top of page

ISC2 2024 Outlook: AI, Quantum Cryptography, Global Cyberwarfare Concerns

As 2024 approaches, the world of cybersecurity is gearing up for another eventful year. Jon France, CISO of ISC2, sheds light on key trends, from the evolution of AI to the rise of quantum cryptography, geopolitical cyberwarfare concerns, the workforce landscape, and the regulatory horizon.


Isc2

Jon France, CISO of ISC2

Artificial intelligence will continue to take a front seat, but the hype will die down

Now that we’re at the end of 2023, just a short year after the initial release of ChatGPT, it seems like everything has an AI component to it. If you ask me, generative AI is at the top of its “hype cycle,” but it will still remain in the general consciousness in 2024 and will likely start to deliver more business value. However, what we have to realize is that even though AI was the buzz-topic of the year, it has yet to reach its full potential. For adversaries we’ve seen it mainly be used for social engineering purposes so far, and it’s likely that we’ll continue to see that threat surface deepen, but both from a defensive and offensive cyber operations side, we have a long way to go. I think in 2024, we’ll see vendors try to combat AI’s use for malicious purposes outside of just social engineering and ultimately use AI to deliver more tangible value. However, like any “hot new topic,” the hype will inevitably cool down as time goes on and it will settle into part of the landscape. We’ll see an increase in activity around quantum-safe cryptography and key distribution

Quantum computing tends to get the most attention in quantum technology discussions, but we likely won’t see it become commercially available for the next 3-5 years. What I have seen and anticipate we’ll continue to see is increased activity around quantum-safe cryptography. For example, NIST has been executing competitions to find efficient quantum resilient algorithms, and they’ve now qualified the first set of four to be used. Three of the four are based on a family of math problems called structured lattices and one is based on hash patterns. They’re hedging their bets that if lattice-based algorithms prove to be weak or inefficient, they’re going to need others that are efficient. So, the focus on quantum-resistant algorithms is strong in the research community, and I anticipate we’ll see more of that activity and search for improved algorithms in 2024 from NIST, ETSI and others. We’re also starting to see quantum-safe key distribution come to the fore of the quantum dialogues. Networks using quantum-safe key distribution are starting to be deployed, which is vitally important to counter the threat of compromised key distribution when quantum computers become more commercially available. These areas are largely still in the research phase, but I think we can expect to see lots of activity and discovery in these areas in particular. Upcoming elections will bring cybersecurity into the limelight

Cybersecurity is starting to get a more prominent profile and focus on the international political scene. The conflicts we’ve seen throughout 2023 have played a part in this, as cyberwarfare has taken a front seat in both Eastern Europe and the Middle East. The cyber community has known for decades that bits and bytes don’t obey borders, and it seems world leaders are seeing this message loud and clear. This will become evident as we head into election season. The US and the UK will both be heading to the polls in 2024 as will the European Union Parliament, and I suspect we’ll see cybersecurity being more of a prominent talking point for any candidate/party who wants to get into office. An increased spotlight on the importance of cybersecurity is undoubtedly needed, so the impending elections could be beneficial from an awareness perspective. Layoffs will steady and hiring managers will prioritize cloud and DevSecOps skills

The layoffs from this year were largely due to economic pressures that will carry into 2024. Inflationary pressures, cost of living, rising capital cost and more will continue to be issues, but I don’t foresee large layoffs like we saw in 2023. However, what will continue to be an issue in 2024 and beyond is skills gaps. Cloud computing security skills will remain in high demand in the new year, and product development skills are likely to take center stage as well. Secure-by-design is becoming more and more of a priority, extending into secure by default and secure in operation, and we’ll need individuals who are skilled enough to ensure the robust development of products. It’s an underserved area right now that I predict will become more of a focus industry-wide in 2024. We’ll see an evolution, rather than a revolution of regulations

The regulatory landscape will continue to stay hot – I think we’ll see more regulations governing AI and privacy in particular, and we’ll likely see more backlash around reporting requirements and a push for agencies to define what should actually be reported and at what thresholds of materiality. However, I don’t see a major overhaul coming. Instead, I think what we’ll see is sectors grappling with the tangible effects of the requirements that have been introduced. We’re no longer looking at these regulations as being on the horizon…in 2024, they’ll have to be adhered to. With this, I hope to see increased harmonization of regulations globally, so that multinational companies don’t run into navigational issues of not knowing which regulations and policies to follow and which don’t apply. We’re starting to see increased communication on a global scale, but we’re not there yet. It may be wishful thinking, but I predict we’ll see major global powers collaborating on what a cyber secure world should look like, and making policy decisions based on those discussions.


bottom of page