In 2024, artificial intelligence and quantum computing are expected to make major strides due to the rising use and innovation of these cutting-edge technologies by enterprises.
However, along with this technological boom comes an increase in sophisticated cyberthreats. The improper application of generative artificial intelligence, or “gen AI,” by hostile actors is a serious worry. Nowadays, businesses must deal with a wide range of intricate issues, such as an increase in ransomware attacks, a rise in state-sponsored cyber espionage, and the growing challenge of safeguarding the rapidly growing internet of things (IoT).
Concurrently, the misuse of technology is leading to the development of more advanced malware for passive surveillance, targeting specific systems, software, and vulnerabilities.
Furthermore, integrating AI into cyberattacks is set to streamline these operations, reducing costs and leading to more sophisticated phishing and disinformation campaigns.
“Cybercriminals and state actors are already taking advantage of generative AI to create phishing campaigns, write malicious code, or identify vulnerable systems to exploit,” said Mihoko Matsubara, chief cybersecurity strategist at IT services and consulting firm NTT.
AI’s Flip Side in Cyber Defense
However, AI will also impact cybersecurity strategies and technologies by enhancing detection and analysis capabilities. The result will improve the defensive response to disinformation, phishing, malware, and anomalous behavior. It will also pave the way for automated, efficient security operations, addressing workforce challenges.
Cybersecurity professionals have also found generative AI helpful in automating tasks, data analysis, and vulnerability research. For example, research by NTT Security Holdings noticed that generative AI maximized the efficiency and accuracy to identify phishing sites quickly, Matsubara offered.
Gen AI opened the door to providing offensive tools to more novice threat actors, added Nicole Carignan, vice president of strategic cyber AI at Darktrace. The efficacy of these tools will only be as good as those directing them.
In the longer term, she anticipates the use of offensive AI throughout the attack life cycle. It could involve using natural language processing or large language models to understand written language and to craft contextualized spear phishing emails at scale.
Alternatively, it could involve utilizing image classification to expedite the exfiltration of sensitive documents once an environment is compromised and attackers search for valuable material.
“AI will make it possible for machines to deploy unique attacks at scale — always on, continuously morphing at machine speed,”
Key Trends Toward a Better Security Landscape
AI promises to impact both cybercriminal behavior and cybersecurity strategies in 2024. NTT cyber experts see four more key trends with far-reaching impacts on the security landscape this year and beyond.
Safeguarding trust in election results will be a crucial factor, according to NTT Chief Information Security Officer David Beabout. The ability to validate and log results manually to address questionable issues will become increasingly important in the United States.
“This shift toward resiliency and result validation is expected to gain more prominence in 2024,”
A second prediction for better cybersecurity rests around implementing a Zero Trust framework. The security landscape is becoming increasingly cloud-native, emphasizing the need for enhanced authentication methods to counter emerging threats, such as bypassing MFA through techniques like JSON Web Token (JWT) injection attacks.
As a result, Zero Trust will evolve from a hot trend to a framework implemented across many parts of organizations to enhance security defenses.
“Zero Trust is no longer a buzzword, but a core concept that organizations will implement to improve their cybersecurity measures,” Taro Hashimoto, CSIS visiting fellow & senior manager of cybersecurity at NTT.
Quantum Readiness for 2024
NTT’s third cybersecurity prediction for 2024 focuses on the looming quantum threat. The new year is unlikely to see widespread adoption of nascent quantum technology by hackers and threat actors. Still, an urgency exists to prepare for its arrival.
Measures are underway, with the White House issuing a memo instructing federal agencies to initiate preparations and NIST publishing draft versions of several potential post-quantum cryptography (PQC) algorithms.
Given the extensive time required to migrate systems, in 2024, we will see a continued focus on preparing systems and applications for the adoption of quantum computing, according to Kazuhiro Gomi, president and CEO of NTT Research.
“While the timing of threats posed by scalable quantum computers is still speculative, the need to prepare for this threat is real,” he said.
The challenge lies in managing encryption security for those without access to quantum capabilities. Also, it is essential to plan defenses against those who possess such capabilities once they become more prevalent, Gomi added.
Advancing Cryptography and Encryption
In 2024, cyber researchers expect to see cryptography and encryption research continue to explore new ways to safeguard data, both at rest and in the cloud. The evolution of advanced encryption systems, like attribute-based encryption (ABE), presents an intriguing prospect for real-world adoption.
However, privacy concerns remain due to the absence of assured privacy in interactions with AI models. As these interactions may involve even more sensitive information than conventional search queries, it is conceivable that researchers will delve into the prospect of enabling private engagements with such models.
One potential area of interest across the cryptography research community is to expand private search queries to encompass private interactions with AI systems, noted Brent Waters, director of the cryptography and information security (CIS) lab at NTT Research.
“The rapid rise and utility of large language models like ChatGPT has transformed various industries. However, privacy concerns could be holding back the potential of these technologies. I imagine that the research community will examine the possibility of having private interactions with these types of AI technologies,” he said.
AI’s Influence on Cybersecurity
AI can already positively impact the cybersecurity field way beyond the simple automation of tasks. From intelligent response automation to behavioral analysis and prioritization of vulnerability remediation, AI is already adding value within the cybersecurity field, offered Piyush Pandey, CEO of ERP security firm Pathlock.
“As AI automates more tasks in cybersecurity, the role of cybersecurity professionals will evolve, as opposed to becoming a commodity. Talented cybersecurity pros with a growth mindset will become increasingly valuable as they provide the practical insights to guide AI’s deployment internally,” he said.
The emergence of gen AI is creating an arms race among companies, governments, and cybercriminals at a scale not entirely dissimilar to the atomic age, according to Pandey, referencing the film, “Oppenheimer.”
He views the increasing claims for AI’s role in security solutions as a harbinger for its accelerated use in email security over the coming year.
“Perhaps as fast as cloud security solutions transformed cybersecurity systems during the pandemic,” he predicted, highlighting the potential for a rapid evolution in the field.