Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
The new year will usher in the need for cybersecurity overdrive due to all things AI
By
Shay Levi - CTO and co-founder - Noname
Security
For
the past year, artificial intelligence has been at the forefront of most
conversations. It's everywhere.
Every
organization, big or small, will benefit from investing in AI in any capacity.
But with the growth of AI technology comes new and troubling ways for
adversaries to ripen their attack techniques to take advantage of profitable
businesses.
It's
a very easy prognostication to say that this AI focus will continue in 2024.
Here are a few ways my team and I believe AI will continue to be the center of
focus and impact enterprises in the new year.
API security evolves as AI enhances
offense-defense strategies: In 2023, AI began transforming cybersecurity, playing pivotal roles both
on the offensive and defensive security fronts.
Traditionally, identifying and exploiting complex, one-off API vulnerabilities
required human intervention. AI is now changing this landscape, automating the
process, enabling cost-effective, large-scale attacks. In 2024, I predict a
notable increase in the sophistication and scalability of attacks. We will
witness a pivotal shift as AI becomes a powerful tool for both malicious actors
and defenders, redefining the dynamics of digital security.
AI fundamentally disrupting business: AI will continue to be a huge
disruptor for current business models in two ways. In the first instance, AI
will be introduced into businesses' existing processes, helping to streamline
operations, increase efficiencies, and broadly change the way the business
operates. Secondly, there are businesses that will struggle to adopt AI into
their current model, resulting in AI-first organizations replacing them
completely. When we reach the tipping point, this will happen very quickly; it
will then be up to businesses to decide whether they sink or swim.
Consolidation in AI: AI startups that are building their
own models are not going to succeed. As with any industry, consolidation will
take place, with Big Tech companies such as Alphabet/Google, and Meta -
alongside the likes of OpenAI - operating the foundational models that will
enable AI to proliferate. As a result, the generative AI market will soon be
limited to a select few companies, limiting the scope for new entrants to
innovate.
Karl
Mattson, Field CISO at Noname Security, shares his thoughts on where the market
is headed:
Rising
geopolitical tensions will drive global cybersecurity concerns: The increasing prevalence of
cyber-attacks as a routine component of geopolitical conflict will undoubtedly
lead to a continued escalation in cyber risks, particularly targeting critical
infrastructure. Moreover, we can anticipate a ripple effect as adversaries
extend their cyber attacks to companies and nations supporting allies. This
growing cyber threat landscape will necessitate enhanced security measures and
international cooperation to mitigate risks effectively.
Regulatory
focus will shift towards managing APIs: In 2024, I predict we will see a notable shift in
the regulatory landscape as regulatory agencies identify new "weak links" and
opportunities to increase compliance. While asset management, especially in the
banking sector, has traditionally been under scrutiny by regulators,
Application Programming Interfaces (APIs) are emerging as a distinct category
of assets that require management and oversight. Consequently, API inventory
discovery and lifecycle management are emerging as focal points for banking
regulators, reflecting the evolving technological landscape and the critical
role of APIs in modern financial systems.
Dean
Phillips, Executive Director of Public Sector Programs at Noname Security,
believes:
AI
policy will drive a divide between public and private sectors: In 2024, I predict that there
will be a persisting division between the private and public sectors as
government AI policy implementation takes shape. Government agencies, along
with private companies outside government, such as critical infrastructure companies,
that are impacted by proceeding policies, will be forced to comply. However, a
pronounced divide will emerge in cases where there are no government-mandated
policies concerning private companies. These private entities will adhere to a
wide range of AI approaches, and many will choose to create their own policies.
I expect that this lack of consistency, in contrast to the structured
government approach, will persist into the foreseeable future, while critical
infrastructure and the Defense Industrial Base (DIB) are likely to be leaders
in AI policy as they directly support government operations and national
security.
AI is
a necessity for organizations to stay competitive. This will become more
critical as companies attempt to automate more processes, reduce costs, and
condense their workforces. For IT and security teams, AI is already helping to
close the gap between what a security team can handle on its own and the
ever-expanding attack surfaces that exist today.
At
Noname Security, we look forward to seeing what the promise of AI brings to the
industry in 2024.
##
ABOUT THE AUTHOR
Shay
Levi is the co-founder and CTO at Noname Security, a leading provider of
complete and proactive API security.