As generative AI tools become more pervasive and common, organizations will also need to invest in AI (ethics) literacy to maintain customer trust. This is because AI will make it harder to verify what is real and what is fake.
In 2024, the Asia Pacific region has the opportunity to lead the way here, to ensure deepfakes do not undermine legitimate businesses and help everyone separate fact from fiction.
Next year will also see social engineering dominate the cyber threat landscape: it will be cybercriminals’ weapon of choice due to the abuse of AI (the general and generative types). This trend, combined with stricter government data and cyber protection regulations, will push firms to implement zero-trust architecture and micro-segmentation.
The solution to stop AI-powered cyber threats will not be generative AI-enhanced security. However, that fact will not stop start-ups from claiming that they have used generative AI to create a security silver bullet that can be considered ‘snake oil’. In 2024, organizations will be better served by avoiding the AI panic and ensuring any security solutions help them optimize the security basics which, when done really well, will continue to be the best way to protect assets from both known and unknown threats.
— Dr Robert Blumofe, Executive Vice President and Chief Technology Officer
RansomGPT, anyone?
Next year, we foresee ransomware attacks by powered by generative AI tools such as FraudGPT and WormGPT. They will be empowered to:
- automate the arduous tasks of target prioritization to achieve effortless circumvention of defenses, developing more new weapons/tactics in their ransomware arsenal
- enhance ransomware encryption, making it more resistant against decryption and reverse engineering
- use AI chatbots that will increase the scalability and efficiency of attacks
For organizations, the call to action is clear: Fortify cyber resilience by getting holistic visibility, and embrace zero trust access and segmentation through meticulously verifying all application access. — Reuben Koh, Director of Security Technology and Strategy
Cyber relief for IT personnel
In 2024 we predict that cybersecurity will finally become a strategic priority for firms, and no longer be relegated as the sole responsibility of IT.
Instead, cybersecurity policies and functions will evolve from being a reactive stance to a more offensive approach by design.
As businesses move towards the widespread uptake of multi-cloud platforms and cloud-native applications, the API attack surface will expand and be more susceptible to exploitation. Edge computing may become a potential battleground, vulnerable to the onslaught of business logic attacks.
Organizations should also focus on securing the supply chain, to thwart attackers attempting to exploit trusted connections from third-party vendors and breach their perimeters.
For example, as the healthcare industry expands its use of connected medical devices such as MRI machines, insulin pumps and wearables, APIs will continue to play a critical role in the accessibility of medical services. This will lead to a host of vulnerabilities that attackers will exploit to obtain the high value of health records and patient data on the Dark Web.
Organizations must not only anticipate evolving threats, but also regularly assess their overall security and risk posture to stay ahead of any new cyber threats. — Dean Houari, Director of Security Technology and Strategy