top of page

CrowdStrike CTO: AI Blind Spots and Unsanctioned Tools - Security Risks to Watch in 2024

In 2024, the landscape of cybersecurity is evolving rapidly, with new challenges and opportunities on the horizon. Threat actors are becoming more sophisticated, targeting cloud environments, exploiting AI vulnerabilities, and exploiting gaps left by antiquated end-of-life products. Organizations are responding by embracing AI-native platforms that bridge the gap between security and IT, and the upcoming U.S. Presidential election cycle brings fresh concerns about the manipulation of information through generative AI.

Elia Zaitsev, CTO, CrowdStrike

Elia Zaitsev, CTO, CrowdStrike, shares what the cybersecurity industry should be prepared for in 2024: Beating cloud adversaries will require a hardline focus on securing everything across the entire software development lifecycle. There’s never been a more critical time for cloud security. As organizations focus on managing remote and hybrid teams through an uncertain global economy, adversaries have become more sophisticated, relentless and damaging in their attacks. According to the CrowdStrike 2023 Global Threat Report, cloud exploitations increased by 95% and the number of cloud-conscious threat actors increased more than 3x in the last year. At the same time, the growth of cloud computing, the pace of DevOps, and the increased use of no and low code development platforms has led to an explosion of applications and microservices running within cloud environments. The speed and dynamic nature of application development makes it impossible for organizations to maintain a full picture of every application, microservice, database, and associated dependencies running in their environments. This creates a massive risk profile that cloud-savvy adversaries continually look to exploit. In 2024, enterprises must focus on securing their entire cloud estate – from both an application and infrastructure perspective – to win this battle. 

 

***

AI Blind Spots Open the Door to New Corporate Risks. In 2024, CrowdStrike expects that threat actors will shift their attention to AI systems as the newest threat vector to target organizations, through vulnerabilities in sanctioned AI deployments and blind spots from employees’ unsanctioned use of AI tools.

 

After a year of explosive growth in AI use cases and adoption, security teams are still in the early stages of understanding the threat models around their AI deployments and tracking unsanctioned AI tools that have been introduced to their environments by employees. These blind spots and new technologies open the door to threat actors eager to infiltrate corporate networks or access sensitive data.

 

Critically, as employees use AI tools without oversight from their security team, companies will be forced to grapple with new data protection risks. Corporate data that is inputted into AI tools isn’t just at risk of threat actors targeting vulnerabilities in these tools to extract data, the data is also at risk of being leaked or shared with unauthorized parties as part of the system’s training protocol.

 

2024 will be the year when organizations will need to look internally to understand where AI has already been introduced into their organizations (through official and unofficial channels), assess their risk posture, and be strategic in creating guidelines to ensure secure and auditable usage that minimizes company risk and spend but maximizes value. 

 

In addition, adversaries will see cloud-based AI resources as a lucrative opportunity. While many believe that AI will be a top trend in enterprise investment over the next few years, a recent study found that 47% of cybersecurity professionals admit to having minimal or no technical knowledge of AI. On top of that, AI presents new security challenges, as AI systems require access to large datasets often stored in the cloud. Securing this data and ensuring that AI models running in the cloud are not exploited for malicious purposes will be a growing concern, and in 2024, a comprehensive Cloud Native Application Protection Platform (CNAPP) will be more important than ever to fend off opportunistic adversaries. 

 

***

SIEM as we know it will disappear. Legacy SIEMs have failed the SOC. They are slow, costly, and were designed for an era when data volumes, adversary speed, and sophistication were a fraction of today. Teams have been forced to spend more time and resources setting up, maintaining, and trying to extract effective security insights from their SIEMs, rather than stopping breaches. With breakout times approaching 7 minutes for the fastest adversaries, legacy SIEM just isn't up to the challenge anymore. Defenders need an edge that’s orders of magnitude faster, easier to deploy, and far more cost effective than current approaches. 

 

To stop modern adversaries in 2024, the SIEM needs to be rebuilt from the ground up for the SOC around the security analyst experience. The market will dictate a need for solutions that unify all capabilities, including SIEM, SOAR, EDR and XDR, into one cloud-native, AI-powered platform to deliver better, faster, and more cost effective outcomes.

 

***

Antiquated end-of-life products leave massive IT/security gaps for adversaries to take hold. In 2024, organizations will be forced to unify their security and IT operations as threat actors increase their targeting of gaps across organizations. A critical gap that must be addressed is the continued use of antiquated end-of-life (EOL) products that provide a safe haven for threat actors. After a review of products that reached EOL between September 2022 - September 2023, CrowdStrike identified an increasing scale of EOL product exploitation targeting gateway appliances, operating systems and applications. In addition, CrowdStrike identified multiple threat actors who are deliberately targeting EOL products—particularly Windows— to opportunistically leverage well-known exploits that are several years old, and actively developing new exploits for products that cannot be patched to mitigate vulnerabilities.

Alarmingly, many of these products—such as Windows 8.1, MS SQL Server 2012, and Windows Server 2003—were initially released more than a decade ago and are still being used today. As threat actors increasingly target these critical gaps, in 2024 it will be more important than ever that businesses consolidate IT and security operations to seamlessly keep an up-to-date asset inventory, track impending software obsolescence & targeted systems, and update/mitigate/replace technology whenever possible.

 

***

CISOs and CIOs turn to platforms to drive the best security and IT outcomes. With CISOs and CIOs being tasked to do more with less, in 2024 we will see an industry-wide shift as organizations turn to platforms, rather than legacy point solutions, that break down operational silos and reduce complexity and cost. The increased collaboration between CISOs and CIOs is driving the need for a platform that can be the solution to both of their problems - an AI-native platform that stops breaches and provides a cost-effective single point of control for CIOs. 

 

***

Generative AI’s potential to manipulate and impact the 2024 election cycle. As we approach the 2024 U.S. Presidential election cycle, threat actors will likely target election systems, processes, and the general (dis)information environment. Nation-state adversaries—such as Russia, China and Iran— have an established history of attempting to influence or subvert elections globally through cyber means and information operations. These adversaries have leveraged blended operations to include elements of ‘hack-and-leak’ campaigns, integration of modified or falsified content, and amplification of particular materials or themes. Given recent progress with generative AI–including audio, images, video, and text–threat actors will have additional tools, capabilities, and approaches to create malicious content - all of which could make it harder for voters to discern what is real. Stakeholders from across the Government, including Congress, the AI field, and the cybersecurity community at large will need to work together as appropriate to monitor developments in this space.

 

Commentaires


bottom of page