How AI Is Likely To Impact Cybersecurity in 2024
Numerous threats—phishing efforts, ransomware infections, viruses, worms and malicious social engineering attacks, just to mention a few—continually target your business’ users, systems and data. That’s just one of the reasons the President and US Congress declared October Cybersecurity Awareness Month, a proclamation intended to remind both public and private organizations of the importance of proper information technology (IT) security.
The actual Presidential directive advises American businesses to better protect themselves against cyberthreats. As part of that effort, organizations should explore the role artificial intelligence (AI) will play shaping cybersecurity in 2024. This is especially important considering AI and its close cousin machine learning (ML) are two powerful technologies already impacting cybersecurity operations. While your business may be considering and planning for AI’s impact, hackers are already aggressively employing the emerging innovations to assist their criminal efforts penetrating, compromising and disrupting your organization’s systems and operations.
While just how AI will definitively shape cybersecurity in 2024 is anyone’s guess, here are a few safe bets based on studies and reports, observed developments, widespread reportage and this year’s trends.
AI Will Play A Bigger Role in Attacking Networks
Expect hackers to increasingly incorporate artificial intelligence tools—including common generative AI tools such as Bard and ChatGPT—within their cyberattacks. The result will be more advanced attacks that prove more effective. From so-called deepfake social engineering efforts that mimic real images and videos and typical communications to individual and key employees’ voices to programmatic viruses and ransomware that automatically evolve using AI and ML techniques and technologies to evade detection, cybercriminals are increasingly embracing these paradigm-shifting innovations in clever and nefarious ways.
The CompTIA 2024 State of Cybersecurity report lists Generative AI as a top cybersecurity concern of technical and business professionals in 2024.
A new CompTIA cybersecurity report, in fact, lists generative AI as one of technical and business professionals’ top worries, with 37 percent stating the technology ranks high on their cybersecurity concerns. The topic ranked third on their list of cybersecurity risks after only the growing number of hackers and data handling privacy concerns.
AI Will Play a Bigger Role in Defending Networks
Fortunately, cybersecurity professionals responsible for protecting users and securing systems can employ some of the same innovative technologies—AI and ML in particular—hackers are adopting to detect and repel cybercriminals efforts. These same technologies help power various advanced threat protection (ATP) and managed detection and response (MDR) systems, among other solutions, that better detect, resist and mitigate AI-powered attacks.
Technical and business professionals – as confirmed within the CompTIA 2024 State of Cybersecurity report – predict several likely AI advantages when employing the technology as a defensive measure.
Respondents to the CompTIA 2024 State of Cybersecurity report credit deployments of AI-powered technologies as ranking high among the counter defenses’ potential advantages. Technical and business professionals predict AI cybersecurity benefits will include AI’s helping monitor network traffic, detect malware, automate incident response and program self-configuration of cybersecurity systems. In addition, AI-powered cyber solutions can assist analyzing user behaviors to better detect patterns and secure networks while also leveraging AI to automate safely testing IT defenses and surfacing and even correcting potential vulnerabilities.
Phishing Attacks will Improve and Intensify
Experts agree that phishing attacks—the common social engineering-based threat with which you likely have first-hand experience where a malicious actor sends a fraudulent email message with the goal of tricking you into sharing sensitive information or inadvertently installing malicious software on your computer—will become more prevalent and effective as hackers incorporate AI within their efforts to make such threats more difficult to recognize and resist.
Phishing attacks have increased dramatically in the last 10 years, as documented within this 2023 Statista chart.
Using generative AI platforms permits hackers to better customize attacks and seize on specific elements—sometimes gleaned from LinkedIn and social media posts—to make the phishing threats more personal and believable. Much such production can also be automated, meaning hackers can employ AI tools to automatically manufacture and customize phishing attacks.
Less Than Zero Trust Initiatives Will Prosper
Less Than Zero Trust is a cybersecurity approach in which no users, devices or services are automatically authorized to access an organization’s networks, applications and data. Instead, all users, systems and services, regardless of the location from which they are connecting, must authenticate and continually confirm their identity and receive authorization to access resources. In other words, and unlike on more established Zero Trust networks, the Less Than Zero Trust strategy does not assume a user, device or service is authorized just because the user, device or service is located behind the organization’s firewall or connecting via an authorized VPN or other network.
A vast majority of respondents – maybe 82 percent – to the CompTIA 2024 State of Cybersecurity study say they are increasing zero trust investments.
In 2024, expect such zero trust models to become more prevalent and dynamic. Some 82 percent of respondents to CompTIA’s study indicate they will be investing more heavily in just such initiatives, and organizations are likely to begin employing AI technologies to assist these Less Than Zero Trust models in authorizing users, devices and services, granting or denying access and monitoring network activities to enforce the cybersecurity strategies’ principles, which also typically include the micro segmentation of networks and requiring multifactor authentication.
Competition to Attract and Retain Qualified Cybersecurity Talent Will Intensify
The quick-arriving impact of AI and ML technologies, especially in the context of these innovative paradigm-shifting technologies being employed by cybercriminals surfacing new and serious cybersecurity threats, are increasing both competition for qualified professionals and corresponding burnout risk among technologists. Job hopping will likely grow, as a result. In its Gartner Predicts 2023: Cybersecurity Industry Focuses on the Human Deal report, the technology consultancy notes “burnout coupled with less than zero percent unemployment in our field enables teammates to find greener or even just different pastures at will.”
Organizations will be well served, subsequently, recognizing the impact AI is having on the industry and its professionals and making accommodations to assist technology professionals in maintaining pace and resisting become overwhelmed. Recognizing tech managers must focus on the “health and well-being of their teams,” Gartner recommends businesses identify opportunities to celebrate IT staff victories as but one method of battling churn, which poses a significant risk to company missions and budgets.
CompTIA’s report confirms Gartner’s conclusions. Observing some 660,000 cybersecurity job openings persisted from May 2022 to April 2023, CompTIA noted organizations are having to change their recruiting and hiring practices, including by targeting technology professionals not possessing college degrees. The industry association also confirms many businesses are choosing to outsource cybersecurity responsibilities to outside firms to obtain the expertise they require.
The CompTIA 2024 State of Cybersecurity report lists access to threat intelligence and cybersecurity knowledge as two key leading elements encouraging organizations to outsource cybersecurity expertise.
Security Training Will Become More Important
Due to the advent of AI threats and the shortage (and competition) for qualified cybersecurity professionals, the need for cybersecurity training—both for end users and IT professionals—will increase in 2024. From quick-study workshops to online courses and new specialized certifications, look for cybersecurity training to only increase in importance. Such is the effect AI is having on businesses.
According to Gartner, as described within its 2023 Cybersecurity Report, education is among the most effective elements for mitigating employee errors. This factor is particularly poignant considering internal threat management isn’t a key focus for most firms and the fact the organization predicts that, by 2025, knowledge faults, skill shortcomings and human failures will be responsible for more than 50 percent of disruptive cyber incidents.
Look, even, for the government to provide more resources designed to assist the private sector in meeting cybersecurity needs. The Department of Homeland Security’s Cybersecurity & Infrastructure Agency (CISA) maintains a slew of cybersecurity training materials and exercises, as does the Federal Trade Commission and the National Institute of Standards and Technology, among others. Expect the trend to continue in the next year, so widespread is the need.