By Mark Houpt, DataBank Chief Information Security Officer
Earlier this year, I offered three predictions for cybersecurity in 2023, and Forbes asked for my thoughts on cyber attacks in 2022. For 2024, I have these five predictions:
Despite what many people believe, AI itself will not be the source attacks. Rather, it will be an amplifier of attacks. Because the technology can repeatedly run attacks and learn to alter itself based on the responses it receives, the addition of AI will make attackers much more effective, damaging, and robust. As the industry evolves next year, security professionals will focus on staying ahead of the game. They will defend their networks with AI tools that can auto-sense attacks and respond accordingly.
Bad actors keep getting more sophisticated with their attacks. However, security teams must not surf the trend wave or look for shortcuts in their strategies in response. Everyone wants to adopt the shiny new solution, but as cybersecurity professionals navigate the landscape next year, we will see a greater push toward tried-and-true methods. Rather than adding the next big thing to their arsenal, teams will focus on assuring sound practices, doing what’s required by regulations in 2024.
Expect more organizations to adopt identity verification to ensure the authenticity of individuals during account onboarding. The increasing adoption of identity verification across various organizations is a response to the evolving digital landscape, marked by advancements in AI and a growing need for robust authentication methods.
This trend is particularly relevant in the United States, where both government regulations and standards set by the National Institute of Standards and Technology (NIST) play a pivotal role. The trend toward broader adoption of identity verification is a necessary response to the challenges posed by an increasingly digital and interconnected world. The U.S. government and NIST requirements act as catalysts in this process, ensuring organizations adopt practices that are secure, reliable, and respectful of individual privacy.
First, the U.S. government has emphasized the importance of reliable identity verification in safeguarding national security and protecting individual privacy. Various regulations and standards—such as the Real ID Act and the guidelines provided by the Department of Homeland Security—underline the need for stringent verification processes. This focus is not only to combat identity theft and fraud, but also to ensure that government services are accessed securely and efficiently.
Second, NIST, a non-regulatory agency of the U.S. Department of Commerce, sets standards for identity verification. NIST guidelines, especially the NIST Special Publication 800-63, provide a framework for digital identity services. These guidelines emphasize the use of multiple factors for authentication, the importance of user consent, and the management of privacy risks. They advocate for a layered approach to security, incorporating both physical and digital methods of verification.
The wider adoption of identity verification is also driven by advancements in AI. AI algorithms can now analyze biometric data, detect anomalies in user behavior, and verify documents with higher precision. This not only improves the security of the verification process but also enhances the user experience by making it more seamless and efficient.
In 2024, third-party vulnerabilities are poised to significantly impact the cybersecurity landscape, a trend accelerated by the directives of Executive Order (EO) 14028. This order, aimed at improving the nation’s cybersecurity, underscores the critical nature of third-party risks. As organizations increasingly rely on external vendors and cloud-based services, the security of these third-party entities becomes a pivotal concern.
The interconnectedness of digital ecosystems means a single vulnerability can have cascading effects, leading to widespread security breaches. Compliance with EO 14028 will drive organizations to rigorously assess and monitor their third-party partners.
This shift will lead to a more resilient digital infrastructure but also requires significant investment in risk assessment tools and strategies to manage the expanding threat landscape. The overall impact will be a heightened focus on collective cybersecurity responsibility, moving beyond individual organizational boundaries to a more holistic, network-centric approach.
The 2024 U.S. Presidential election is likely to be a major target for hacktivists and nation-state actors aiming to influence or disrupt the democratic process. Hacktivists, motivated by political agendas, could deploy tactics like doxxing, website defacement, or spreading disinformation through social media.
Meanwhile, nation-state actors, seeking to destabilize the U.S. and undermine its global standing, might engage in more sophisticated cyber operations. These could include hacking into election infrastructure, stealing sensitive data, or launching influence campaigns to sow discord and mistrust among the electorate. Both groups view the high-stakes nature of the presidential election as an opportunity to amplify their impact, making cyber security a critical concern for maintaining the integrity of the election process.
###
Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.
