AI as a threat and a solution
Artificial intelligence (AI) is revolutionizing cybersecurity, offering significant benefits and challenges. While AI enhances threat detection, hunting, and incident response, it also empowers cybercriminals. Generative AI, for instance, can refine phishing attacks by eliminating typical indicators like poor grammar, making them harder to detect.
Organizations now face AI-powered cyberattacks that adapt and exploit specific vulnerabilities. Cybercriminals may use large language models (LLMs) trained on malware to craft sophisticated attacks. Key risks include prompt injection, where attackers manipulate AI applications into unauthorized actions, and insecure output handling, allowing malicious instructions if outputs aren't properly validated.
Despite these threats, AI provides substantial defensive benefits. It enables deeper network insights and faster threat identification. A 2023 IBM report revealed that organizations using AI and automation could identify and contain breaches 108 days quicker than those without these technologies. AI applications in cybersecurity include biometric authentication, threat detection, and incident response. For example, CrowdStrike's Falcon uses AI to detect anomalies like unusual traffic patterns and unauthorized data access.
The AI-driven security landscape is transforming cybersecurity roles. A February 2024 survey by the International Information System Security Certification Consortium (ISC2) found that 88% of professionals expect AI to impact their jobs significantly. However, 82% foresee increased efficiency, and 56% believe AI will handle routine tasks, allowing them to focus on higher-value activities.
Ransomware attacks are on the rise
The evolving ransomware threat continues to challenge businesses globally with its increasing sophistication and frequency. 2023 was notable for relentless cyberattacks. Some criminals started copying and stealing data, demanding ransom for not publicizing it, and selling it on the dark web.
Check Point reports that one in every 10 organizations worldwide faced attempted ransomware attacks in 2023, a 33% increase from 2022. Organizations globally experienced over 60,000 attacks on average, equating to 1,158 attacks per organization per week. High-profile victims included MGM Resorts, Boeing, and the UK’s Royal Mail.
Ransomware payments in 2023 surpassed $1 billion, marking a record high, excluding the economic impact of productivity loss and repair costs. The ransomware industry attracted numerous new players, with Recorded Future identifying 538 new ransomware variants in 2023. The trend of "big game hunting" became dominant, focusing on fewer attacks but demanding larger ransoms, with payments increasingly involving sums of $1 million or more.
Leading anti-ransomware companies include Gen Digital (Avast and Norton), Bitdefender, Check Point Software, CrowdStrike, Illumio, and Sophos.
Supply chain attacks
Cyberattacks targeting software supply chains are increasingly prevalent and highly disruptive. These attacks can cripple an entire supply chain, causing massive business interruptions.
According to IBM’s 2023 Cost of a Data Breach report, it takes an average of 233 days to identify and 74 days to contain such breaches, totaling 307 days. This is 37 days longer than other types of data breaches. In 2023, 15% of organizations reported supply chain compromises as the source of data breaches.
Supply chain attacks gained prominence in 2020 with the SolarWinds hack, where Russian hackers inserted malicious code into the company's software, affecting thousands of organizations, including the US government.
The UK government's Cyber Security Breaches Survey 2023 indicates that most large businesses now review their supply chain risks, with 55% of large businesses assessing immediate supplier risks, up from 44% in 2022.
A significant 2023 attack involved MOVEit, a managed file transfer software. Exploiting SQL injection vulnerabilities, attackers manipulated data, disclosed sensitive information, gained administrative privileges, exfiltrated files, and deployed ransomware. This attack impacted organizations such as the BBC, Zellis, and Norton, underscoring the critical need for robust supply chain security measures.
Cloud-based security
The COVID-19 pandemic accelerated cloud adoption as companies transitioned to remote work, increasing their exposure to cyber threats. Misconfigured security settings in cloud environments have become a significant issue, making it easier for attackers to steal data.
A 2023 Thales study highlights that businesses face numerous challenges due to a cloud-first, multicloud approach, with 79% of respondents using more than one cloud provider. Each additional provider introduces new security controls and data protection models, complicating the security landscape.
The survey found that 38% of respondents identified software as a service (SaaS) applications as the primary target for cyberattacks, followed by cloud storage at 36%. Nearly half (46%) reported experiencing a data breach in their cloud environments, underscoring the risk associated with cloud data exposure. As cyber threats evolve, organizations must enhance their security measures to protect cloud-based resources.
Leading players in cloud security include Amazon, Broadcom, CrowdStrike, Microsoft, Alphabet, Netskope, Palo Alto Networks, and Zscaler.
Chip-based security
The evolution of chip-based security is becoming essential as more chips are integrated into mission-critical servers and safety-critical applications. The increasing trend of systems vendors and original equipment manufacturers (OEMs) designing their own chips has shifted the focus of security requirements to a more internalized concern.
The 2017 discovery of high-profile security vulnerabilities like Meltdown and Spectre forced chip vendors to patch security holes with software, resulting in reduced performance improvements for upgraded servers. Consequently, vendors began developing custom chip architectures to achieve better performance and power gains while maintaining control over chip security.
The economic landscape of hardware attacks has changed, making hacking tools accessible to ordinary criminals. As computing becomes more pervasive and connected, the attack surface expands, increasing the likelihood of hardware attacks. The OpenTitan coalition's February 2024 announcement of the first commercial silicon chip with open-source built-in hardware security exemplifies this trend. OpenTitan provides an on-chip source of cryptographic keys that are inaccessible remotely, ensuring tamper-free security infrastructure.