NTT Presents Five Trends That Will Dominate the Cybersecurity Landscape in 2024
AI, Post-Quantum Cryptography, Zero Trust, Cryptography Research and More to Shape Current and Future Cybersecurity Strategies
Cybertech
| 25/12/2023
Illustration: IMAGO/Alexander Limbach via Reuters Connect
By Moshe Karako
2023 will go down as a year of tremendous evolution within the cybersecurity industry. As the world emerged from the pandemic and continued to adapt to the rapid implementation of digital transformation, businesses witnessed the rise of sophisticated ransomware attacks, state-sponsored cyber espionage and the constant need to secure the ever-expanding internet of things (IoT).
As a global innovator, NTT Corporation has been at the forefront of the cybersecurity industry’s evolution this past year and today, NTT has announced five key trends the company expects to have a far-reaching impact on the security landscape in 2024 and beyond.
1. Security for the Age of AI – AI promises to impact both cybercriminal behavior and cybersecurity strategies in 2024. Malicious actors will use AI to continue to accelerate malware and exploit development and for passive reconnaissance work to identify targets, software and weaknesses. AI will also reduce the cost of attacks through automated workflows, enabling more sophisticated phishing and disinformation campaigns. However, AI will also impact cybersecurity strategies and technologies by enhancing detection and analysis capabilities, improving the response to disinformation, phishing, malware and anomalous behavior. It will also pave the way for automated, efficient security operations, addressing workforce challenges.
“Cyber criminals and state actors are already taking advantage of generative AI to create phishing campaigns, write malicious code, or identify vulnerable systems to exploit,” said Mihoko Matsubara, Chief Cybersecurity Strategist, NTT. “However, AI capabilities are not only being used for nefarious purposes. Cybersecurity professionals have also found generative AI helpful in automating some tasks, data analysis, and vulnerability research. For example, NTT Security’s research noticed that generative AI maximized the efficiency and accuracy to identify phishing sites quickly.”
The continued advancement of AI will also force conversations in the cybersecurity industry around better, more secure posture across all business functions. In addition, the recent release of the White House Executive Order on AI is expected to drive AI-related initiatives in both public and private sectors, further emphasizing the significance of proper AI security hygiene.
2. Safeguarding Trust in Election Results – 2024 will bring with it presidential campaigns in Taiwan and the United States. As a result, malicious actors will increasingly use generative AI to spread disinformation. This continues a concerning trend seen in recent elections, with bots and bot farms contributing to divisiveness and the dissemination of intentionally misleading or entirely false content, including quotes and memes. In addition, implementing essential cybersecurity measures for systems and ensuring the physical security of voting machines, for example, remains critical.
“While the security of voting machines has improved, it remains a concern among voters,” said David Beabout, Chief Information Security Officer, NTT Security. “The ability to validate and log results manually to address questionable issues will become increasingly important in the United States. This shift toward resiliency and result validation is expected to gain more prominence in 2024.”
3. Implementing a Zero Trust Framework – The security landscape is becoming increasingly cloud-native, emphasizing the need for enhanced authentication methods to counter emerging threats, such as bypassing MFA through techniques like JSON Web Token (JWT) injection attacks. As a result, Zero Trust will evolve from a hot trend to a framework that will be implemented across many parts of organizations to enhance security defenses.
“Zero Trust is no longer a buzzword, but a core concept that organizations will implement to improve their cybersecurity measures,” said Taro Hashimoto, CSIS Visiting Fellow & Senior Manager of Cybersecurity, NTT. “The concept of Zero Trust is all about risk-based management and continuous process. This includes the implementation of a variety of underlying technologies, including Identity and Access Management (IAM), Endpoint Detection & Response (EDR), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Security Information & Event Management (SIEM), etc. that seamlessly integrate within an organization’s cybersecurity strategy.”
4. Preparing for the Looming Quantum Threat – While 2024 is unlikely to be the year where we see widespread adoption of quantum technology by hackers and threat actors due to its nascent stage and substantial costs in comparison to existing effective methods, there is an urgency to prepare for its arrival. Measures are already underway with the White House issuing a memo instructing federal agencies to initiate their preparations and NIST publishing draft versions of several potential Post-Quantum Cryptography (PQC) algorithms.
Given the extensive time required to migrate systems, in 2024 we will see a continued focus on preparing systems and applications for the adoption of quantum computing.
“While the timing of threats posed by scalable quantum computers is still speculative, the need to prepare for this threat is real,” said Kazuhiro Gomi, President & CEO of NTT Researc. “With NIST’s expected release of more PQC standards in 2024, industries, governments, and others are expected to begin ramping up their migration planning efforts. This is based on the concern that malicious actors are currently collecting ongoing communication data and could compromise security once scalable quantum computers become available.
In this regard, it’s important to note that cryptography researchers are working on fortifying the security of advanced cryptographic methods, such as attribute-based encryption (ABE) for PQC readiness.”
The challenge ahead lies in managing the security of encryption for those without access to quantum capabilities, as well as defending against those who possess such capabilities once they become more prevalent.
5. Advancing Cryptography and Encryption in 2024 – In 2024, we expect to see cryptography and encryption research continue to explore new ways to safeguard data, both at rest and in the cloud. The evolution of advanced encryption systems, like ABE (attribute-based encryption), presents an intriguing prospect for real-world adoption. However, concerns of privacy remain due to the absence of assured privacy in interactions with AI models. As these interactions may involve even more sensitive information than conventional search queries, it’s conceivable that researchers will delve into the prospect of enabling private engagements with such models.
“One potential area of interest across the cryptography research community is to expand private search queries to encompass private interactions with AI systems,” said Dr. Brent Waters, Director of the Cryptography & Information Security Lab, NTT Research. “The rapid rise and utility of large language models like ChatGPT has transformed various industries. However, privacy concerns could be holding back the potential of these technologies. I imagine that the research community will examine the possibility of having private interactions with these types of AI technologies.”
With the advancement of technologies such as artificial intelligence and quantum computing, 2024 will be the year that organizations implement and innovate through technology. Not only will businesses implement a Zero Trust strategy as a baseline cybersecurity practice, but they will also begin to capitalize on advanced cybersecurity technologies made possible through fundamental research and R&D such as ABE to safeguard their business, data and preserve privacy.
Moshe Karako is the Chief Technology Officer at NTT Innovation Lab Israel
AI, Post-Quantum Cryptography, Zero Trust, Cryptography Research and More to Shape Current and Future Cybersecurity Strategies
Illustration: IMAGO/Alexander Limbach via Reuters Connect
By Moshe Karako
2023 will go down as a year of tremendous evolution within the cybersecurity industry. As the world emerged from the pandemic and continued to adapt to the rapid implementation of digital transformation, businesses witnessed the rise of sophisticated ransomware attacks, state-sponsored cyber espionage and the constant need to secure the ever-expanding internet of things (IoT).
As a global innovator, NTT Corporation has been at the forefront of the cybersecurity industry’s evolution this past year and today, NTT has announced five key trends the company expects to have a far-reaching impact on the security landscape in 2024 and beyond.
1. Security for the Age of AI – AI promises to impact both cybercriminal behavior and cybersecurity strategies in 2024. Malicious actors will use AI to continue to accelerate malware and exploit development and for passive reconnaissance work to identify targets, software and weaknesses. AI will also reduce the cost of attacks through automated workflows, enabling more sophisticated phishing and disinformation campaigns. However, AI will also impact cybersecurity strategies and technologies by enhancing detection and analysis capabilities, improving the response to disinformation, phishing, malware and anomalous behavior. It will also pave the way for automated, efficient security operations, addressing workforce challenges.
“Cyber criminals and state actors are already taking advantage of generative AI to create phishing campaigns, write malicious code, or identify vulnerable systems to exploit,” said Mihoko Matsubara, Chief Cybersecurity Strategist, NTT. “However, AI capabilities are not only being used for nefarious purposes. Cybersecurity professionals have also found generative AI helpful in automating some tasks, data analysis, and vulnerability research. For example, NTT Security’s research noticed that generative AI maximized the efficiency and accuracy to identify phishing sites quickly.”
The continued advancement of AI will also force conversations in the cybersecurity industry around better, more secure posture across all business functions. In addition, the recent release of the White House Executive Order on AI is expected to drive AI-related initiatives in both public and private sectors, further emphasizing the significance of proper AI security hygiene.
2. Safeguarding Trust in Election Results – 2024 will bring with it presidential campaigns in Taiwan and the United States. As a result, malicious actors will increasingly use generative AI to spread disinformation. This continues a concerning trend seen in recent elections, with bots and bot farms contributing to divisiveness and the dissemination of intentionally misleading or entirely false content, including quotes and memes. In addition, implementing essential cybersecurity measures for systems and ensuring the physical security of voting machines, for example, remains critical.
“While the security of voting machines has improved, it remains a concern among voters,” said David Beabout, Chief Information Security Officer, NTT Security. “The ability to validate and log results manually to address questionable issues will become increasingly important in the United States. This shift toward resiliency and result validation is expected to gain more prominence in 2024.”
3. Implementing a Zero Trust Framework – The security landscape is becoming increasingly cloud-native, emphasizing the need for enhanced authentication methods to counter emerging threats, such as bypassing MFA through techniques like JSON Web Token (JWT) injection attacks. As a result, Zero Trust will evolve from a hot trend to a framework that will be implemented across many parts of organizations to enhance security defenses.
“Zero Trust is no longer a buzzword, but a core concept that organizations will implement to improve their cybersecurity measures,” said Taro Hashimoto, CSIS Visiting Fellow & Senior Manager of Cybersecurity, NTT. “The concept of Zero Trust is all about risk-based management and continuous process. This includes the implementation of a variety of underlying technologies, including Identity and Access Management (IAM), Endpoint Detection & Response (EDR), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Security Information & Event Management (SIEM), etc. that seamlessly integrate within an organization’s cybersecurity strategy.”
4. Preparing for the Looming Quantum Threat – While 2024 is unlikely to be the year where we see widespread adoption of quantum technology by hackers and threat actors due to its nascent stage and substantial costs in comparison to existing effective methods, there is an urgency to prepare for its arrival. Measures are already underway with the White House issuing a memo instructing federal agencies to initiate their preparations and NIST publishing draft versions of several potential Post-Quantum Cryptography (PQC) algorithms.
Given the extensive time required to migrate systems, in 2024 we will see a continued focus on preparing systems and applications for the adoption of quantum computing.
“While the timing of threats posed by scalable quantum computers is still speculative, the need to prepare for this threat is real,” said Kazuhiro Gomi, President & CEO of NTT Researc. “With NIST’s expected release of more PQC standards in 2024, industries, governments, and others are expected to begin ramping up their migration planning efforts. This is based on the concern that malicious actors are currently collecting ongoing communication data and could compromise security once scalable quantum computers become available.
In this regard, it’s important to note that cryptography researchers are working on fortifying the security of advanced cryptographic methods, such as attribute-based encryption (ABE) for PQC readiness.”
The challenge ahead lies in managing the security of encryption for those without access to quantum capabilities, as well as defending against those who possess such capabilities once they become more prevalent.
5. Advancing Cryptography and Encryption in 2024 – In 2024, we expect to see cryptography and encryption research continue to explore new ways to safeguard data, both at rest and in the cloud. The evolution of advanced encryption systems, like ABE (attribute-based encryption), presents an intriguing prospect for real-world adoption. However, concerns of privacy remain due to the absence of assured privacy in interactions with AI models. As these interactions may involve even more sensitive information than conventional search queries, it’s conceivable that researchers will delve into the prospect of enabling private engagements with such models.
“One potential area of interest across the cryptography research community is to expand private search queries to encompass private interactions with AI systems,” said Dr. Brent Waters, Director of the Cryptography & Information Security Lab, NTT Research. “The rapid rise and utility of large language models like ChatGPT has transformed various industries. However, privacy concerns could be holding back the potential of these technologies. I imagine that the research community will examine the possibility of having private interactions with these types of AI technologies.”
With the advancement of technologies such as artificial intelligence and quantum computing, 2024 will be the year that organizations implement and innovate through technology. Not only will businesses implement a Zero Trust strategy as a baseline cybersecurity practice, but they will also begin to capitalize on advanced cybersecurity technologies made possible through fundamental research and R&D such as ABE to safeguard their business, data and preserve privacy.
Moshe Karako is the Chief Technology Officer at NTT Innovation Lab Israel
