In the world of cybersecurity, as everywhere else, AI and generative AI are top of mind. Malicious actors are using AI and genAI to create more insidious malware, more convincing phishing emails, and more realistic deepfakes.
At the same time, vendors are fighting back by incorporating AI capabilities into their cybersecurity tools. The goal is to aggregate and analyze large amounts of threat intelligence data to spot trends, expose vulnerabilities, and identify new attack vectors. GenAI empowers security practitioners to query the data in real-time for faster incident detection and response.
Our list of hot trends starts with AI — but doesn’t end there. Here’s a sampling of some of the hottest trends in cybersecurity, along with a couple that are not-so-hot.
Hot: Use of AI for evil
Threat actors have been quick to exploit the power of AI technology for nefarious purposes, with generative AI fueling a significant rise in cyberattacks, while pushing remediation costs up and improving their own productivity to boot.
Threats from AI fall into several categories. Deloitte’s annual Cybersecurity Threat Trends report highlights the following AI-fueled threats for 2024:
- Deepfakes: Threat actors are using AI to generate deepfake videos that use lifelike images to impersonate a trusted source. In this scenario, the video might pose as a corporate executive or supervisor to trick a target employee into sending money to a fake account. Or it could impersonate an IT employee to trick end users into revealing passwords and other credentials. Cybercriminals are still seeking viable business models for deepfakes, and as more commodity deepfake-creation tools come online, the threat will expand.
- Phishing: Remember those crude phishing attempts that had grammatical mistakes and clumsy wording? AI-generated phishing emails correct those flaws and enable hackers to write sophisticated and convincing emails quickly and at scale.
- Vishing: A variation on phishing, bad actors can use AI to clone a person’s voice for the purposes of financial fraud and unauthorized access to protected systems.
- Malware: AI enables threat actors to generate and deploy ever more sophisticated and effective types of malware.
Hot: Use of AI for good
“AI is the hottest trend to hit the cybersecurity industry,” says Richard Stiennon, chief research analyst at IT-Harvest. According to Stiennon, vendors, including a new generation of startups, are incorporating large language models (LLMs) into their products to allow users to talk to their own data and derive insights.
“There is no question that LLMs are good at interpreting and translating text and will thus assist in threat hunting, anomaly detection, and incident response,” he adds.
The most popular deployment model today is the use of AI-based systems in a co-pilot or advisory role, with a human providing oversight and making the final call. However, cybersecurity expert Daniel Miessler says the use of autonomous AI SOC agents that emulate human agents isn’t far off. In fact, a number of startups, including Dropzone.ai and Salem Cyber, are offering pre-trained SOC agents that can replicate human agents and automatically investigate alerts.
Dustin Sachs, chief technologist and senior director of programs at the CyberRisk Alliance, adds that organizations with staffing issues and skills gap challenges can take advantage of AI to augment security teams and drive operational efficiency. In this way, genAI is already helping entry-level SOC analysts improve their skills.
Tech futurist Bernard Marr sums it up this way: “If cyberattack and defense in 2024 is a game of chess, then AI is the queen — with the ability to create powerful strategic advantages for whoever plays it best.”
Cold: Security tool sprawl
Tool sprawl is unavoidable. Security practitioners have their favorite tools. Employees come and go. Over time, large teams end up with dozens and dozens of tools, many with redundant or overlapping features. Research firm IDC notes that tool sprawl creates unanticipated security issues, making it harder to identify and mitigate risks, slowing incident response and increasing costs.
CSOs agree — and that’s why they’re taking it all, looking instead to consolidate their IT tools set.
Addressing security tool sprawl means identifying gaps and overlaps and then consolidating via security tool rationalization. One way many companies consolidate security tools is by taking a platform approach.
“There is a tried-and-true colloquialism that says that you cannot protect what you cannot see,” says Chris Kissel, vice president of security and trust at IDC, and one of the authors of IDC’s “The Implications of Security Tool Sprawl” report. “The problem is that if there are too many tools in an organization, analysts are in a place where they suffer from technical debt trying to learn new dashboards, syntax, and procedures. Tool sprawl is yielding to tools consolidation.”
Reducing your security application portfolio in favor of a platform approach can offer additional business benefits, IDC argues, including cost savings, reductions in overall security architecture complexity that improve security operations efficiency, and a more easily sharable and scalable security policy.
Hot: Cybersecurity talent demand
There are currently 470,000 estimated openings for cybersecurity professionals, according to cyberseek.org. On average, cybersecurity roles take 21% longer to fill than other IT jobs. And from May 2023 through April 2024, there were only 85 cybersecurity workers available for every 100 cybersecurity jobs.
The implications of not having enough security talent is detailed in the World Economic Forum’s Global Cybersecurity Outook2024. This year, 36% of respondents said that skills gaps are the main challenge to achieving cyber-resilience goals. Some 78% of respondents reported that their organizations do not have the in-house skills to fully achieve their cybersecurity objectives. And 57% of respondents from an ISC2 cybersecurity workforce study believe that the shortage of cybersecurity staff is putting organizations in moderate to extreme risk of experiencing a cybersecurity attack.
At the CISO level, nearly one-third (32%) say the cybersecurity skills shortage has had a significant impact on their organization. To combat this, CISOs need to focus on employee retention, educate the C-suite and board on the importance of shrinking the gap, and rethink their strategies to incorporate more automation and, where necessary, service partners.
James Globe, vice president of strategic advisor cybersecurity capabilities at the Center for Internet Security, says, “My prediction is that the gap between available skilled and experienced cybersecurity and information technology talent and unfilled cybersecurity positions will continue to increase, in particular for public sector organizations.
Hot: Mergers and acquisitions
M&A activity among cybersecurity vendors has been slow the past couple of years, but the floodgates opened in 2024.
Cisco completed its $28B acquisition of Splunk.Broadcom announced it would combine Symantec (which it purchased in 2019) with Carbon Black (which it acquired when it bought VMware) to create a new business unit called Enterprise Security Group. IBM announced plans to sell its QRadar SIEM to Palo Alto Networks. Identity security vendor CyberArk agreed to buy identity management leader Venafi.
The list goes on. LogRhythm announced plans to merge with Exabeam, Zscaler bought Avalor, CrowdStrike bought Flow Security, Cohesity is buying the Veritas data protection business, SonicWall is snapping up Banyan Security, Akamai bought NoName Security.
HPE’s purchase of networking industry veteran Juniper Networks is not security related, per se, but is part of the ongoing trend of large vendors making significant acquisitions to build broad platforms that have a security component.
With all the M&A activity, CISOs are left to sort out the impact of newly consolidated tool sets, new overlords for solutions they depend on, and shifts to vendors’ wares and strategies in the wake of buyouts. That all begins with asking the right questions.
Cold: Siloed security
The days of security existing in a silo are over. Security is increasingly being integrated across the tech stack and across the business. For example, the “shift left” trend integrates security within the software development process so that code is written, tested and deployed with security in mind throughout the process. A recent GitLab Global DevSecOps survey indicated that 56% of software development, security, and IT leaders use DevOps or DevSecOps, up 9% over the previous year. The top benefit driving adoption was heightened security.
Security and networking are also merging in the form of single-vendor SASE, which combines networking and security tools (SD-WAN, network firewalling, Zero Trust Network Access, cloud access security broker (CASB), secure web gateway (SWG). According to Gartner, offerings that deliver converged network and security-as-a-service are increasingly popular. By 2027, 65% of new SD-WAN purchases will be part of a SASE offering, Gartner predicts.
With so many high-profile security breaches seemingly occurring one after the other, security has moved well beyond the SOC. Security and business teams are working together to make sure new apps are deployed securely. Security execs are aligning with regulatory, legal, insurance and risk management teams. And in many organizations, having someone with a security background sitting on the board of directors has become a necessity.
Hot: Extortion
Ransomware’s malevolent cousin, extortion, is on the rise. According to the Verizon Data Breach Report, extortion is now a component in 9% of all breaches. While ransomware attacks lock up the victim’s data and threaten to delete it or sell it on the dark web in exchange for a ransom, extortion attacks threaten to expose sensitive or embarrassing information.
With genAI, that information, in the form or an image, video, or audio, doesn’t even have to be real; it can be computer generated. And extortion attempts don’t necessarily occur in isolation; they can be combined with ransomware into multi-faceted attacks that can include DDoS attacks, encrypting and exfiltrating data, plus threating to expose sensitive corporate, personal data of corporate execs, as well as customer information.
As with ransomware, the best defense against extortion attempts is strong data protection, strong anti-phishing policies and procedures, and the capability to detect and block attacks.
Hot: Attacks against IoT
IoT represents a way for businesses to instrument their physical assets with connected sensors that enable performance monitoring, troubleshooting, and preventive maintenance. But they also provide a lightly defended target for cyberattacks.
A Forrester survey that asked respondents to identify the top sources of external attacks found that IoT systems were the No. 1 target at 32%, followed by corporate-owned computers (28%) and employee-owned devices (26%). And breach costs were higher when IoT devices were targeted, because poorly defended IoT devices remained vulnerable for longer periods of time before the breach was discovered.
It’s little wonder then that IoT and connected devices are among the biggest contributors to expanding application attack surfaces. And it has gotten so bad that adversaries are dredging up old malware, like the Mirai botnet from 2016, fine-tuning it, and launching fresh attacks against IoT, particularly in industries such as healthcare and manufacturing.
In response, companies such as CyCognito, Cymulate, Forescout, Microsoft, and Lansweeper are offering tools to help organizations get a handle on how many IoT devices are out there, and providing vulnerability risk context. In addition, vendors such as Keyfactor, Thales Group, and Utimaco are offering identity and access management for IoT devices.