Cybersecurity landscape shaped by PQC, AI & sustainability
As we usher in 2024, the cybersecurity landscape is poised to be continually shaped and influenced by technological advancements and related global phenomena. CTO and cybersecurity expert at Utimaco, Nils Gerhardt, outlines five key developments set to primarily drive this transformation: post-quantum cryptography (PQC), artificial intelligence (AI), sustainability, infrastructure resilience, and the persistent skills gap in the industry.
2024 may witness significant developments in the adoption of PQC. In effect, its role is likened to the Y2K scenario wherein perceived potential technological risks sparked a widespread concerted effort to mitigate them. Gerhardt suggests there is a pressing need for similar efforts to gear towards preventing what could potentially be a catastrophic data breach when quantum computers attain the capacity to break current cryptography. Ongoing technological advancements, such as IBM's recent announcement of a 1,000 qubit quantum chip and an error-resistant 133 qubit chip, underscore the urgent necessity of developing and widely deploying quantum-safe cryptography.
The wave of AI, which made torrential headlines in 2023, is set to grow from a novelty to a routine aspect of cybersecurity, necessitating solidified regulations. According to Gerhardt, AI poses substantive potentiality for both cybersecurity enhancement and cybercrime exploits, necessitating robust regulation. There now exist safety mechanisms proposed to regulate AI effectively, much of which could ideally extend to other areas of software development. The AI law is a case in point. This European harmonised rule aims to ascertain safety and uphold the EU's values in AI systems used within the Union.
Similarly, the convergence of cybersecurity and sustainability is becoming more evident. Cyberattacks result in waste, requiring considerable resources to rectify. Also, the pursuit of sustainability goals often necessitates deploying new technology, including Internet of Things (IoT) devices, which have a larger attack surface than traditional deployments. Thus, ensuring cybersecurity for these devices is a critical approach to meeting sustainable projects' objectives.
Another prevailing trend is the alarming skills deficit in the cybersecurity industry. Currently, there is a staggering 71% of organisations suffering an impact due to a cybersecurity skills gap. Gerhardt anticipates significant strides towards closing this gap in 2024. Potential measures may include continuous university-level training for professionals, and crosstraining and upskilling within existing companies.
Lastly, the resilience of infrastructure against cyberattacks is set to be a key area of focus. The trend towards supplementing traditional terrestrial infrastructures with satellite-based solutions introduces a fresh challenge – securing these space-based technologies. Multilayered security measures, such as encryption between satellites, will be crucial to provide the high degree of security required for critical data.
As Gerhardt articulates, "2024 is going to be the year when a lot of the major themes that have been mounting up for years now will come to a head... cybersecurity will be at the forefront of many of the major changes that will be happening over the next year, and for many more to come".