2024 cybersecurity predictions: the effect of GenAI

While this year’s cybersecurity headlines may appear to be less sensational than previous years, breaches have been far more impactful. Moving into 2024, everyone should be on high alert as attackers move away from endpoints, capitalising instead on network infrastructure and other vulnerabilities.

There’s also no denying generative AI has also made headlines. In fact, Gartner finds, “55% of organisations reported increasing investment in generative AI since it surged into the public domain 10 months ago. Generative AI is now on CEOs’ and boards’ agendas as they seek to take advantage of the transformative potential of this technology.”

However, will GenAI really be the dominant force for cybersecurity advancement in 2024, or are there other factors to be aware of?

2024 to see attackers moving from endpoints to networks, leveraging vulnerabilities to gain access

Traditional ransomware relied on human error — such as someone clicking a link in a phishing email. In 2023 we’ve witnessed a rise in network infrastructure attacks, which results in breaches that are harder to catch and are far more detrimental.

This type of attack includes many instances in which even security vendors have inadvertently let attackers in the ‘back door’ through a vulnerability. The MOVEit breach falls into this category and is one of the largest data breaches from a single instance of a vulnerability we’ve seen, impacting many organisations throughout APAC.

The shift to new avenues of attack has also led to traditional controls and security measures failing to keep organisations protected. More specifically, lateral movement of attackers is something that organisations are finding very difficult to stop, an unfortunate trend that will amplify in the new year.

GenAI set to improve fallout of talent shortages while also better enabling attackers

AI is all about enabling efficiency, with the rise of generative AI (GenAI) showcasing just this. By 2026, Gartner predicts that over 80% of enterprises will have used GenAI APIs and models, or deployed GenAI-enabled applications in production environments, up from less than 5% in early 2023.

GenAI can be described as a search engine on steroids, with the ability to deliver an abundance of context and information. From a defendant’s perspective, this can be hugely beneficial in aiding rapid and successful response.

GenAI allows us to take invaluable information from cybersecurity experts and build this into a model. This is where I expect to see a lot of growth around AI, and there are already many implementations with help desks and applications that empower human security teams.

Of course, GenAI has also enabled attackers, with the likes of social engineering attacks growing in sophistication. Japan, for example, has been hit in a way the country never has before, simply because the AI is able to translate and communicate in other languages much faster and more convincingly.

Detection to become a core focus in order to clamp down on lateral movement

As security teams try to stop lateral movement and streamline security investment, they will be turning more towards the detection capability that sits behind prevention. We are realising, more and more, it is inevitable an organisation will be breached, so we need to make sure we can identify the attacker and respond at great speed. This also includes building ‘muscle memory’, meaning we are regularly testing our systems and know very well how we’ll respond.

Traditional measures are the equivalent of building very high walls, but if someone jumps over, we may not be able to catch them until they’ve left, and the damage is huge. With extended detection and response (XDR) we can greatly reduce the cost. We can understand how an attacker has infiltrated our defences and eradicate them from the environment. This is also where we can understand the impact of AI beyond what’s making headlines, as adaptive and applied AI functionality helps hugely in both detection and response.

Organisations expected to understand difference between zero trust and security solutions

In 2023 we’ve seen zero trust become a hot topic within security. However, a lot of organisations looked at zero trust as a product, when in fact it’s a strategy. On top of that, it’s not a 12-month strategy change, it takes years. Overall, the challenge is that regardless of your commitment to zero trust, it’s inevitable you’ll trust some service outside of your full control, and in 2024 leading organisations will further understand this.

To take micro-segmentation as an example, if we look at a Windows domain, there are certain ports that must remain open for authentication to occur. Authentication is the backbone of zero trust. At a network level, I might have segmentation, but I can just fly through the entire network on these backbones of trust that are required for authentication to occur.

Zero trust and micro-segmentation are very helpful in that they help an organisation to respond faster — security teams have processes and procedures in place that help them to respond very quickly. However, as organisations move through authentication and cloud transformation strategies and implementations, they will include a layer of security, such as XDR, that will help to identify attackers and respond early on.

Organisations learn to balance innovation and security to protect entire platform

A final trend that is particularly relevant for the coming year is around how we consider our platform and infrastructure. Whether its cloud or on-premise, we must be realistic about what we’re protecting, and at the moment this isn’t happening to the degree it should.

For instance, many organisations will say they’re cloud-first but still have a massive data centre footprint, and this needs protecting. If the focus is on cloud and all current investments are going into this area, it can be easy to neglect the data centre services. At the end of the day, the attacker doesn’t care where you’re innovating, they will come from any avenue they can, and it’s very important to ensure coverage of lateral movement inside of an organisation. In 2024 we’ll see more organisations operating on this thinking, working to innovate and secure their platform without compromising either.

Looking forward the focus for CISOs must be on innovation and protection

As we move into a new year, security leaders must work to achieve both innovation and protection for their organisation. While we can leverage the likes of cloud and AI advancements to our advantage, we must consider how attackers are also using these technologies to infiltrate our organisations and do significant damage. This is a time where detection solutions are not only useful but necessary, and the likes of XDR powered by applied and adaptive AI can underpin overarching strategies such as zero trust.

Chris Fisher is the Director of Security Engineering for Vectra AI in the Asia Pacific and Japan markets. Fisher ensures that Vectra’s customers have the security foundation to embrace new technology and lines of business, allowing them to digitally transform whilst reducing business risk and improving their security posture.

Image credit: iStock.com/baranozdemir