The continued rise of AI – and regulation

Karl Mattson, Field CISO at Noname Security, discusses what he believes are the emerging trends in the world of cybersecurity for 2024.

The last 12 months have been seismic for cybersecurity, with successful hacks and breaches continuing to make front-page news. The task of keeping networks and data safe is an ever-evolving one, with hackers and cybersecurity professionals in a constant state of cat-and-mouse as they try to outsmart one another. 

Events of the past year, including the widespread adoption of, and interest in, AI, as well as new geopolitical challenges, have had a profound impact. They provide some clues as to what 2024 might hold. 

The blurring of lines between real and online battlefields

In recent years, cyberattacks and, as response to this, cybersecurity, have started to play a much bigger role in geopolitical conflict. Cyber is now a mainstay in the arsenal of weapons used by nation states involved in large scale conflict, and is an expected tactic when it comes to states engaging in warfare. 

Cyberattacks in this context differ from kinetic uses. Usually, hackers are aiming to obtain sensitive data that they can charge a ransom for – however during times of geopolitical tension, the targets tend to be critical infrastructure with the aim of disrupting energy and communication networks, thus hindering the coordination and movement of troops on the ground. 

The prevalence of cyberattacks as a routine component of geopolitical conflict will undoubtedly lead to a continued escalation in cyber risks, as well as the creation of new and more sophisticated tactics. This may also lead to a ripple effect as adversaries extend their cyberattacks to companies and nations supporting allies. This growing cyber threat landscape will necessitate enhanced security measures and international cooperation to mitigate risks effectively.

AI will completely disrupt the cybersecurity space

2023 will go down in history as ‘the year of AI’. AI as a concept has been around for decades, but was principally the plaything of software engineers, and had limited applications in fields such as biotech and mathematics. However, the release of ChatGPT brought the concepts of artificial intelligence and machine learning to the general public, and broadened its use case to become part of people’s everyday lives. 

The dark consequence to this is that AI tools are now also much more available for bad actors to use to supplement their hacking arsenal. In the past, identifying and exploiting complex, one-off application programming interface (API) vulnerabilities required a lot of effort on the part of the person implementing the attack, and usually needed a bespoke solution tailored to specific API vulnerabilities. In 2024, AI will likely enable an increase in the sophistication and scalability of attacks.

The AI industry will take another giant leap forward

While the actual technology of AI will continue to be developed, the industry surrounding this tech will most likely have its most tumultuous year in 2024. One of the main ways this will manifest is in the divide between the public and the private sector. 

There has already been a lot of talk by governments around governing AI, as this technology is so new and has seemingly limitless applications. Policy makers around the globe have already recognised the danger it could pose if left unchecked, leading to discussions around regulating it such as the AI Safety Summit held in the UK in November 2023. 

As government AI policy implementation takes shape, government agencies, along with private companies such as those involved in critical infrastructure, that are impacted by the resulting policies, will be forced to comply. However, a pronounced divide will emerge between government-regulated and unregulated companies. These private entities will adhere to a wide range of AI approaches, and many will choose to create their own policies, creating a split in approaches to AI tech. 

Another way in which the industry of AI will evolve in 2024 is through the consolidation of AI companies. 2023 saw explosive growth as AI became a hot topic, and a lot of investors wanted a slice of the pie, leading to the founding of many new companies who are trying to create their own ChatGPT. Most of the startups that are building their own model are unlikely to succeed, and outside of OpenAI and Big Tech companies like Meta and Google, these startups will either fail or be absorbed into larger organisations. 

API regulation will continue developing

Changes in tech regulation in 2024 will not only affect AI; the regulation around APIs will also continue to evolve. APIs are still a main attack vector for hackers and represent a weak link in some organisations’ cybersecurity strategy.

Many companies do not have a full inventory of their APIs, and even if they do, they do not know which ones handle sensitive data. This is a concern, as these are often the weak links that are most vulnerable and likely to be targeted by individuals or groups that are going after valuable data. 

While more general asset management, especially in the banking sector, has traditionally been under scrutiny by regulators, APIs are emerging as a distinct category of assets that require their own dedicated oversight.

Consequently, API inventory discovery and lifecycle management are emerging as focal points for banking regulators, reflecting the evolving technological landscape and the critical role of APIs in modern financial systems.