Security Predictions For 2024
Having completed his bachelor’s degree in Business Information Systems from Victoria University and executive program in Cybersecurity from Harvard Business School Executive Education, Robert boasts of close to three decades of experience in IT and security verticals. Prior to joining Splunk in 2021, he has success fully handled key roles across numerous companies such as Check Point Software Technologies, FireEye, Trustwave, F5 Networks, Cisco Systems, Alcatel and Ericsson.
In a recent interaction with Siliconindia, Robert Pizzari, Vice President, Security, Splunk shared his insights on how the cybersecurity landscape might evolve in the coming days, along with many other interesting aspects about the industry. Below are the excerpts from the exclusive interview
Tell us about some of the new cyberattack techniques that organizations must stay wary of in recent times.
In 2024 and beyond, AI will be shaping the face of cybersecurity - for good and for bad. While it will help build cyber defences and address talent shortage, also threat actors will leverage AI to diversify their attack portfolio. As a result, we can expect more security incidents powered by AI, thus increasing the attack surface of organizations. A notable attack vector that we expect to observe this year is AI poisoning, wherein cybercriminals manipulate AI training data to influence the model’s decision-making abilities.
Our recent CISO Report survey found that the most anticipated security challenges posed by generative AI will be faster and more efficient attacks (36 percent), followed by voice & image impersonations for social engineering (36 percent), and extending the attack surface of the supply chain (31 percent). Despite the number of attacks increasing in frequency and sophistication, they would not necessarily operate under novel threat models. Instead, AI will potentially be leveraged to lower the bars for entry for emerging cyber criminals.
What impact will the evolving cyber threats have on Indian enterprises?
The previous year saw two prominent cases of leading brands in India from the hospitality and technology sectors facing data breach and ransomware threats that resulted in sensitive company information being compromised. In 2024, we can expect Indian organizations across almost all sectors to become more vulnerable to cyber threats, further stressing upon the importance of proactive threat detection and response in an organization. Although ransomware is not poised to become more destructive in 2024, cybercriminals will continue to diversify their techniques and targets in new, creative ways. In response to security teams improving their defences for ransomware security, attackers will also innovate to overcome these defences.
Additionally, we may see them increasingly rely on zero day threats, security vulnerabilities for which there are no known patch to infiltrate networks. Ransomware will be one of the most significant and costly threats for enterprises across geographies in the foreseeable future. Findings in our recent CISO Report revealed that 83 percent of organizations that faced a ransomware attack within the past year complied with the attackers’ demands, paying the ransom, either directly or via a third party, and more than half of the organizations that paid the ransom ended-up spending over $100,000.
Explain the importance of cybersecurity professionals upskilling themselves with advanced technologies in today’s AI era.
As data volumes continue to grow exponentially and require protection, there are not enough skilled cybersecurity professionals to meet rigorous demand from enterprises. As a result, security professionals will potentially be burdened by a large volume of simple and repetitive tasks at the expense of ones that could elevate the organization’s overall security posture. AI can provide a major step forward to address issues with cybersecurity talent shortages, wherein 86 percent of cybersecurity leaders reported the benefits of Generative AI in alleviating skill gaps in our recent CISO Report.
For roles even outside of cybersecurity, AI will work like an assistant you would not be able to function without. While AI-enabled tools take-up mundane tasks like policy creation, process documentation and data enrichment, they will also continue enhancing threat detection capabilities by efficiently keeping pace with rising security incidents. As different functions within the field of cybersecurity become supplemented by AI, the technology creates opportunities for new roles for employees to fill. Going forward, entry-level professionals will have to be mandatorily equipped with the knowledge of leveraging AI with skills like prompt engineering.
Throw some light on how Gen AI might pose potential challenges to data security in the coming years.
Generative AI has the potential to create more data privacy issues in 2024, especially with large language models (LLMs). For example, public-facing chatbots that harness LLMs could inadvertently leak sensitive data while generating responses. This could include intellectual property and even personal & medical data on individuals that the model was exposed to. Besides personal information on users, enterprise data is also at risk of being compromised. Growing use of copilot tools among software developers that are aimed at assisting with code completion may unintentionally compel them to input sensitive company data. To address these concerns, there is a strong need for the government to introduce stronger privacy regulations to address AI, especially when they face a large AI-related breach. However, historically, regulation for emerging technologies tends to be reactive in nature and may be slow to effectively address the threat.
In a recent interaction with Siliconindia, Robert Pizzari, Vice President, Security, Splunk shared his insights on how the cybersecurity landscape might evolve in the coming days, along with many other interesting aspects about the industry. Below are the excerpts from the exclusive interview
Tell us about some of the new cyberattack techniques that organizations must stay wary of in recent times.
In 2024 and beyond, AI will be shaping the face of cybersecurity - for good and for bad. While it will help build cyber defences and address talent shortage, also threat actors will leverage AI to diversify their attack portfolio. As a result, we can expect more security incidents powered by AI, thus increasing the attack surface of organizations. A notable attack vector that we expect to observe this year is AI poisoning, wherein cybercriminals manipulate AI training data to influence the model’s decision-making abilities.
Our recent CISO Report survey found that the most anticipated security challenges posed by generative AI will be faster and more efficient attacks (36 percent), followed by voice & image impersonations for social engineering (36 percent), and extending the attack surface of the supply chain (31 percent). Despite the number of attacks increasing in frequency and sophistication, they would not necessarily operate under novel threat models. Instead, AI will potentially be leveraged to lower the bars for entry for emerging cyber criminals.
What impact will the evolving cyber threats have on Indian enterprises?
The previous year saw two prominent cases of leading brands in India from the hospitality and technology sectors facing data breach and ransomware threats that resulted in sensitive company information being compromised. In 2024, we can expect Indian organizations across almost all sectors to become more vulnerable to cyber threats, further stressing upon the importance of proactive threat detection and response in an organization. Although ransomware is not poised to become more destructive in 2024, cybercriminals will continue to diversify their techniques and targets in new, creative ways. In response to security teams improving their defences for ransomware security, attackers will also innovate to overcome these defences.
Additionally, we may see them increasingly rely on zero day threats, security vulnerabilities for which there are no known patch to infiltrate networks. Ransomware will be one of the most significant and costly threats for enterprises across geographies in the foreseeable future. Findings in our recent CISO Report revealed that 83 percent of organizations that faced a ransomware attack within the past year complied with the attackers’ demands, paying the ransom, either directly or via a third party, and more than half of the organizations that paid the ransom ended-up spending over $100,000.
Explain the importance of cybersecurity professionals upskilling themselves with advanced technologies in today’s AI era.
As data volumes continue to grow exponentially and require protection, there are not enough skilled cybersecurity professionals to meet rigorous demand from enterprises. As a result, security professionals will potentially be burdened by a large volume of simple and repetitive tasks at the expense of ones that could elevate the organization’s overall security posture. AI can provide a major step forward to address issues with cybersecurity talent shortages, wherein 86 percent of cybersecurity leaders reported the benefits of Generative AI in alleviating skill gaps in our recent CISO Report.
For roles even outside of cybersecurity, AI will work like an assistant you would not be able to function without. While AI-enabled tools take-up mundane tasks like policy creation, process documentation and data enrichment, they will also continue enhancing threat detection capabilities by efficiently keeping pace with rising security incidents. As different functions within the field of cybersecurity become supplemented by AI, the technology creates opportunities for new roles for employees to fill. Going forward, entry-level professionals will have to be mandatorily equipped with the knowledge of leveraging AI with skills like prompt engineering.
Throw some light on how Gen AI might pose potential challenges to data security in the coming years.
Generative AI has the potential to create more data privacy issues in 2024, especially with large language models (LLMs). For example, public-facing chatbots that harness LLMs could inadvertently leak sensitive data while generating responses. This could include intellectual property and even personal & medical data on individuals that the model was exposed to. Besides personal information on users, enterprise data is also at risk of being compromised. Growing use of copilot tools among software developers that are aimed at assisting with code completion may unintentionally compel them to input sensitive company data. To address these concerns, there is a strong need for the government to introduce stronger privacy regulations to address AI, especially when they face a large AI-related breach. However, historically, regulation for emerging technologies tends to be reactive in nature and may be slow to effectively address the threat.