Over the past 12 months, we’ve seen threat actors use generative AI to take threats to new levels, scaling up their attacks and making them more effective. As 2024 gets underway, we’re looking ahead to the changes, developments, and trends the coming year will bring to the security landscape.
To help you prepare for 2024, we recently spoke to two Barracuda executives, each with their own perspective and predictions about what the year has in store for cybersecurity and what businesses need to be aware of to stay protected.
Fleming Shi, Barracuda CTO
In 2024, English will become the best programming language for evil
It was no surprise that coming into 2023, generative AI would be integrated into security stacks and solutions. However, the big surprise was how quickly generative AI has taken over every aspect of the technology space. This is concerning as we enter into 2024 because just as security professionals are using the new technology to add to their defenses, bad actors are doing the same. LLMs are extremely capable at writing code, but often come with guardrails that prevent it from writing malicious code. However, generative AI can be “fooled” into helping threat actors anyway – particularly when it comes to social engineering techniques. Rather than telling the tool to create an email phishing template, one only has to ask it to write a letter from a CEO asking for payment for an invoice. The slight changes in phrasing make these tools vulnerable, generally available, and extremely useful to bad actors everywhere. Because this process is so easy, 2024 will be the year that English becomes the best programming language for evil.
Cybersecurity laws and regulations will become commonplace in 2024
Within just one month, the White House released an Executive Order on artificial intelligence and held its second annual International Counter Ransomware Summit. The Executive order marks the government’s most significant attempt to date at regulating the evolving technology, and the summit resulted in 40 countries signing a pledge to never pay ransom to cybercriminals. These major leaps have only occurred in one month, let alone looking back on the whole year. In 2024, these laws and regulations will continue to increase as we learn more about the potential of these emerging technologies.
Cybersecurity in 2024 needs to focus on securing Asia from bad actors
Globally, there are over 4 million cybersecurity professionals needed to adequately safeguard digital assets, and almost 1 million of them are in the Asia-Pacific region. This fact alone should be largely concerning for cyber professionals everywhere considering the vast reliance the US has on Asian manufacturing. Securing the American supply chain inevitably means securing Asia’s supply chain, so I’m hoping that in 2024, the industry will help solve this gap.
Siroui Mushegian, Barracuda CIO
Deceptive AI-driven techniques will become prominent in 2024
The level of sophistication in cybersecurity has evolved exponentially over time, but 2023 saw some of the quickest innovations as generative AI became more prominent. Because these tools are often generally available and easily accessible, we must assess the risk they pose to the current cyber landscape. Generative AI is a double-edged sword for the cybersecurity industry – it’s used to make defenders faster and more capable, but it’s also doing the same thing for adversaries. Attackers have become more deceptive in their techniques and harder to detect as generative AI gets better and better at impersonating humans, making traditional signs of social engineering harder to identify from the first point of contact. These trends will continue into 2024 and become even more dangerous. The industry’s capabilities must continue to keep pace with attackers’ use of emerging technologies like generative AI and 5G in the coming year.
The power of data will only grow in 2024
Generative AI has given us access to incredible, vast amounts of data, but the question remains: what do we do with it? For cybersecurity specifically, AI is not only super powering our response to threats, but also super powering our knowledge about adversaries’ tactics, techniques and procedures. AI makes information sharing across the industry easy and more accessible, therefore increasing everyone’s security posture as a whole. The more information available, the better we can equip our proactive, defensive cyber strategy.
Note: This was originally published at Journey Notes
Photo: Yevhenii Chulovskyi / Shutterstock