Change seems to be the only true constant in cybersecurity.
True to form, the 2024 cybersecurity landscape looks set to tread unfamiliar ground, as generative AI emerges into a powerful tool for hackers and cybersecurity professionals alike. At the same time, new systematic approaches like Continuous Threat Exposure Management are requiring organisational and cultural shifts in the cybersecurity function and throughout the rest of the organisation. Poor communication, third-party exposure, and human error round out the list. (Some things do always stay the same, it seems).
1. Generative AI finds new applications—not all of them good
Generative artificial intelligence dominated the technology conversation last year. In 2024, however, hype around generative AI tools like ChatGPT has started to give way to people taking a long hard look at finding real world applications for the technology.
One of those applications, it seems, is cybercrime. In a report released by IBM’s X-Force, experts say that generative AI comes uncomfortably close to human capabilities when used as a tool for phishing and social engineering campaigns.
“Just this year we’ve seen scammers increasingly use voice clones generated by AI to trick people into sending money, gift cards or divulge sensitive information,” writes Stephanie Carruthers, one of IBM’s chief white hat hackers. “While humans may still have the upper hand when it comes to emotional manipulation and crafting persuasive emails, the emergence of AI in phishing signals a pivotal moment in social engineering attacks.”
It’s not all bad news, however. Generative AI also has the potential to augment the capabilities of cybersecurity professionals.
“Generative AI, the most transformative tool of our time, enables a kind of digital jiu jitsu”
David Reber Jr., CSO, NVIDIA
Colourfully put by David Reber Jr., chief security officer for NVIDIA, “Generative AI, the most transformative tool of our time, enables a kind of digital jiu jitsu. It lets companies shift the force of data that threatens to overwhelm them into a force that makes their defences stronger.”
Generative AI’s ability to rapidly examine vast amounts of data, flag irregularities, and act as an intermediary layer between other types of software could significantly benefit security. Generative AI models can even create vast amounts of synthetic data in order to simulate “never-before-seen attack patterns,” and better train cybersecurity tools.
2. CTEM is the next big security differentiator
Continuous Threat Exposure Management (CTEM) is an increasingly popular approach to cybersecurity that shows immense promise.
Gartner predicts that organisations prioritising CTEM-based security investments will experience two-thirds fewer breaches by 2026
CTEM, in short, is a systematic approach to assessing digital and physical asset vulnerability. Rather than traditional approaches, which are reactionary and retroactive, CTEM is proactive threat identification and management, continually. This is achieved by continually simulating new attacks in order to identify and neutralise weaknesses in an organisation’s defences.
Generative AI, with its ability to create synthetic data and simulate new attack patterns, is expected to play a role in fueling CTEM practices.
3. Security culture beats security tech every time
In a world where cybersecurity technology constantly evolves, it’s easy to lose sight of the fact that human error remains one of the most common causes of a breach.
Gartner expects 2024 to be the year that “security leaders realise the importance of moving from mere awareness to changing behaviours to mitigate cybersecurity risks.”
Soft skills that promote a more productive working relationship between cybersecurity and the rest of the business are the name of the game. By 2027, half of large enterprise CISOs are expected to adopt human-centric security practices, reducing friction and enhancing control adoption.
- Cybersecurity
