.png?sfvrsn=aea4f86f_2 "Gazing Into the Future of Cybersecurity (1)")
At the CompTIA EMEA Member and Partner Conference 2023 in London, James Stanger, Gary Fildes and Richard de Vere addressed many of Europe’s leading educators and technologists. They explored the trends, challenges and opportunities that lie ahead in cybersecurity for 2024. Read on to discover what these IT experts predict for the future of cybersecurity.
Network Hardening and Social Engineering Are on The Rise
Cybersecurity trends can change on a dime. But, according to James Stanger, chief technology evangelist at CompTIA, the best way for organizations worldwide to anticipate the unknown next year is to mature processes and upskill individuals. He also stated that the top two trends he expects to see – improving process maturity and finding new ways to protect people from social engineering – should be taken seriously.
Over the years, traditional cybersecurity controls have had a positive effect. While attacks abound globally, sophisticated cybersecurity solutions do exist. Organizations that have enough upskilled cybersecurity professionals are capable of deploying, iterating and managing these controls.
Many have been able to raise the bar and protect themselves. Yet, end users remain key targets – even in organizations that have good processes in place. As a result, social engineering has become more of an issue. This means cybercriminals are becoming savvier at hacking into the human element of cybersecurity – not just the technical side.
“The biggest prediction of cybersecurity trends for next year is going to be even more pressure on the people side of things,” Stanger explained. “As organizations become increasingly mature in their processes, we’ll see quite a few innovations in social engineering. That means it’s really important that we have a more sophisticated understanding of exactly what social engineering really is.”
Most people have heard of phishing, vishing and smishing. But, when it comes to social engineering, fewer know about how social engineers engage in research to create a perfect pretext. Social engineering is all about manipulation, de Richard Vere, head of social engineering at Ultima Business Solutions explained.
So, any good social engineer works hard to create a situation or present a compelling reason for a user to do something that causes a security issue. Stanger then added that today’s social engineers now have generative artificial intelligence (AI) and useful tools, such as Maltego, to help them.
Gary Fildes, regulatory cyber assurance principal, Ofgem, added that, thankfully, useful email and instant message (IM) anti-phishing tools exist. Such tools include domain name validators and email message scanners that flag inappropriate requests and help end users make good decisions when they read an email or IM.
Outdated Operational Technology Poses Security Threats
Another key cybersecurity trend we’ll likely see in the future, according to de Vere, is the continued exploitation of operational technology (OT). He believes many people are overlooking the risks related to sub-par and legacy operational technology, adding that most organizations don’t have plans to improve OT security. This is problematic as society relies on the accuracy of operational technology to ensure proper control of industrial equipment that runs the electrical grid, water systems and the buildings we live in.
“Operational technology is a risk that few have truly thought through ,” de Vere emphasized. “Aircraft, transportation, health services – it drives everything. We are dealing with 40- to 50-year-old technology in the transportation industry, so the technology is already compromised from weakened IT infrastructure. There is room for growth in this area.”
Operational technology risks are threatening all industries. Anywhere there is outdated technology, there are risks. Yet behind every risk, there is an opportunity to update technology and improve cybersecurity practices.
Thankfully, added Fildes, we do have strategies for handling OT vulnerabilities. It’s just a question of taking the time to assess the risk, then take positive steps to solve these problems. Stanger emphasized the need for techniques such as air gapping, increased analytics and better relationships with OT manufacturers. “If an OT system can be updated, updates are often made by the vendor, not the customer,” Stanger said.
Artificial Intelligence: Blessing or Curse?
Fildes, Stanger and de Vere all agreed that AI will continue to be a leading trend in the cybersecurity space next year. This, they stated, could result in better data security technology and techniques. But it could also cause cybersecurity problems.
For example, cybercriminals can use AI to supercharge ransomware and internet-born attacks, resulting in serious financial damage for organizations. Or they can use it to refine their social engineering campaigns.
Recently, de Vere had his team use AI to construct dangerous pretexts as part of a pen test his team was conducting. His team found that a good social engineer using generative AI took a fraction of the amount of time it would take for a human to write it from scratch. He added that cybercriminals are, of course, also using AI for translations, which is helping them rapidly break down language barriers in cybercrime.
“I think AI is generally positive, but it can also be scary,” de Vere said.
Fildes also weighed in on the topic of AI, saying there are risks to using it and to not using it. He cited inconsistency or a lack of governance as a contributor to AI-related security issues. The importance of understanding the technology you are working with and managing it well is a practice that he feels too many organizations overlook.
As with any technology, AI poses many cybersecurity risks. As a result, it’s vital for organizations to focus on something that is easy to talk about, but difficult to put into practice: Improve risk management practices. Cybersecurity professionals should strive to refine risk management today, next year and beyond.
The Future of AI in Cybersecurity
Fildes, de Vere and Stanger discussed the common concern about AI taking over a good portion of jobs. They stated that it’s one of the hottest topics in tech. But how realistic are these fears, and are there any upsides to AI in the workplace?
Yes, AI has the potential to replace jobs. The disruption innovation brings is inevitable, but it shouldn’t be feared. Stanger stated that it’s important to negotiate with the inevitable – and to realize that it’s possible to upskill and morph your career to meet any challenge. Fildes added that there’s a key human element to consider, however: For one, AI cannot replace human connection.
“AI is never going to have a cup of tea with you,” Fildes joked. “Maybe 50,000 years down the line that could happen.” No matter how advanced or helpful AI becomes, it cannot and should not replace face-to-face human interaction.
AI can also be extremely beneficial, especially to cybersecurity professionals, as it is an efficiency booster. It can handle tedious, labor-intensive tasks such as scanning logs for discrepancies, allowing cybersecurity professionals to focus on analysis, which requires human judgement, said Stanger.
In the future, cybersecurity professionals and vendors may also look to AI to produce routine client deliverables. AI can help these IT professionals meet customer demands and become more productive. AI can improve IT professionals’ quality of life by optimizing their time.
AI has a solid place in the future of cybersecurity. So do humans. With proper risk management and upskilled individuals, it’s likely that we’ll see more benefits to AI than drawbacks.
The Future of Cybersecurity Will Call for In-Demand Data Security Skills
No matter what the future of information security holds, a highly skilled cybersecurity workforce can handle it. As promising, but potentially threatening, trends such as AI surge, it will be more essential than ever to close the cybersecurity skills gap and fill vacant job roles.
Cybersecurity certifications such as CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+) and CompTIA PenTest+ can also provide the skills IT professionals need to approach data security issues with confidence and competence.
Learn the skills you need with CompTIA CertMaster Learn. Sign up today for a free trial today!
