Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
2024 - The Year of AI Implications
By Mike Heredia, Vice President EMEA, XM
Cyber
The past year
has been the year of AI implementation. With ChatGPT capturing the imagination
of the world, it became a race for organizations to find ways to implement AI
into their workflows for fear of being left behind. In 2024, we will see the
implications of this mass adoption, both the good and the bad. I want to take a
look at three in particular:
- Continuous AI red teaming. We already know that AI has lowered the bar for entry from
an attacker's standpoint. It allows malicious actors to be far more efficient
in their phishing attacks as it automates gathering and writing the information
- but AI's ability to think like an attacker can also be a benefit for
defenders. In 2024, we will see AI really emerge in its ability to look at
organizations from an attacker's point of view. Once it understands an
organization's attack surface, it will be able
to run a continuous attack simulation and generate what that company needs to
do to protect itself, in real time. This should help shorten the period of time that new attack methods are effective for, and alert organizations if their security tools are not
configured properly.
- The hijacking of AI chatbots. With mass and rushed adoption comes vulnerabilities, and while organizations may not be too worried about
what a hacker could do with a lowly AI chatbot, there is plenty of reason for
concern. Many organizations have embedded chatbots into key operational processes with
the goal of streamlining interfaces for customers and internal users alike.
While this can be a handy tool for answering questions, if hijacked, it could also be used to give incorrect instructions, breaking systems or causing customers to share personal details, thinking they are
communicating with a legitimate
representative of the company. This could allow scammers
to steal credit card information, passwords, or other sensitive information.
- Improved efficiency. Cybersecurity is
often a game of resources. Large financial institutions, for instance,
regularly field cybersecurity teams of over one thousand people. This
influences how they approach cybersecurity, making large organizations very
compliance-focused and with lots of siloed processes that rely on humans to do
the mundane, and lack context of other risk factors. This approach has
inevitably trickled down to smaller organizations who don't have the personnel
to support a system of box checking for compliance purposes or for cyber
insurance In 2024 however, this approach will become an even
more complex challenge for organizations of every size. With the current geopolitical situation, we are seeing far more nation state attacks
and hacktivism taking place - where the goal isn't necessarily collecting money in a cyber ransom. Efficiency will become the word
for cyber practitioners, and this will mean leveraging AI to improve efficiency
by identifying what issues will make the biggest impact when fixed - allowing
organizations to better focus their time and energy.
AI has undoubtedly changed the game, but we are just now
seeing the tip of the iceberg. After capturing the imagination of our culture
in 2023 and nearly every business adopting it, it will almost certainly be near
center stage again in 2024, where we will be focused on the implication of how
we have chosen to use it.
##
ABOUT THE AUTHOR
Helping organizations improve security, risk, and
compliance operational processes for the past 20 years. Mike Heredia is passionate
about improving Cyber Resilience and aligning the security strategy to key
business initiatives as a secure enabler.