Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
AI Ups the Ante in 2024: How the Rising Threat Will Impact the Year Ahead
By Anthony
Cusimano, Technical
Director of Object
First
Ransomware has continuously been on
the rise, but this
year, with generative AI driving the majority of technology conversations, it's
undeniable that the advancements of Artificial Intelligence will impact the
2024 threat landscape. The critical questions that individuals, companies, and
stakeholders should now ask ourselves include: who will exploit this
technology? Where will cyberattacks be targeted? And what are the
repercussions? Here are my predictions about how cyberattacks will evolve
in 2024 due to advancements in AI.
As Gen Z enters the
workforce in 2024, there will be an increase in AI-based attacks
The
younger generation of workers are "chronically online" - posting and sharing
every detail of their lives on social media, from where they work to how they take
their favorite coffee order. These mundane actions may seem harmless, but the
rise of AI tech gives cybercriminals a wealth of content on which to train AI
impersonations and deepfakes.
We've
already started to see how realistic these deepfakes can look, exemplified by the
recent MrBeast deepfake scam ad that made it past the filters on TikTok. Deepfakes
can be used to trick other employees at a company into thinking they're being
contacted by a real colleague when, in reality, it is a cybercriminal using
sophisticated AI tools to obtain passwords, money, or network access.
Between
visual, audio, and textual disinformation that's presented to Gen Z on a daily
basis, these advanced impersonation tactics have the potential to soar in 2024.
Keeping track of data by integrating data backup and recovery into a company's
security portfolio will become critical to combatting an ever-evolving threat.
By adequately implementing data backup, schools ensure their IT teams have a
clean copy of data to recover when - not if -ransomware gets through.
Cybercriminals will feel
the pressure next year as AI and automation displace lower-tier cybercrime
This
year, we've seen concern about AI's potential to take thousands of jobs. For
cybercriminals who already sing to the tune of "desperate times call for desperate
measures," the pressure will rise next year as AI and automation take over
lower-tier cybercrime. Simple ransomware methods such as phishing, smishing, or
vishing will become plentiful, leading cybercriminals back to the drawing board
to exfiltrate data more sophisticatedly.
Those
who lead cybercrime operations and developers who sell their code but don't
actively conduct attacks will be safe from replacement by AI and more than
happy to have one less liability or payout on the team. Many leaders assume they
are prepared to defend themselves by taking a reactive approach to security.
Still, the best defense against ransomware is a strong offense: implementing an
immutable data protection strategy to ensure data is always recoverable.
Cybercriminals will
continue to target backups in 2024
Targeting
backups won't go away, especially as cybercriminals start to realize many
businesses would rather pay the ransom than deal with the financial
repercussions of downtime and slow recovery. However, a sluggish or downturned
economy is the worst time to let security guards down, as restless
cybercriminals seek to take advantage of organizations' inability to tolerate
downtime. It will prompt a return to the basics for organizations as they
re-focus on disaster recovery plans, including their data's recovery time
objective (RTO) and recovery point objective (RPO). A spectacle was made of
what happened to major companies like MGM and Johnson Controls in 2023, and other
businesses will want to ensure they don't become the next headline in 2024.
Though
it's expected that backups will continue to be targeted, following a Zero Trust
Data Resiliency architecture that encourages concepts like least privilege
access, proactive validation, and immutability offers a reduced risk of
ransomware encrypting backup data. With immutability especially, organizations
can find a last bastion of defense to ensure that data is incorruptible against
any attack. Zero trust and immutability are two critical components to staying
resilient and free from the ever-evolving threat of ransomware in the age of
AI.
##
ABOUT THE AUTHOR
Anthony Cusimano has worked in many roles in tech for
over a decade. He started as a developer, shifted to sales, and masterfully
moved into marketing. He is a passionate gamer who stays up to date on all
things technology to ensure he can achieve as many frames per second as
possible on his gaming PC. He enjoys speaking at events and has previously
shared the stage with astronauts and MARVEL superheroes.
Anthony enjoys the nerdier things in life, watching
classic movies, building Gundams, and flying questionably legal FPV drones in
abandoned mall parking lots. When he isn't geeking out on the latest fad, he
and his wife Sarah enjoy visiting lesser-known Florida destinations and
spoiling their two dogs, Luna and Smudge.