By Paul Crighton, Managing Director ANZ at Barracuda Networks
Predicting the future is difficult and inevitably speculative, but you can anticipate what is likely to happen by looking at prevalent trends from the past year.
In the last 12 months, hackers have used generative AI to take cyber threats to new heights, scaling up their attacks and increasing their sophistication. As 2024 gets underway, it’s important to look at the key changes, developments, and trends the coming year will bring to the cybersecurity landscape.
Here’s five of the most pressing predictions about what the year has in store for cybersecurity and what businesses need to be aware of to stay protected.
- Australia (and the world) will double down on cybersecurity laws and regulations
We can look to the US and Europe for hints on what other countries (including Australia) might introduce in terms of cybersecurity laws and regulations. For example, within just one month, the White House released an Executive Order on artificial intelligence and held its second annual International Counter Ransomware Summit. The Executive order marks the US government’s most significant attempt to date at regulating the evolving technology, and the summit resulted in 40 other countries signing a pledge to never pay ransom to cybercriminals. These major leaps have only occurred in one month, let alone looking back on the whole year. In 2024, these laws and regulations will continue to increase as we learn more about the potential of these emerging technologies, and Australia will look to its counterparts overseas for direction.
2. There will be a key focus on securing Asia from bad actors
Globally, there are over 4 million cybersecurity professionals needed to adequately safeguard digital assets, and almost 1 million of them are in the Asia-Pacific region. This fact alone should be largely concerning for cyber professionals everywhere considering the vast reliance Australia (and the resat of the world) has on Asian manufacturing. Securing the Australian supply chain inevitably means securing Asia’s supply chain, so I’m hoping that in 2024, the industry will help solve this gap.
3. The English language will be increasingly programmed for evil
It was no surprise that coming into 2023, generative AI would be integrated into security stacks and solutions. However, the big surprise was how quickly generative AI has taken over every aspect of the technology space. This is concerning as we enter into 2024 because just as security professionals are using the new technology to add to their defenses, bad actors are doing the same. LLMs are extremely capable at writing code, but often come with guardrails that prevent it from writing malicious code. However, generative AI can be “fooled” into helping threat actors anyway – particularly when it comes to social engineering techniques. Rather than telling the tool to create an email phishing template, one only has to ask it to write a letter from a CEO asking for payment for an invoice. The slight changes in phrasing make these tools vulnerable, generally available, and extremely useful to bad actors everywhere. Because this process is so easy, 2024 will be the year that English becomes the best programming language for evil.
4. Hackers will rely more on deceptive AI-driven techniques
The level of sophistication in cybersecurity has evolved exponentially over time, but 2023 saw some of the quickest innovations as generative AI became more prominent. Because these tools are often generally available and easily accessible, we must assess the risk they pose to the current cyber landscape. Generative AI is a double-edged sword for the cybersecurity industry – it’s used to make defenders faster and more capable, but it’s also doing the same thing for adversaries. Attackers have become more deceptive in their techniques and harder to detect as generative AI gets better and better at impersonating humans, making traditional signs of social engineering harder to identify from the first point of contact. These trends will continue into 2024 and become even more dangerous. The industry’s capabilities must continue to keep pace with attackers’ use of emerging technologies like generative AI and 5G in the coming year.
5. Data proliferation will give us access to new powers in 2024
Generative AI has given us access to incredible, vast amounts of data, but the question remains: what do we do with it? For cybersecurity specifically, AI is not only super-powering our response to threats, but also super-powering our knowledge about adversaries’ tactics, techniques and procedures. AI makes information sharing across the industry easy and more accessible, therefore increasing everyone’s security posture as a whole. The more information available, the better we can equip our proactive, defensive cyber strategy.