What challenges could companies face in the area of data protection this year? And how can they prepare for the emerging threats and opportunities?
Veritas Technologies, a provider of secure multi-cloud data management solutions, expects the following trends in data management and protection in 2024.
1. The first end-to-end AI-driven robo-ransomware attack ushers in a new era of cybercrime
In the past two years, 78 percent of companies in Germany have experienced ransomware attacks in which the attackers were able to gain access to their systems. This fact alone is worrying, but when combined with the use of artificial intelligence (AI), it becomes even more alarming. Tools like WormGPT are already making it easier for attackers to refine their social engineering attacks using AI-generated phishing emails.
This year, end-to-end AI-driven, autonomous ransomware attacks will become increasingly common. Starting with automation reminiscent of robocalls, the technology will increasingly be used to identify targets, carry out break-ins into systems, extort victims and then transfer ransom money to attackers' accounts. All of this is done with frightening efficiency and minimal human intervention, resulting in an even more drastic increase in the addressable potential number of victims and the frequency of attacks.
2. Targeted data corruption at the cellular level makes ransomware more dangerous than ever
As more companies recover from ransomware attacks without paying ransoms, cybercriminals are forced to evolve their tactics. In our opinion, they will also specifically damage data at the cellular level. A code is inserted deep into the victim's database. This code modifies or corrupts certain unspecified data if the attacked company has refused to pay the ransom.
The extent of this threat can only be estimated in retrospect. Since it is not clear whether and which data has been manipulated or damaged, all data can ultimately be affected. Or the perpetrators were just bluffing and the data was not corrupted at all. In such cases it is all the more important that copies of the data are available. These should be 100 percent secure, i.e. not tampered with, and be able to be restored quickly. Organizations need to know that all IT assets are protected, stored, and restored securely and immutably.
3. Adaptive data protection: Companies fight hackers without lifting a finger
More than two thirds of companies in Germany want to strengthen their cyber resilience with the help of AI. Since the technology is increasingly being misused by hackers, the question in the future will be where it can be used more effectively: to protect companies from attacks or as a tool for hackers to carry out attacks.
AI-controlled adaptive data protection, which is scheduled to come in 2024, is definitely considered a major advance. AI tools monitor changes in behavioral patterns to determine whether users have been compromised. When the solution detects unusual activity, it increases the level of protection - such as regular backups sent to differently optimized destinations - and creates an overall safer environment that protects against malicious actors.
4. The use of generative AI will impact the design of compliance regulations
Generative AI poses significant risks in its potential use cases, particularly in relation to data protection. The European Union has now taken a pioneering role by regulating the basis for the use of AI. Companies should now start taking steps to ensure their employees are properly using generative AI tools.
Because if data protection regulations are not adhered to, this can have serious consequences. The average amount of GDPR fines in 2023 will be 2,8 million euros per violation. Currently, the focus of supervisory authorities is primarily on how existing data protection laws can be applied to generative AI. However, as the technology continues to develop, Generative AI-specific laws can soon be expected that directly relate to such tools and the data used to train them.
5. Companies that have not hired a CISO in 2023 will clearly feel the consequences
The role of the Chief Information Security Officer (CISO) is seen as a dilemma in many places. Anyone who holds this highly respected position often has to face significant consequences. Several cases recently made headlines in which CISOs were found responsible for security breaches and subsequently lost their jobs or faced legal consequences. It's no surprise that many companies are struggling to fill open CISO positions.
At the same time, data security represents the greatest risk that companies face today - ahead of economic uncertainty and increased competition. And this risk continues to increase. In the coming year, the shortage of CISOs will take its toll. Cyber criminals will continue to increasingly target unprepared companies, especially with sophisticated AI-supported ransomware attacks. 35 percent of the German companies surveyed still have no or only a partial data recovery plan. 26 percent of executives and IT managers even fear that their companies will not survive the end of next year.
More at Veritas.com
About Veritas
Veritas Technologies is a leading provider of secure multi-cloud data management. More than 80.000 customers – including 91 percent of Fortune 100 companies – rely on Veritas to protect, restore and ensure compliance with their data.
Matching articles on the topic