As we approach 2024, after yet another year of increasing cyber threats and attacks, the new year continues to present an even tougher outlook for cyber security experts.
To uncover potential threats on the horizon, security experts from Imperva have shared their insights to help organizations prepare for what could be another challenging year.
Organizations will have a ‘Generative AI reality check’
Reinhart Hansen, Director of Technology within the Office of the CTO at Imperva
Although the continued advancement of GenAI is inevitable, the hype surrounding it is due for a reality check in 2024. Like most technologies, its adoption will encompass both beneficial and detrimental aspects, often marked by exaggerated claims, particularly in its early developmental stages. This is where the concept of “AI washing” enters the scene, with businesses falsely advertising AI integration in their products or services, misleading consumers. In this evolving landscape, one thing is certain: cyber criminals will leverage AI to build new attack vectors never seen before and generate new variants of existing vulnerabilities, leading to a surge of new Zero-Day attacks. The industry will need to work diligently to respond to and mitigate these threats, ensuring that the promising future of AI remains secure and beneficial for all.
2024 will be the year organizations finally wake up to API risks
Lebin Cheng, Head of API Security at Imperva
2023 saw the API explosion rumble on. Research shows that the average business has hundreds of APIs in production, while some have over a thousand. In 2024, organizations will come to terms with the fact that they need to take a more proactive approach toward securing their APIs.
The challenge is that many organizations don’t have the right defenses or controls in place. They don’t know where their APIs are deployed or what data they’re accessing. This exposes them to risks in magnitudes that they cannot comprehend or even begin to quantify. In 2024, as pressure to mitigate API-related security incidents continues to grow, security leaders will look for and invest in solutions that integrate seamlessly into their existing application security technology stack. This approach will give organizations a more coordinated and unified view of automated threats that target APIs and critical applications –many of which connect to data stores where the businesses’ data is located. In the coming years, this will force a new era of convergence in the security industry where API management and security are embedded within application security platforms.
2024 will see an increasing urgency to restore data control
Terry Ray, SVP of Data Security at Imperva
As the power of AI hinges on intelligent data, in 2024, organizations will realize that data security is more important than ever. For years, organizations have hoarded data – with much of it now unknown and hard to secure. This lack of control, in turn, increases risk without adding value. At the same time, organizations have wrongly assumed that a lot of their data isn’t worth protecting, only prioritizing data classified as highly sensitive and forgetting about their “low risk” data, such as publicly available data. This assumption is not only wrong but dangerous.
Firstly, AI systems, especially powerful language models like GPT, lean on this data to shape predictions and decisions, so holding on to unused – and especially out-of-date or inaccurate – data could come back to haunt businesses. Adding to this risk is the rise of “Shadow AI,” with organizations unaware of how employees use AI applications and what data they feed the models behind them. Beyond this, every byte of data that an organization holds is a security risk: the high risk data can be stolen and weaponized, while hackers can access the low risk publicly available data as a place to live, watch, and wait for the perfect moment to steal the crown jewels.
Organizations must come to grips with the urgency of regaining control over their data – understanding where it is, how it is being used, and whether it even needs to be stored at all.
Phishing and social engineering attacks will remain the top threats
George Lee, Senior Vice President, Asia Pacific and Japan at Imperva
As GenAI advances, expect to see an escalating risk from cyber threats, particularly social engineering tactics. The most concerning issue is that simple phishing attacks are still the most common and effective. Resolving this demands a shift in mindset – we need to recognize that cybersecurity isn’t just the concern of experts or senior leadership; it’s a collective responsibility that extends to all of us. The first step is to make cybersecurity easier to understand and recognize that it isn’t limited to advanced technology.
