Virtualization Technology News and Information
Article
RSS
Action1 Corporation 2024 Predictions: From Shadow AI to Regulatory Scrutiny

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

From Shadow AI to Regulatory Scrutiny

By Mike Walters, President and co-founder of Action1 Corporation

In 2023, we witnessed a surge in devastating cyber-attacks and the growing buzz surrounding the emergence of generative artificial intelligence (AI). As we approach the end of this year, Mike Walters, President and co-founder of Action1, offers his predictions for 2024 and beyond:

  • Accelerated Adoption of AI-driven Defense Strategies

In a world where AI operates at lightning speed and threat actors exploit its capabilities, the need for AI in our defense becomes evident. Failure to do so may result in swift defeat in this ongoing battle. Rapid response to incidents and vulnerabilities is vital. AI will play a pivotal role in revolutionizing vulnerability prioritization and remediation when patches are unavailable. In fact, despite the increasing number of vulnerabilities discovered each year, vendors' patch creation times have not improved significantly; Therefore, the ability to promptly mitigate vulnerabilities without relying on patches will become critical, and AI will come to the rescue.

  • The Rising Threat of Shadow AI and Data Leaks for Businesses

The proliferation of generative AI has raised security concerns. Some companies have already restricted the use of tools like ChatGPT in response to sensitive data leaks. These risks extend beyond the AI service provider's security and encompass the inherent nature of AI itself. Specifically, when someone employs ChatGPT for tasks like invention or know-how, the AI absorbs and retrains on this data, making it part of the public domain. To mitigate these risks while harnessing the full potential of AI, companies will implement data leak prevention measures, including security policies, monitoring, and the development of internal AI tools.

  • Cybersecurity on the C-Suite Radar - CISOs Navigating the Business-Technical Balance

The surge in media coverage of supply chain attacks has thrust security into the C-Suite spotlight. The recent development in the SolarWinds attack, where the company and its CISO faced SEC charges for investor fraud and internal control failures, despite evidence of multiple vulnerabilities in organizational defense, sets a precedent that highlights the importance of effective communication between CISOs and the executive board. CISOs must seize this opportunity to improve security and ensure support for critical initiatives across all organizational levels by bridging business language and technical expertise.

  • Heightened Regulatory Scrutiny on Software Component Usage

In 2023, we witnessed another type of supply chain attack, highlighting the compromise of widely used public software repositories by malicious actors. Notably, NuGet and Packagist repositories fell victim to compromise, where attackers substituted genuine packages with malware-infected versions, targeting platform users. This incident underscores the rising risks associated with vulnerabilities in community-maintained repositories. This trend is anticipated to escalate, demanding heightened control over software component usage in development. The White House's Cybersecurity Strategy underscores the imperative of "Security by Design," necessitating improved oversight.

  • Big Vendors - Big Targets

In 2023, a notable trend emerged with attacks targeting major software providers such as Okta and Progress Software, challenging the notion that larger providers equate to greater security. These market monopolies, due to their vast sensitive data holdings, have become prime targets for cybercriminals. This trend will result in a shift towards diversity in organizational choices, as reliance on dominant players diminishes.

##

ABOUT THE AUTHOR

mike walters 

Mike Walters is President and co-founder of Action1 Corporation, which provides risk-based patch management software. Mike has more than 20 years of experience in cybersecurity. Prior to Action1, Mike co-founded Netwrix, which was acquired by TA Associates.

Published Tuesday, November 28, 2023 7:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2023>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789