AI is transforming cybersecurity, with both attackers and defenders wielding its power. Explore the hot trends 2024, from AI-powered threats to the cybersecurity talent gap.
In the world of cybersecurity, as everywhere else, AI and generative AI are at the top of mind. Malicious actors are using AI and genAI to create more insidious malware, more convincing phishing emails, and more realistic deepfakes.
At the same time, vendors are fighting back by incorporating AI capabilities into their cybersecurity tools. The goal is to aggregate and analyze large amounts of threat intelligence data to spot trends, expose vulnerabilities, and identify new attack vectors. GenAI empowers security practitioners to query the data in real time for faster incident detection and response.
Our list of hot trends starts with AI — but doesn’t end there. Here’s a sampling of some of the hottest trends in cybersecurity, along with a couple that are not-so-hot.
Hot: Use of AI for evil
Threat actors have been quick to exploit the power of AI technology for nefarious purposes. Generative AI is fueling a significant rise in cyberattacks while pushing remediation costs up and improving their productivity to boot.
Threats from AI fall into several categories. Deloitte’s annual Cybersecurity Threat Trends report highlights the following AI-fueled threats for 2024:
- Deepfakes: Threat actors are using AI to generate deepfake videos that use lifelike images to impersonate a trusted source. In this scenario, the video might pose as a corporate executive or supervisor to trick a target employee into sending money to a fake account. Or it could impersonate an IT employee to trick end users into revealing passwords and other credentials. Cybercriminals are still seeking viable business models for deepfakes, and as more commodity deepfake-creation tools come online, the threat will expand.
- Phishing: Remember those crude phishing attempts with grammatical mistakes and clumsy wording? AI-generated phishing emails correct those flaws and enable hackers to write sophisticated and convincing emails quickly and at scale.
- Vishing: A variation on phishing, bad actors can use AI to clone a person’s voice for financial fraud and unauthorized access to protected systems.
- Malware: AI enables threat actors to generate and deploy more sophisticated and effective types of malware.
Hot: Use of AI for good
“AI is the hottest trend to hit the cybersecurity industry,” says Richard Stiennon, chief research analyst at IT-Harvest. According to Stiennon, vendors, including a new generation of startups, are incorporating large language models (LLMs) into their products to allow users to talk to their data and derive insights.
“There is no question that LLMs are good at interpreting and translating text and will thus assist in threat hunting, anomaly detection, and incident response,” he adds.
Also Read: Next-Generation Cybersecurity Strategies: Safeguarding Against AI-Powered Threats
Today’s most popular deployment model uses AI-based systems in a co-pilot or advisory role, with a human providing oversight and making the final call. However, cybersecurity expert Daniel Miessler says using autonomous AI SOC agents that emulate human agents isn’t far off. Several startups, including Dropzone.ai and Salem Cyber, offer pre-trained SOC agents that replicate human agents and automatically investigate alerts.
Dustin Sachs, chief technologist and senior director of programs at the CyberRisk Alliance, adds that organizations with staffing issues and skills gap challenges can use AI to augment security teams and drive operational efficiency. In this way, genAI is already helping entry-level SOC analysts improve their skills.
Tech futurist Bernard Marr sums it up this way: “If cyberattack and defense in 2024 is a game of chess, then AI is the queen — with the ability to create powerful strategic advantages for whoever plays it best.”
Cold: Security tool sprawl
Tool sprawl is unavoidable. Security practitioners have their favorite tools, and employees come and go. Over time, large teams end up with dozens and dozens of tools, many with redundant or overlapping features. Research firm IDC notes that tool sprawl creates unanticipated security issues, making it harder to identify and mitigate risks, slowing incident response, and increasing costs.
Also Read: Should You Apply Multiple Cybersecurity Frameworks at Once?
CSOs agree — and that’s why they’re taking it all, looking instead to consolidate their IT tools.
Addressing security tool sprawl means identifying gaps and overlaps and consolidating via security tool rationalization. One way many companies consolidate security tools is by taking a platform approach.
“There is a tried-and-true colloquialism that says that you cannot protect what you cannot see,” says Chris Kissel, vice president of security and trust at IDC and one of the authors of IDC’s “The Implications of Security Tool Sprawl” report. “The problem is that if there are too many tools in an organization, analysts are in a place where they suffer from technical debt trying to learn new dashboards, syntax, and procedures. Tool sprawl is yielding to tools consolidation.”
IDC argues that reducing your security application portfolio in favor of a platform approach can offer additional business benefits, including cost savings, reductions in overall security architecture complexity that improve security operations efficiency, and a more easily sharable and scalable security policy.
Hot: Cybersecurity talent demand
According to cyberseek.org, there are currently 470,000 estimated openings for cybersecurity professionals. On average, cybersecurity roles take 21% longer to fill than other IT jobs. From May 2023 through April 2024, only 85 cybersecurity workers were available for every 100 cybersecurity jobs.
Also Read: Enhancing Security Operations with AI-driven SOC Insights
The implications of insufficient security talent are detailed in the World Economic Forum’s Global Cybersecurity Outook2024. This year, 36% of respondents said skills gaps are the main challenge to achieving cyber-resilience goals. Some 78% of respondents reported that their organizations do not have the in-house skills to fully achieve their cybersecurity objectives. 57% of respondents from an ISC2 cybersecurity workforce study believe that the cybersecurity staff shortage puts organizations at moderate to extreme risk of experiencing a cybersecurity attack.
At the CISO level, nearly one-third (32%) say the cybersecurity skills shortage has significantly impacted their organization. To combat this, CISOs need to focus on employee retention, educate the C-suite and board on the importance of shrinking the gap, and rethink their strategies to incorporate more automation and, where necessary, service partners.
James Globe, vice president of strategic advisor cybersecurity capabilities at the Center for Internet Security, predicts that the gap between available skilled and experienced cybersecurity and information technology talent and unfilled cybersecurity positions will continue to increase, particularly for public sector organizations.
Hot: Mergers and acquisitions
M&A activity among cybersecurity vendors has been slow the past couple of years, but the floodgates opened in 2024.
Cisco completed its $28B acquisition of Splunk.Broadcom announced it would combine Symantec (which it purchased in 2019) with Carbon Black (which it acquired when it bought VMware) to create a new business unit called Enterprise Security Group. IBM announced plans to sell its QRadar SIEM to Palo Alto Networks. Identity security vendor CyberArk agreed to buy identity management leader Venafi.
Also Read: 10 Cutting-edge Data Protection Solutions: AI, Encryption and Beyond
The list goes on. LogRhythm announced plans to merge with Exabeam, Zscaler bought Avalor, CrowdStrike bought Flow Security, Cohesity is buying the Veritas data protection business, SonicWall is snapping up Banyan Security, Akamai bought NoName Security.
HPE’s purchase of networking industry veteran Juniper Networks is not security-related, per se, but it is part of the ongoing trend of large vendors making significant acquisitions to build broad platforms with a security component.
With all the M&A activity, CISOs are left to sort out the impact of newly consolidated tool sets, new overlords for solutions they depend on, and shifts to vendors’ wares and strategies in the wake of buyouts. That all begins with asking the right questions.
Cold: Siloed security
The days of security existing in a silo are over. Security is increasingly being integrated across the tech stack and the business. For example, the “shift left” trend integrates security within the software development process so that code is written, tested, and deployed with security in mind. A recent GitLab Global DevSecOps survey indicated that 56% of software development, security, and IT leaders use DevOps or DevSecOps, up 9% over the previous year. The top benefit driving adoption was heightened security.
Security and networking are also merging in the form of single-vendor SASE, which combines networking and security tools (SD-WAN, network firewalling, Zero Trust Network Access, cloud access security broker (CASB), and secure web gateway (SWG). According to Gartner, offerings that deliver converged networks and security-as-a-service are increasingly popular. By 2027, Gartner predicts that 65% of new SD-WAN purchases will be part of an SASE offering.
Also Read: Quantum Computing: Friend or Foe to Cybersecurity?
With so many high-profile security breaches seemingly occurring one after the other, security has moved well beyond the SOC. Security and business teams work together to ensure new apps are deployed securely. Security execs align with regulatory, legal, insurance, and risk management teams. In many organizations, having someone with a security background sitting on the board of directors has become necessary.
Hot: Extortion
Ransomware’s malevolent cousin, extortion, is on the rise. According to the Verizon Data Breach Report, extortion is now a component in 9% of all breaches. While ransomware attacks lock up the victim’s data and threaten to delete or sell it on the dark web in exchange for a ransom, extortion attacks threaten to expose sensitive or embarrassing information.
With genAI, that information, in the form of an image, video, or audio, doesn’t have to be real; it can be computer-generated. Extortion attempts don’t necessarily occur in isolation; they can be combined with ransomware into multi-faceted attacks that can include DDoS attacks, encrypting and exfiltrating data, and threatening to expose sensitive corporate and personal data of corporate execs and customer information.
As with ransomware, the best defense against extortion attempts is strong data protection, strong anti-phishing policies and procedures, and the capability to detect and block attacks.
Also Read: Beyond Compliance: Why Data Protection Needs Strong Cybersecurity
Hot: Attacks against IoT
IoT represents a way for businesses to instrument their physical assets with connected sensors that enable performance monitoring, troubleshooting, and preventive maintenance. However, it also provides a lightly defended target for cyberattacks.
A Forrester survey that asked respondents to identify the top sources of external attacks found that IoT systems were the No. 1 target at 32%, followed by corporate-owned computers (28%) and employee-owned devices (26%). Also, breach costs were higher when IoT devices were targeted because poorly defended devices remained vulnerable for longer before the breach was discovered.
It’s little wonder IoT, and connected devices are among the biggest contributors to expanding application attack surfaces. The situation has gotten so bad that adversaries are dredging old malware, like the Mirai botnet from 2016, fine-tuning it, and launching fresh attacks against IoT, particularly in healthcare and manufacturing.
In response, companies such as CyCognito, Cymulate, Forescout, Microsoft, and Lansweeper offer tools to help organizations determine the number of IoT devices in their inventory and provide vulnerability risk context. In addition, vendors such as Keyfactor, Thales Group, and Utimaco are offering identity and access management for IoT devices.