Here are my predictions for 2024.
Exploring Information Security relaunches
I will be launching Exploring Information Security as a company in 2024. I may or may not have some insider information. I’m in a bit of a career transition and I have the opportunity to try turning this idea into a company. More details to come.
New buzzwords
I asked ChatGPT for some 2024 buzzwords. A couple of my favorites include:
Cyber Resilience: Focusing on an organization's ability to continuously deliver the intended outcome despite adverse cyber events.
Regulatory Compliance Tech: As regulations around data privacy and cybersecurity tighten, technologies and solutions to aid in compliance will be crucial.
Cyber resilience is an interesting one because I’ve worked in the Incident Response space for the last several months and the difference in backup plans for a ransomware attack varies by company in the small to medium business market. Some have a plans on how to continue to operate while others have zero ability to operate while down. This is basic disaster recovery planning and it doesn’t have to be malware it could be a natural disaster. I expect ransomware will become more of a topic in disaster recovery planning.
ChatGPT gave me plenty of AI buzzwords and I think that’s what we’ll see more of in 2024. AI will be thrown in everything even more than it was before. I imagine some form of AI defense or AI security will emerge as well because it’s a bit of a hot topic.
More breaches reported earlier and then updated later
As I recently wrote last week, Okta and 23andMe A New Public Relations Tactic in Disclosure? I suspect companies will report breaches sooner with limited information and then update later. First impressions are a hard thing to overcome. This is something companies will look to exploit as they try to control the public relations narrative.
On the less cynical side the new SEC incident disclosure rules are in effect and companies have less time to report on a breach. This could mean companies are reporting with less information and then need to update later. We’ve already seen a ransomware gang try to use this new disclosure rule to their advantage by filing a complain with the SEC because the company refused to negotiate.
Social engineering continues to make a comeback
With groups like Scattered Spider and LAPSUS$ emerging over the last couple of years I expect there to be more social engineering based attacks to get into an organization. We saw it in the second half of this past year with the MGM and Caesar and Okta hacks. The Verizon Data Breach Investigation report highlights the human element every year. We are the most susceptible systems to an organization. Everyone can be manipulated in some way.
Finally, AI will start to have a large impact on the workforce
AI is here to stay and I can tell you from experience that it is very useful. It will change society significantly over the next 10 years. Next year is going to be a big year. 70-80% of this site is built with the help of AI. I would not have been able to put up as much content without it. It’s been a great learning opportunity.
Development and documentation based professionals will be impacted the most this year. People not use it will put out more work than their co-workers. People that don’t will be let go because they won’t be needed. Developers are already using it to start code and build unit tests. GRC folks can write 10 policies in a matter of just a few hours. I did it for a company last year. Whatever field you’re in, I’d recommend starting to get familiar with it now because the next generation of professionals are already there.
What are your predictions for 2024? Leave a comment below.
This blog post first appeared on Exploring Information Security.