As 2024 quickly approaches, I’m sure you know what that means. More predictions! Here’s a few more predictions from three more industry leaders:
Dr. Darren Williams, CEO and Founder at BlackFog:
“After a record-breaking 2023, we expect that ransomware will not ease anytime soon. Fundamentally, ransomware is becoming the main threat to all organizations, and insurance is no longer a viable option. Action needs to be taken. In 2024 we predict several new trends to take hold.
- Ransomware gangs will look for new ways to force victims into paying. We have already seen gangs contact the SEC directly, reporting victims immediately to inflict maximum damage, forcing regulatory, reputational and class action liabilities. We expect this is just the beginning of several new tactics to maximize payouts.
- Organizations will realize that their existing security is not making any impact on the new threat vectors and will finally start to focus on the core problem, “data security” and “data exfiltration”.
- More than 40% of existing data exfiltration goes to China and Russia. We expect other countries such as North Korea to play larger roles in 2024.
- We expect to see major infrastructure applications become threat vectors for cyber gangs, similar to the way the MOVEit exploit was developed. Hiding in plain sight is going to be the new mantra for cyber gangs as they continue to avoid detection.
- We expect to see ransomware disrupt major infrastructure through IoT devices and non-traditional platforms. These diverse systems often have limited security designed in and have significant exposure for organizations, particularly in the manufacturing industry.”
Sabrina Gross, Regional Director of Strategic Partners, Veridas:
AI Safeguards
“With the increased use of AI, we will see more discussions and regulation efforts around the world to set up AI safeguards in 2024.
We’ve already seen discussions in 2023 with the EU’s AI Act, the UK AI Summit and Biden’s Executive Order on AI. However, in 2024, safeguards will begin to focus on how accurately AI performs – especially when these systems do not have enough information or lack clear instruction.
There will be a crackdown on AI hallucinations, including those created by mistake and those with malicious intent, and safeguards around overwriting AI decisions, which is particularly important in medical and judiciary systems.
In 2024, organizations will be expected to be transparent in how they use AI to help build public trust in the technology. Companies must be transparent about how they train AI algorithms, how they use data and how much of the process is solely in ‘the hands’ of AI.”
Online Safety Bill and Biometrics
“With the passing of the Online Safety Bill, we’re going to see a rapid rise in the number of UK organizations adopting biometrics in 2024. The bill requires tech companies to make their sites safe for children by design, and businesses will need to find solutions that are secure, robust and future proof.
Naturally, biometrics is the obvious solution as it covers these requirements. Age verification biometric technology can anonymously prove the age of individuals without sharing data they do not wish to share.
Another key part of the bill is to verify children on social media and ensure they are not exposed to inappropriate content. Biometrics, such as facial access and anti-fraud, not only allow organizations to verify ages within seconds but provide access control to sensitive content, block illegal content and provide a seamless user experience.”
Fighting Abusive Deepfakes
“In 2024, deepfake abuse is going to significantly increase. This will become particularly prevalent on social media, especially with elections in the US and EU as well as potentially one in the UK. It will become a popular technique among cyber criminals for financial crime, with voice deepfakes being used for phone fraud.
As a result, over the next year, customers will expect organizations to have processes in place to prevent fraud and to ensure they are actively investing resources that combat deepfakes.
Additionally, legislation will come in that requires deepfake content and products to be tagged and labeled. Fines will be produced for those who fail to comply, and in some cases, more severe punishments will be handed out – similar to regulations such as GDPR. The challenges when it comes to regulation will be complexity of governance and responsibility by jurisdiction.”
Dr. John Pritchard, Chief Product Officer, Radiant Logic
What are the biggest changes we will see in the adoption of AI in 2024?
“Much like what we saw with networking, cloud computing and mobile apps, the early market begins with euphoria, followed by a period of diffusion, before becoming mainstream. AI will go through a similar adoption curve through 2024. When it comes to enterprise software specifically, I expect to see major advancements in the augmented workforce as AI accelerates and improves human capabilities. Although there is early concern about AI replacing the human worker, I see augmentation as a bigger near-term change as AI starts to drive hyper-automation. We see this in software development, marketing content generation, document editing and even movie production.”
What AI-related challenges or risks will be more present in 2024?
“Although privacy and data protection risks were early concerns for AI adoption, we are now seeing greater privacy options available on the market. The bigger concern for most enterprises leveraging GenAI is inaccurate or fabricated answers, otherwise known as chat hallucination, a phenomenon in which Large Language Models (LLMs) generate text that is coherent but is not based on factual or true information. These models can sometimes produce responses which are creative but misleading or entirely fictional. The challenge in natural language processing is to ensure the AI models provide accurate and reliable information without engaging in chat hallucination. This will put pressure on companies to assess and test the accuracy, appropriateness, and actual usefulness before being accepted.”
What are some of the biggest market developments you predict for 2024?
“One of the most profound developments I see in 2024 will be the rise of AI ecosystems. I expect this to take two distinct, but equally important, forms. Firstly, we will see AI ecosystems formed out of a growing partnership between Academia and Open Source. This can be observed today in Hugging Face, a machine-learning community where participants collaborate on models, datasets, and applications. One of the most popular resources is ‘Daily Papers’, a curated list of daily academic research papers. The open-source approach attracts a community of sharing participants which engage with Academica on research to fill in gaps on how AI performs.
The second form will be GPT ‘app stores’. I expect universal AI agents to eventually be distributed through app store-like exchanges which will create discoverability, distribution, and network effects like what we experienced with the Apple App Store in 2008, Shopify’s App Store in 2009 and the Force.com/Salesforce App Exchange later that same year.”
Any thoughts on EU AI act, US developing AI position, any other regulatory related predictions for 2024?
“With the pace that AI innovation is moving in, we are quickly finding areas of concern with issues of model bias, copyright infringement, and personal data privacy. Regulations in these areas can help build needed protections, we just need to be careful however that we do not stifle the innovation process. Many recent regulatory announcements impose compliance or reporting requirements that significantly limit small companies and the open-source community, key participants in ensuring a healthy ecosystem. Regulations should balance protections without creating a regime that entrenches large tech incumbents.”
EU Adopts New Rules To Protect Devices Connected To The Internet
Posted in Commentary with tags Security on December 1, 2023 by itnerdEU countries and EU lawmakers on Thursday agreed to rules to protect laptops, fridges, mobile apps and smart devices connected to the internet from cyber threats following a spate of such attacks and ransom demands in recent years around the world:
The European Commission, the European Union’s executive arm, proposed the new law last year in a bid to tackle the increasing risk from cyber threats to any smart devices, including a growing number of household goods as products become more connected.
The commission hopes the rules could save companies affected by such cyber incidents between 180 to 290 billion euros ($196-305 billion) every year.
The law will affect any product that is connected either directly or indirectly to another device or to a network.
The new rules introduce EU-wide cybersecurity requirements for the design, development and production of hardware and software products.
Manufacturers will also be forced to assess the cybersecurity risks of their products, and the rules demand greater transparency on the security of hardware and software products for consumers and business users.
Alongside CISA’s push for “secure by design” and the White House mandate for security nutrition labels on consumer devices by December 2024, this is a significant moment in the security of network-embedded devices. Pia McSharry, Security Strategist at Beyond Identity, shared the following commentary:
Device health is of the utmost importance to an organization’s overall cybersecurity posture. Putting the onus back on the manufacturer to produce devices that are “secure by design” eases the responsibility on the end user. Between this move by the EU and CISA/White House push for consumer security labels on devices by December 2024, IoT manufacturers will have to change their current practices to meet these new requirements and change up software and production practices.
The importance of upholding specific security hardening guidelines which are monitored and maintained by manufacturers is extremely important for organizations to minimize their attack surface. The management of the security posture of any connected device should be a shared responsibility between the manufacturer and the consumer. The manufacturer should always communicate the security standards used to harden the device, and the consumer should be aware of any potential security gaps to assure they are mitigating the risks effectively. This is a step forward to making security a priority for all.
Given that everything from lightbulbs to cars is on the Internet, this is a great move by the EU. Hopefully this forms the basis for devices that are assumed to be secure rather than something that you have to question its security.
UPDATE: George McGregor, VP, Approov Mobile Security Had This To Say:
“Despite a lot of pushback, particularly on the 24 hour breach reporting requirements, the EU Cyber Resiliency Act (CRA) is now on its way to being in force in 2024. Companies will have a 21-month grace period before they must conform with the reporting obligation of manufacturers for incidents and vulnerabilities.
“Any companies who operate in the EU would do well to make it a priority to study this legislation: it provides a cybersecurity framework and rules governing the planning, design, development and maintenance of any products, with obligations to be met at every stage of the value chain. The breach reporting requirements are particularly demanding.
“This is another sign that pressure is being put on all companies and organizations around the world to invest in their cybersecurity resilience and response. The SEC is also active, proposing new guidelines with a four business day reporting rule.
“This trend will continue and it is inevitable that all companies will have to increase their focus and investment on cybersecurity governance, protection and response.
David Ratner, CEO, HYAS Infosec follows with this:
“The Cyber Resiliency Act is a great start and will certainly help to increase transparency and responsibility. However, organizations should not let attestations and compliance drive their overall operational resiliency and business continuity strategy. They still require solutions capable of giving them the visibility and observability required to move business forward with confidence in the face of a constant onslaught of new and innovative cyber attacks.”
Leave a comment »