IT Security Predictions For 2024

By Grant Bourzikas, CSO Cloudflare

1. The knowledge gap between security professionals who understand AI and those who do not will be the number one reason for any shift in the balance of power to threat actors. Whether or not the usage of AI is giving attackers a leg up is the wrong question to be asking. AI is here to stay, so the right question is whether or not security leaders possess the skills required or will invest the time to upskill and learn how to handle what is becoming the largest revolution ever seen in technology. Both harnessing the power of this technology and defending against it, hinges on the ability to connect the conceptual to the tangible. If the security industry fails to demystify AI and its potential malicious use cases, 2024 will be a field day for threat actors.

2. The AI arms race will officially commence, and the first AI model breach will take place. Organisations of all types are aggressively adopting and beginning to rely on models to carry out critical business functions. Moreover, organisations are leaning heavily on AI to maintain a competitive edge, with Wall Street upgrading the stocks of companies that mention AI and punishing those who are seemingly behind the technology curve. As with any technology that becomes a crucial piece to an organisation’s success, it increasingly becomes a top target for threat actors to inflict significant damage. Organisations rushing to join this revolution without the proper precautions put in place are opening themselves up as a low hanging fruit for model tampering and breaches – ones that could have the power to impact everything from critical care, banking systems, power grids etc.

3. The only way to fight against AI is with AI… if you have already mastered the basics. Defending against AI ultimately means defending against all human knowledge indexed. Information sharing exists at an order of magnitude faster and is more efficiently exchanged than ever before. Security pros protecting their organisations in the era of infinite information face challenges never seen before. But if the industry has historically struggled with doing the simple things well, over pivoting to solve issues using AI will be mostly benign. Sometimes the best way to mitigate attacks is by going back to foundational elements of detection and mitigation.

4. The next cutting-edge security technology that will hit the market in 2024 will be the ability to identify and eliminate the usage of deep fakes on social media and in modern media. One of the main goals of a threat actor is to erode trust, and one of the most useful tools to achieve this is by leveraging deep fakes. While deep fakes have been around for years, today’s versions are more realistic than ever. Untrained eyes and ears cannot discern what is fake… and with today’s versions more realistic than ever, trained eyes and ears also fail to identify deep fakes.

5. The number one focus for customers in 2024 will be around achieving resilience. The Internet has become a pillar of critical infrastructure, and this year will become more dangerous than ever. In 2024 the number one concern of our customers will be resilience. As more zero-days, flaws in popular software, supply chain issues and threat actor tactics evolve and come to fruition, organisations are hyper vigilant on the steps they can take to remain protected. Responsible disclosure will be a critical pillar in upholding resilience – no matter the priorities or style of the CISO. Managing incidents like zero-days isn’t as simple as “run the patch, now you’re done.” In 2024, security leaders will begin the mindset shift towards turning incident management, patching, and evolving security protections into ongoing processes. Mitigations like patches for each variant of a vulnerability may reduce your risk, but they never fully eliminate it.