s state-sponsored threats and AI-empowered cybercriminals is keeping such thought leaders awake at night.
So, according to one thinker, Prof Alex Siow of the National University of Singapore’s Department of Information Systems and Analytics, School of Computing, three challenges are currently dominating the cybersecurity landscape now: the increasing rate of attacks and level of sophistication targeting both individuals and corporations; the increasing attack surface brought about by the democratization of AI and the mainstreaming of the Internet of Things; and finally, the increasing rate of reactive regulatory pressure to protect against cybersecurity-linked data and privacy loss/breaches.
In his keynote address to industry leaders at the CybersecAsia Readers’ Choice Awards on 3 Sep 2024, Prof Siow mentioned the impact of AI and ML in both sides of the cybersecurity equation, and how Zero Trust Architecture has become almost mandatory in the ongoing race against cyberattackers. One buzzword announced was the Cybersecurity Mesh concept — where defenders recognize the limitations of “too much centralization” of cybersecurity control amid a global post-COVID transition to flexi-work and hybrid-work arrangements.
Imagine how a single Wi-Fi router (no matter how powerful it is), can be limited in extending a signal over a large space containing too many walls (silos). The idea of using two or more routers linked in a signal “mesh” to physically extend Wi-Fi signals optimally has become commonplace now. Similarly, implementing cybersecurity in a mesh topology where needed, can become the lynchpin of improved observability and cyber agility, going forward.
Current and future cyber trends
During a fireside chat at the event involving cybersecurity leaders from Singapore’s estate management sector (David Tay, Asia CIO, Lendlease Asia Holdings), healthcare sector (Kam Chuen Fok, Asst Director, IT, Tan Tock Seng Hospital TTSH), and a global cybersecurity firm (Soohan Bal, Regional Director – ASEAN & Korea, SonicWall), Prof Siow’s keynote had struck a chord in panelists’ experiences with current challenges in developing cybersecurity awareness and skills-sets among their organization’s staff and customers. Some takeaways in the discussions include:
- Ransomware has been evolving into a democratized weapon due to various technological and geopolitical factors.
- Supply chain attacks and incidents have been emerging in various modes via system software and hardware zero day vulnerabilities — comprising more organizations simultaneously in a single incident.
- Increasingly complicated multi-cloud architectures have been emerging in various modes via system software and hardware zero day vulnerabilities — comprising more organizations simultaneously in a single incident.
- Insider threats and human errors being used by organizations have been making cyber vigilance more complicated, while cloud-specific misconfigurations and other implementation and management vulnerabilities have led to increased instances of data breaches and related incidents
- Cybercriminals have also been stepping up attacks on critical infrastructures in the healthcare, energy and finance industries.
- While current encryption method remain secure, the age of quantum computing could dawn soon, and organizations that are slow to adopt quantum-resistant cryptography and related solutions are already at risk.
With the various ongoing trends and threat identified, three factors were identified as strategies for keeping one step ahead of cyber threats: leveraging of AI in threat intelligence gathering and sharing; continual investments in cyber awareness training and skills-development in cyber defense; and greater public-private partnerships in cybersecurity information sharing and innovation.
For the immediate short-term future, the three panelists unanimously agreed with Prof Siow’s insights:
- AI will be the primary tool for both cyberattacks and defense
- The Quantum Era is approaching, and the call-to-action is to upgrade to quantum-safe cybersecurity solutions now
- IoT security is an overlooked link, and securing billions of IoT devices will be a major focus and challenge
- Global regulation of cybersecurity mandates and preventative policies need to be more stringent and unified.
The general consensus is that the cybersecurity industry will need to CAIR: collaborate across sectors; stay agile and be ready to adopt new strategies and technologies; innovate through research, development and investment; and promote resilience in building robust, adaptable systems that can withstand and recover from incidents quickly.
The other buzzword
Having identified current and impending trends and threats in the cybersecurity landscape, the panelists reached the CAIR consensus and concurred that a promising concept for plugging the gaps of safeguarding expanded attack surfaces (due to hybrid-work and democratized threat actors) was the Cybersecurity Mesh.
This led the panelists to clear up some potential confusion about how a mesh topology goes against the traditional wisdom behind ‘centralized’ cyber vigilance — also being referred to by another buzzword: platformization.
To clear things up, panelist David Tay explained that post-COVID, the expanded attack surface due to transformed work trends had required tighter centralization of cybersecurity vigilance/control to rein-in the new challenges of protecting employees working outside the office. As defenders “cannot manage what they cannot see”, increasing observability through centralized control had become a must. This is where platformization can be used to bring together disparate cybersecurity elements, unify and simplify processes — to make centralization less complicated and disjointed.
In the healthcare sector, balance is the key to straddling the issue of platformization and decentralized (meshed) networks, according to TTSH’s Kam.
From the viewpoint of cybersecurity solutions provider, “decentralization and centralization all come to the same thing”: however, platformization is not actually about taking every element of cybersecurity and just dumping it into a single centralized platform. Instead, it can facilitate decentralized parts of a cybersecurity mesh to be controlled centrally and optimally — by establishing contextual intelligence in the observability data shared among the mesh elements.
Instead of being information siloes, each node of a well-platformized cybersecurity mesh is able to share contextual security event information with the other nodes. The central (master) node will then gather and process holistic observability data in a better way, and control each and every node with contextual intelligence to establish holistic, expanded cyber vigilance.
In short, platformization and the cybersecurity mesh can be complementary parts of the same coin: reaping the advantages of centralized cybersecurity while leveraging decentralization to address, holistically, larger attack surfaces.
Humans are still the weakest link
Having discussed how AI is democratizing cyber threat actors and empowering them to exploit human weaknesses more effectively, the panelists also made salient observations about the dynamics between AI and human elements in cybersecurity.
- The sheer diversity of employee knowledge and attitudes about AI means that AI training has to be less generic and more frequent and continual — to overcome various mindsets and preconceived fears of technology. This applies to the optimal use of AI for operational efficiency.
- For cybersecurity applications, error-prone humans are leveraging AI to perform repetitive monitoring and automated tasks efficiently, while teams can devote more time on more value-added work.
- Even with AI helping to relieve human workers of mundane work, humans are still vulnerable to social engineering, phishing, complacence, insufficient communication and misconceptions in their work and even personal spaces.
- With humans being their own enemy (in creating cyber warfare among themselves), and AI being pitched against AI due to human agendas, humans are still the weakest link
- While humans are the weakest link in AI-driven cybersecurity, retaining humans-in-the-loop is still a viable way to leverage AI for proactive defense, due to the need to manage AI limitations and vulnerabilities.
Perhaps one day, humans will finally accept responsibility for being the cause of their own troubles, and gain the will to undergo massive mental transformation and break down the indomitable centuries-old siloes.