printer friendly version

PQC, AI & sustainability: five cybersecurity trends for 2024

The year 2023 will go down as a transitional year for cybersecurity and information technology in general. Quantum Computing is still in its infancy, and artificial intelligence is still limited to creating (mostly) authentic written and visual content rather than Artificial General Intelligence. Transformative technology is coming soon, but in the meantime, we are still struggling with rising rates of online crime and a shaky economy throughout much of the world.

This year, 2024, may be when we start to see these themes begin to change the world, with their impact felt in cybersecurity and, ultimately, our lives. In this article, we will look at some of the most important developments that our experts see coming in 2024, both in technology and the wider world it intersects with.

Nils Gerhardt.

PQC’s Y2K

For home computer users, the ‘Y2K bug’ was essentially a myth, and stories of ‘planes falling out of the sky and nuclear reactors shutting down’ were very much over-egged. Yet, the transition from the 20th to the 21st century did produce problems for several vital legacy systems that needed to be addressed.

We see similarities with post-quantum cryptography (PQC), which will protect all computer systems and communication against quantum computer attacks. Unlike with Y2K, we do not have a set date for when quantum computers will be able to break today’s cryptography. Still, when the day comes that quantum computers are able to break today’s cryptography, it will affect all of society. The impact could be particularly dangerous for large organisations and governments that depend on legacy systems. With IBM announcing a 1000 qubit quantum chip and an error-resistant 133 qubit chip, it is clear that advances are being made.

There has already been a concerted effort to develop quantum-safe cryptography, and it is becoming more widely deployed for commercial use. With Y2K, the industry made a concerted effort to reduce the risk of it causing significant impact. The same efforts should be made to prevent a data apocalypse in the future. It is a long process of adapting to the reality of quantum computing and post-quantum cryptography, but one which has already begun in earnest and will accelerate this year.

Artificial intelligence

The year 2023’s most significant digital story will undoubtedly continue to be a central theme in 2024. Like many new technologies, it will go from a novelty to routine, with regulations in place to keep it safe.

We have already seen cybersecurity agencies from governments around the world come together to work on security principles for AI, emphasising design, development, deployment, operations and maintenance. In fact, an agreement has been reached between the Council Presidency and the European Parliament on proposed harmonised rules for artificial intelligence – the so-called AI Law. These regulations aim to ensure that AI systems placed on the EU market and used in the union, are safe and uphold the values of the EU. Much of what the guidance lays out are the proposed safety mechanisms to control and regulate AI effectively and could apply to other areas of software development, such as supply chain security, threat modelling and even something as mundane as proper documentation.

On the other hand, we have already seen AI used for cybercrime (although it has not tended to be used in major hacks of large institutions yet). As with any new technology, there are those who want to use it for good or bad; AI will also help detect attacks and defend networks/companies. I would argue that as it has the potential to do so much, more efficiently than humans can, including the ability to correlate large datasets, it will become a strong ally to improve cybersecurity.

Cybersecurity and sustainability

On the surface, there seems to be little that unites the practices of ensuring that digital systems are secure and that companies and institutions are sustainable. However, there is an increasing consensus that the two are more connected than might be apparent initially.

Firstly, cyberattacks create waste. Time, money, electricity, and countless other resources must be expended to undo the damage of successful attacks. We have also seen attacks directly damaging the environment, such as water treatment facilities being remotely taken offline.

Secondly, achieving sustainability goals, whether in the ESG framework or not, requires deploying and monitoring new technology. These are largely Internet of Things devices – networks of CO2 sensors, micro-solar grids, etc. We have noted that since they involve hundreds or thousands of individual data connections, IoT projects have a vastly increased attack surface compared to traditional deployments. Hence, the same applies to sustainable projects.

Skills gap

A significant gap between the number and training of cybersecurity professionals that we need and the number we have has been an ongoing problem, but we predict that in 2024, progress will finally start being made.

Why? Because a situation in which a cybersecurity skills gap impacts 71% of organisations is not sustainable. It is simply the case that the problem has reached a point where it can no longer be ignored, and enough noise is being made that something will be done.

What will this be? Continually updated university-level training for cybersecurity professionals would be useful, but it would take several years for the next generation of professionals to make it through their training and into the workforce. Cloud-based third-party security solutions can also lower risk, but another potential answer is to cross-train and upskill within companies. For example, Utimaco is invested in the International School of IT Security AG, which offers a Master's in Applied IT Security and onsite and digital in-house training.

Infrastructure resilience

The fragility of our current ecosystem is underscored by the susceptibility of infrastructures to attacks, with the potential to disrupt entire systems. A scenario as simple as severing critical cables could regress us to a technological stone age, highlighting the urgent need for robust defences.

To address this vulnerability, numerous initiatives are underway to augment traditional terrestrial infrastructures with satellite-based solutions for communication and infrastructure. This introduces a new challenge; ensuring these space-based technologies are secure. Layering multiple security measures – such as encryption between satellites – on top of the infrastructure and its fundamental security will provide the high level of security required for critical data.

The future demands technological innovation and a foundation of trust and security to fortify our interconnected world.

As we can see, 2024 will be the year when many of the major themes that have been mounting up for years now will come to a head. It will be an interesting time for many industries. Still, cybersecurity, perhaps most of all, will be at the forefront of many of the major changes happening over the next year and for many more to come.

Share this article:

Further reading: