Virtualization Technology News and Information
Article
RSS
CardinalOps 2024 Predictions: Generative AI, SEC Disclosure Rules, and Nation State-Sponsored Attacks

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Generative AI, SEC Disclosure Rules, and Nation State-Sponsored Attacks

By Michael Mumcuoglu, CEO and Co-founder of CardinalOps

2023 presented several trends that impacted the continuously evolving cybersecurity landscape, including a boom in generative AI, discussion of several new SEC disclosure rules, and an increase in state-sponsored actors targeting civilian and commercial entities. As these trends continue to evolve, the cybersecurity sector must be ready to adapt to tackle new challenges, requirements, and incidents that pop up as a result.

Based on events that took place throughout the former calendar year, Michael Mumcuoglu, CEO and Co-founder of CardinalOps, anticipates the following will occur throughout 2024:

The cyber industry will feel disillusionment with Generative AI 

After its release in November 2022, ChatGPT became one of the fastest growing platforms in history, with now well over 160 million users globally. The sweeping popularity of ChatGPT and generative AI (genAI) took both the mainstream and cybersecurity industry by storm, and led to a tremendous amount of inflated expectations around generative AI and the opportunities it can provide to both defenders and attackers.

The sentiment initially felt as though genAI might be a ‘silver bullet' for cybersecurity practitioners, an emerging technology that could solve a litany of pain points that IT and security teams face on a regular basis. While there are indeed areas that genAI can improve an organizations' security posture - large quantities of data, patch management, encryption keys, for example - these are far from a ‘silver bullet'.

Similarly, for attackers, assumptions were made that genAI would yield an exponentially wider threat landscape. While the quantity of attacks can increase via genAI, I anticipate that the level of quality will continue to inhibit the effectiveness of phishing, ransomware, and DDoS campaigns.

In 2024, we will continue to learn more about the practical use cases of genAI, and as a result, the industry-wide fervor will inevitably settle down.  

SEC cybersecurity disclosure rules will force organizations to demonstrate effective cyber risk management

Following the new 2023 SEC cybersecurity disclosure rules, organizations will now need to prioritize how to demonstrate effective cyber risk management and disclose their security measures and performance. This is no longer a simple ‘check the box' procedure, as an organization's failure to disclose proper cybersecurity risk management, strategy, and governance will result in disciplinary action.

New processes, plus extensive validating and testing will need to be implemented. In many cases, these will require a significant amount of manual effort and investment - at the enterprise level, we will see automated security controls increase in demand in 2024 as a result.

At Gartner's Security Risk & Management Summit 2023, the firm predicted that over 60% of security incidents over the next five years will come from misconfiguration errors. If they haven't already, organizations will need to begin prioritizing a thorough inventory of digital assets and security controls not only to ensure compliance with the SEC, but more importantly, to minimize their cyber risk.

Nation State-sponsored actors will be even more prominent in 2024

As the world's geopolitical atmosphere continues to be rife with turbulence, we will likely see nation state-sponsored actors increasing attacks against civilian/commercial entities in 2024. The intent will be to cause as much chaos as possible by targeting valuable resources and critical infrastructure. In general, cybersecurity defenders primarily anticipate attacks that have some sort of financial goal - to scam civilians out of their savings or score a lofty ransomware payment, for example. However, the prominence of Nation State-sponsored actors will demand a defense posture that can defend against attacks of a much more tangible nature.

As a result, I expect to see greater investment from government and private sector organizations in two areas:

  • Disaster Recovery, i.e. minimizing widespread economic impact and infrastructure damage
  • Political Impact - i.e. PR, communications (proactive and reactive), with the goal being to effectively reassure civilians/customers that operations can be maintained.

Instilling trust and confidence will be of paramount importance as states grapple with a heightened sense of risk in 2024.

##

ABOUT THE AUTHOR

Michael Mumcuoglu 

Michael is a serial entrepreneur that is passionate about technology, cybersecurity and leadership. Prior to CardinalOps, Michael co-founded LightCyber, a pioneer in behavioral attack detection acquired by Palo Alto Networks (NYSE: PANW) in 2017 where he served as Vice President of Engineering for the Cortex XDR platform. Prior to founding his three startups, Michael served in various cybersecurity roles in an elite intelligence division of the Israel Defense Forces.

Published Monday, January 22, 2024 7:36 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2024>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910