Predictions after predictions for the 2024 cyber landscape are revolving around a set of common cyber denominators…

In 2023, the surge in generative AI (GenAI) offered cybersecurity professionals unprecedented opportunities to streamline operations, boost productivity, and drive innovation. Amid this transformation, the threat of cyberattacks have become more pervasive and sophisticated, demanding a strategic review of security measures.

The gap in cybersecurity readiness will persist in Asia in the upcoming year. Mature economies like Japan and Australia will face different challenges than developing economies like Bangladesh and Thailand. While countries in the region share a common interest in bolstering cybersecurity, achieving a unified regional standard akin to Europe will take time.

Here are more trends we think are set to define 2024:

    • Organizations will have a GenAI ‘reality check’
      Although the continued advancement of GenAI is inevitable, the hype surrounding it is due for a reality check in 2024. Like most technologies, its adoption will encompass both beneficial and detrimental aspects, often marked by exaggerated claims, particularly in its early developmental stages. This is where the concept of “AI washing” enters the scene, with businesses falsely advertising AI integration in their products or services, misleading consumers. In this evolving landscape, one thing is certain: cybercriminals will leverage AI to build new attack vectors never seen before, and generate new variants of existing vulnerabilities, leading to a surge of new zero day attacks. The industry will need to work diligently to respond to and mitigate these threats, ensuring that the promising future of AI remains secure and beneficial for all.

      — Reinhart Hansen, Director of Technology, Office of the CTO

    • Organizations will finally wake up to API risks
      2023 saw the API explosion rumble on. In 2024, organizations will come to terms with the fact that they need to take a more proactive approach toward securing their APIs. The challenge is that many organizations do not have the right defenses or controls in place. They do not know where their APIs are deployed or what data they are accessing. This exposes them to risks in magnitudes that they cannot comprehend or even begin to quantify. In 2024, as pressure to mitigate API-related security incidents continues to grow, security leaders will find and integrate solutions into their existing application security technology stack. This approach will give organizations a more coordinated and unified view of automated threats that target APIs and critical applications. In the coming years, this will force a new era of convergence in the security industry where API management and security are embedded within application security platforms.

      — Lebin Cheng, Head of API Security

    • We will see an increasing urgency to restore data control
      As the power of AI hinges on intelligent data, in 2024, organizations will realize that data security is more important than ever. For years, organizations have hoarded data — with much of it now unknown and hard to secure. This lack of control, in turn, increases risk without adding value. At the same time, organizations have wrongly assumed that a lot of their data is not worth protecting, thereby only prioritizing data classified as ‘highly sensitive’ and forgetting about their “low risk” data, such as publicly available data. This assumption is not only wrong but dangerous. Firstly, AI systems lean on this data to shape predictions and decisions, so holding on to unused (especially out-of-date or inaccurate) data could come back to haunt businesses. Adding to this risk is the rise of “Shadow AI”, with organizations unaware of how employees use AI applications and what data they feed the models behind them. Beyond this, every byte of data that an organization holds is a security risk: the high-risk data can be stolen and weaponized, while hackers can access the low-risk publicly available data as a place to live, watch, and wait for the perfect moment to steal the crown jewels. Organizations must come to grips with the urgency of regaining control over their data — understanding where it is, how it is being used, and whether it even needs to be stored at all.

      — Terry Ray, SVP, Data Security

    • Phishing and social engineering attacks will remain the top threats
      As GenAI advances, expect to see an escalating risk from cyber threats, particularly social engineering tactics. The most concerning issue is that simple phishing attacks are still the most common and effective. Resolving this demands a shift in mindset: we need to recognize that cybersecurity is not just the concern of experts or senior leadership; it is a collective responsibility that extends to all of us. The first step is to make cybersecurity easier to understand and recognize that it is not limited to advanced technology.

      — George Lee, Senior Vice President, Asia Pacific and Japan