Predictions for 2024: AI Impacts Both Offense and Defense in the Battle for Cybersecurity
This is an easy call to make: NetLib Security predicts that Artificial Intelligence – Generative AI – will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and several other prominent applications launched their commercially available products in 2023. AI’s capabilities and functionality seemed to improve exponentially. And like any new technology, AI can be a double edged sword.
For the average user, AI holds the promise of a tool to make work easier with an assistant that can handle trivial tasks, editing, or research. Those advantages are balanced against the fear that AI might also make workers redundant in some fields, performing many tasks without need for human intervention.
Similarly, in the field of cybersecurity, AI has improved defensive tools by automating the detection of patterns, exposing malicious code, and even making predictions based on historical data. Companies have been integrating AI into their vulnerability and risk management programs in order to analyze potential threats. We predict that as AI’s capabilities increase, automated vulnerability detection will take advantage of this new technology, exponentially improving our ability to thwart bad potential threats.
AI, and the related field of machine learning, will continue to evolve and adapt as proactive tools, enhancing the agility of cybersecurity systems. And just as AI has become a tool to help automate routine responsibilities for the average office worker, this technology can also automate many common system management tasks, allowing cybersecurity professionals to focus on strategic and complex issues.
On the other side of the equation, AI has also played a role in more sophisticated cyber-attacks. We predict that AI will have an impact several vectors in 2024, including:
- Automated Attacks: AI-powered tools are able to automate the process of scanning and exploiting vulnerabilities in computer systems, making it easier and faster for attackers to identify and compromise targets.
- Adversarial Machine Learning: Attackers can use adversarial machine learning techniques to manipulate AI algorithms. By feeding misleading or malicious data to these machine learning models, attackers can deceive these systems and cause them to make incorrect decisions.
- Targeted Phishing Attacks: AI can be employed to create highly realistic and personalized phishing emails or messages. By analyzing large datasets, attackers can craft messages that mimic the writing style and behavior of a specific individual, making it more likely for the target to fall for the phishing attempt.
- Evasion and Stealth: AI can be used to develop sophisticated evasion techniques that enable malware to avoid detection by traditional cybersecurity tools. This includes dynamically altering the behavior of malware to escape recognition.
- Credential Stuffing: AI can be leveraged to automate credential stuffing attacks, where large sets of stolen usernames and passwords are systematically tried on various websites and services until a successful login is achieved.
- Deep Fakes: AI-generated deepfake technology can be used to create realistic audio or video impersonations of individuals, which can then be used for social engineering attacks. Attackers may use deepfakes to impersonate trusted individuals and manipulate victims into divulging sensitive information. AI-created deep fakes have found and continue to find new ways to bypass biometric authentication thus gaining access to protected systems.
We expect to see an increase in all of these forms of attack with the use of AI in 2024. Therefore, it’s crucial for cybersecurity professionals, IT, developers, and businesses to stay vigilant, adapt their defense strategies, and develop countermeasures to mitigate the risks associated with the malicious use of AI in cyber attacks. No matter your role, it will be critical for businesses, developers and all to have increased cybersecurity awareness and training to ensure they can protect themselves as these methods of attack increase.
New and improved AI products will hit the market next year. Google’s Gemini, which was originally scheduled to be released in 2023, has been pushed back to 2024. It will compete with OpenAI’s GPT-4, and could be integrated with Google’s Bard, Assistant, and Docs products. Meanwhile, Microsoft’s Copilot will integrate with Bing, Bing Chat, and possibly a new version of Windows. Amazon will be improving its “Q” AI, and Meta AI will be coming to Facebook and Instagram. Finally, the launch of xAI by Elon Musk, Grok, will add to the evolution and proliferation of products that are both beneficial and potentially destructive.
Many of these products offer programming interfaces and extensibility options that will allow bad actors to take advantage of the exploding market in AI algorithms. Therefore, we will need to be more vigilant in protecting our data. This means that encrypting will be more important than ever. It’s common knowledge that encryption prevents unauthorized users from accessing your data. Encryption is an absolute requirement to keep your information secure.
That’s one area in which we can help. NetLib Security has spent the past 20 years developing a powerful, patented solution that starts by setting up a formidable offense which can be managed from anywhere in the world, across every environment where your data resides: physical, virtual, and cloud. Our platform is geared to simplify the process for you while ensuring unprecedented levels of security are in place. You can simplify your data security needs by utilizing Encryptionizer to satisfy your security requirements quickly, and with confidence.
David Stonehill is the CTO of NetLib Security, a security software development company that offers a number of data protection products including Encryptionizer®, which transparently encrypts data-at-rest in SQL Server, PostgreSQL, and nearly any Windows-based application. Prior to joining NetLib Security, David has led development groups at MCI, The Associated Press, and The BoxOffice Company.