AI and cybersecurity… Cybersecurity and AI… AI has been at the heart of all the debates this year, as evidenced by the recent signing of the AI Act. The questions surrounding this technology relate in particular to its impact on the security of our online lives. But will AI be the only component to enter the equation in 2024? Together, let’s discover six significant cybersecurity challenges for the coming year.
AI, A New Weapon For Cybercriminals
AI has, therefore, been at the heart of all discussions in 2023, particularly generative AI tools, such as ChatGPT. This may lead us to believe that these tools will cause an increase in attacks against businesses and individuals in 2024. AI tools allow cybercriminals to save time in preparing attacks. Indeed, they can now make individualized, higher-quality contact attempts with less human effort.
Essential Workforce Optimization In The Field Of Cybersecurity
We are currently facing a conflict that all businesses experience: supply and demand and a game of balance, or rather an imbalance. Over the past few years, we have seen an increase in cybersecurity services offered by vendors as managed services.
Faced with this observation, the ISC2 association published a study in October 2023, according to which there is a global shortage of 4 million talents in the cybersecurity sector. In France, we should go from 37,000 unfilled jobs in 2021 to 75,000 in 2025, despite the wishes of the French government.
This deficit can be explained by an inflation in the “price” of these resources, similar to the more general inflation that several countries, including France, faced in 2023. Despite this cost, and in the face of this shortage of resources as well as the loss of income for companies, they must optimize their resources in 2024 to confront cyber threats effectively and avoid suffering from them.
How Do You Juggle Between Marketplaces?
In recent years, we have observed a proliferation of marketplaces, like the platform projects launched by several tech and cybersecurity giants. In this context, client companies will have to choose between these different options: they can only acquire cybersecurity solutions on a few marketplaces.
Since cybersecurity is a team game, companies must ask themselves: How do they integrate different marketplaces and the solutions they find there? Will these meet my operational needs once the technology is deployed?
And How Do You Juggle Between SaaS?
The same questions arise about SaaS solutions. A thought model from the past, which unfortunately still survives, was to “stack” appliances at the entrance to infrastructures. However, the entry of public traffic into companies is today distributed. The only viable solution is to create a cyber cloud comprising different SaaS, in series for some of them and parallel for others.
Today, this type of cyber design is one of the only ones, if not the only one, that can provide an adequate level of cybersecurity and flexibility, allowing the business to operate at its own pace. But be careful; consider SaaS allowing visibility and concatenation of information because risk management requires correlating data.
What Responsibility Do Hyperscalers Have For The Security Of Their Customers?
Responsibility is now shared between hyperscalers and their customers during attacks. Hyperscalers ensure the protection and elasticity of their infrastructure, but the application hosted in the infrastructure does not benefit from this. Suppose we take the example of a messaging application that would be subject to a security breach.
In that case, maintaining its operations falls on the company, not the hyper-scale hyper-scale. This represents a boon for cybercriminals, who can attack the services hosted in the hyperscale and thus use the latter’s power to generate other attacks. Significantly, cybercriminals can move very quickly from one target to another and are, therefore, difficult to apprehend because they are very mobile.
Increased Effectiveness Of Email Attacks
Email attacks will become more dangerous in 2024 as cybercriminals become more convincing. In this context, the great classic remains the alert to the president of a company. These attacks on company emails are different but use common denominators inspired by sociology and emotion. Indeed, cybercriminals use social engineering by appealing to the human side of their victims.
In their attack emails, they mention subjects that are part of the company’s daily life, such as an unpaid invoice, and therefore likely not to arouse the recipient’s suspicion. The phishing method implies greater precision of the attack email because the cybercriminal had to conduct detailed research in advance.
Therefore, this method generates higher costs and a better return on investment. And AI, as with all other subjects, can generate attack engineering of quality on a large scale and at a low cost. Therefore, These attacks should increase in number soon, as they are very profitable.