In a world of cybersecurity predictions, Etay Maor, Senior Director of Security Strategy at Cato Networks, offers a unique perspective by sharing what he doesn't believe will happen in 2024, along with practical insights that businesses should take into account.
Etay Maor, Senior Director of Security Strategy at Cato Networks
Unpredicting 2024 Cyber Threats AI-Based Attacks
No, there won’t be a wave of AI based attacks – while AI has been getting a lot of attention ever since the introduction of ChatGPT, we are not even close to seeing a full-fledged AI based attack. You don’t even have to take my word for it – the threat actors on major cybercrime forums are saying it as well. Hallucinations, model restrictions, and the current maturity level of LLMs are just some of the reasons this issue is actually a non-issue at this point in time.
But, we should expect to see LLMs being used for expediting and perfecting small portions or tasks of the attacks, be it email creation, help with social engineering by creating profiles or documents and more. AI is not going to replace AI, but people who know how to use AI will replace those who don’t…
The Future of Cyber Warfare
No, there won’t be a cyber war between nations – while some international conflicts are increasing in intensity (Russia-Ukraine, Hamas-Israel and their proxies and allies) “cyber-war” is just not a thing. Cyber is yet another military branch and while it can be used as a destructive weapon, kinetic attacks such as bombing are simpler, faster, and for the purpose of destruction much more effective (and therefore also cheaper).
But, businesses will continue to be targeted by nation state and semi-nation state actors, with SMBs, small municipalities, universities, and infrastructure suffering the most. Patching and updating, maintaining a zero-trust approach, and safeguarding from even simple attacks continues to challenge those organizations with limited budgets – and those are prime targets for attacks.
Blaming the End User
No, the end user is not stupid and it won’t be their fault – there is a tendency to blame the user and couple it with “humans are the weakest link” but humans are not going anywhere so let’s focus on more productive approaches. Cyber security responsibility is moving upwards, to the CISO, CIO, and board, not downward towards the employees and practitioners.
But, it is on us (managers, security operation teams, and yes – vendors) to create security tools and processes that will be easier to manage. We are going to see organizations move to products and services that while being more robust and advanced, offer simpler management with much less overhead of false positives, integration projects, and constant updates.