By i-confidential Staff
The text featured here updates the original which appeared in an IT Security Guru article entitled, "2024 Cybersecurity Industry Experts Predictions: Part 1"
As we rapidly approach the halfway point of 2024, let’s look at what could be in store for the months ahead.
Generative AI has undoubtedly dominated conversations and will continue to impact the cyber security landscape in the months ahead. Will it become easier to launch sophisticated cyber attacks at scale? Will AI lower the barrier to entry for cyber crime?
The answer to these questions is yes. AI has dominated the technology agenda for some time, and adversaries are now looking to start to exploiting it at scale.
So, what can businesses do to protect their assets in the AI Wild West?
It turns out they’ve had one important solution all along – people.
Defending Against Attacks
Ransomware attacks will continue to dominate the threat environment, and organisations must increasingly look to their people to help them survive in this digital battlefield.
To achieve this, investment in awareness programmes and phishing simulation exercises is essential. These shouldn’t be one-off initiatives. They need to be continuous and updated regularly to ensure they remain relevant as attacks evolve.
When organisations view employees as a strong line of defence, and arm them appropriately, they can significantly blunt the effectiveness of phishing or ransomware attacks, no matter how are executed. Whether they use the latest advancements in Generative AI or go back to their historic roots with Nigerian princes emailing out of the blue with an offer you can’t refuse, people will know to think hard before they click.
Maintaining Strong Foundations
Foundational security isn’t a hot new topic, but its importance will continue to increase, especially in the face of Generative AI.
People are still at the heart of maintaining security. Organisations must focus on getting the basic principles right to help block attackers from getting into their networks. Foundational controls must also take into account complex supply chains, which have the ability to impact data. Some key areas to focus on include:
Having an up-to-date asset inventory and an understanding of critical assets.
Having an up-to-date third-party inventory.
Ensuring policies and standards are current, regularly reviewed, and tested.
The payback is that organisations will be in control of their security. They’ll be able to make sound decisions about priorities, investments, and future strategy. They will also be able to investigate incidents more quickly and effectively.
Organisations struggling with weaknesses in their foundational security will invariably need to turn to experienced security practitioners for help, not AI.
Again, it is people who can make the biggest difference, helping to build foundational controls based on specific business needs.
The Gap is People, Not Tools
Organisations still struggle to find people with the skills needed to fix their security problems. Closing these gaps has become increasingly vital because AI is changing the threat landscape in the favour of adversaries.
No one can afford to overlook these security challenges. Firms will need to bolster their teams of security veterans. Relying on ‘gig economy’ workers and savvy recruiters will become more important than ever. Meanwhile, innovative university courses, such as ethical hacking, and college apprenticeships will spawn a new generation of cyber talent.
Organisations need to look to these initiatives to help address their control weaknesses and bolster their in-house teams with new talent.
Conclusion
Overall, the future of AI as both security friend and foe is still uncertain, but we know enough to be concerned and start preparing accordingly. As the year progresses, people are still going to be the best route to fending off whatever comes next.