As 2023 draws to a close, we’re looking ahead to a new year. This past year brought on a set of cybersecurity challenges that we expect to continue in 2024.
As the growing conflicts between Israel and Hamas and Russia and Ukraine continue, there will be new risks from global threat actors. This will require preparedness on both sides for new asymmetric threats. These expanding threats in a volatile, noisy environment will be difficult to predict. I recommend security leaders insert the crowdsourced hacker mindset into their decision making to show how to prepare for the chaos coming when the threat actors do try to monkey with IT systems.
We can also expect the bar to lower for attackers, largely due to the availability of generative AI tools. In the past, knowledge was a barrier to entry for the attackers to get big outcomes. Now, generative AI has given them access to a lot of new tools and it has broadened the potential threat group.
In using AI for defense, the challenge comes because prioritization is usually defined by the business leaders, not by the security practitioners. What we security folks feel is most urgent sometimes does not align with the company priorities, which creates a risk to the organization. Seen through that lens, our work around AI is to surface insights from the overall data set as it relates to risk. A vulnerability on its own is not good, but a vulnerability plus a real threat now makes it urgent.
The Bugcrowd team compiled a few of my predictions for cybersecurity in 2024 into this handy infographic. I’d love to hear what is top of mind for you and your security team in the new year.