Is the Hype Around AI Finally Slowing Down?
Learn about predictions, challenges, and opportunities in the field of AI, and its potential impact on cybersecurity.
Kev Breen, senior director of cyber threat research at Immersive Labs, writes in detail about the potential developments and growths in the field of AI and its impact on cybersecurity.
The topic on everyone’s minds last year was generative AI — more over what the potential security threats and risks are from its existence and usage. Fearmongering headlines flashed AI’s security risks instead of providing tactful ways to incorporate the technology into their organizations. Security leaders and practitioners always strive to anticipate the next big technology or threat to ensure they are prepared to handle whatever comes their way.
The discussions I’ve had with fellow cybersecurity experts and through my research led me to five main predictions for the new year.
Rise of FUD: Fear, Uncertainty, and Doubt Around Gen AI
GenAI hugely hit the technology scene this past year and is already heavily being embraced — or companies are racing to get involved so they don’t fall behind. But among all its popularity, we’re simultaneously seeing a significant amount of FUD – fear, uncertainty and doubt – and misunderstanding. People still don’t fully understand the risks and vision of AI, which lends itself to paranoia or unfounded fears of massive AI security risks.
In 2024, we’ll hopefully see the hype around AI die down and become more of the norm so that we can focus on the many benefits of using these tools to do work more efficiently and effectively. A handful of organizations are dedicating ample time and resources to the actual use cases of this technology, and we can expect more businesses to follow suit.
Cybercriminals Will Continue To Move Faster Than Regulators
In 2023, we have consistently seen recently disclosed vulnerabilities and zero days actively exploited by threat actors at scale in the wild. Despite government intervention to try and strengthen transparency and guidance around cybersecurity practices, many standard implementations still haven’t kept pace. For example, FedRAMP guidelines say organizations have 30 days to remediate high-risk threats — yet attackers just need one day to discover a vulnerability and take advantage to wreak havoc on systems and cause costly damage to organizations.
Cybercriminals will likely continue to have first mover advantage, so it is security teams’ responsibility to assume compromise and remain cyber resilient, as it is unlikely that guidelines such as FedRAMP will be updated to meet the standards of today’s threat landscape.
See More: Defend and Protect: Outwitting Cybercriminals
Continued Development of AI Policies
In 2024, we can expect governments and AI service providers to continue implementing policies regulating the development of AI. The key differentiator will be if these entities have moved beyond the shock and awe of AI to focus on the benefits. Risk assessment will continue to be a part of the equation as it should with any technological advancement. However, prioritizing innovation in these policies rather than fear will set countries apart. In 2023, we focused on the potential risks of AI. In 2024, it will be essential to focus on the potential opportunities.
Ransomware Isn’t Going Anywhere, so Be Prepared
While some organizations are spending too much time fretting about AI risks, they may be taking their eyes off of ones that pose a more clear and present danger – like ransomware. One can hope that organizations have learned from the major data breaches over the last year. Still, unfortunately, we continue to see a lot of organizations that are simply not ready to handle the impact of a ransomware attack.
Organizations still fall victim to the tried and true tactics that cybercriminals use to gain access to their most sensitive information. Despite government advisories saying otherwise, they continue to pay the ransom — which is why this attack style is still popular.
We should expect ransomware groups to leverage new techniques in Endpoint Detection & Response (EDR) evasion, quickly weaponizing zero days and newly patched vulnerabilities, making it easy for them to bypass common defense strategies.
As a result, security teams can’t rely on an old security playbook. Companies should not worry about how they can detect everything and instead just assume it will go badly at some point, so you should have plans to respond best.
See More: Fortifying Your Defenses: A Guide to Ransomware Preparedness in 2024.
AI Risks Will Stem From Developers and Application Security
Hype aside, there are some genuine AI risks to focus on.
In 2024, we should be most concerned about how our internal teams use AI — specifically those in application security and software development.
AI can be a powerful tool for certain teams like offensive and defensive teams and SOC analysts to enhance and parse through information; without proper parameters and rules in place regarding AI usage by organizations, it can potentially lead to unexpected risks for CISOs and business executives and leave holes in their cyber resilience to leave the door open for exploitation.
The Road Ahead
At the end of the day, it is our job as security professionals to ensure our work keeps organizations safe and data secure. Over the past year, teams were tested by the ever-evolving security landscape expected to continue evolving in the age of AI.
My main advice is that we mustn’t shy away from innovation and keep up or risk falling behind. It’s not a matter of “if”; it’s a matter of “when,” that’s why security teams should focus on building their resilience and upskilling in the year ahead.
In 2024, I’m excited to see what kind of developments and growth the industry will present, as change is the only thing that remains constant in this field.
What are the cyber protection strategies implemented in your workplace? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON SECURITY THREATS
