What are the five most important cybersecurity and cloud native technology trends for 2024? Rise of 1000x developers and hackers, AI poisoning attacks and certificate-related failures will pose challenges for the security industry.
Venafi, the maker of machine identity management, today released its 2024 cybersecurity and cloud native landscape predictions. AI poses new threats and exacerbates existing risks, the lifespan of machine identities decreases, and the authenticity of codes is subject to stricter scrutiny. As a result, the coming year will be challenging for the security industry.
“In 2023, companies have experienced a wave of AI innovation, but as they began to experiment with new use cases, risks increased and new threats emerged,” said Kevin Bocek, VP of Ecosystem and Community at Venafi. “New threats such as AI poisoning and model escape have emerged, while massive waves of generative AI code are being exploited by developers and novices in ways that are yet to be understood. Additionally, AI and machine learning run on native cloud infrastructures, making the use of technologies like Kubernetes an even bigger target for attackers. These issues will have major security implications in 2024 and beyond if left unaddressed.”
Five most important predictions for 2024
1. In 2024, the “1000x developer” combined with the “1000x hacker” will form the ideal framework for security breaches.
“The growing momentum behind the '1000x Developer' movement, which aims to make developers a thousand times more productive through AI, will further exacerbate security challenges in the coming year. The speed and complexity of securing modern environments are remarkably high. Organizations are already facing challenges: 75 percent of IT and security leaders believe the speed and complexity of Kubernetes and containers are creating new security vulnerabilities, while 59 percent of respondents admit to having experienced security-related issues in Kubernetes or container environments .
75 percent of IT and security leaders believe the speed and complexity of Kubernetes and containers are creating new security vulnerabilities...
Further complicating the situation is the rise of the “1000-fold hacker” – AI-enabled attackers who are just as prolific and powerful. Companies can't possibly hire 1000 cyber professionals to compete with these threats. The solution is to embrace the power of automation that operates at machine speed. The only way to keep up with threats is to deploy automation at machine speed. When developers use AI to be 1000x more productive, we also need 1000x a CISO and 1000x a security architect.” – Kevin Bocek, VP of Ecosystem and Community at Venafi
2. 2024 will be the crucial year for the AI poisoning attack as elections are the target.
“In 2024, AI poisoning attacks will be the new threats to the software supply chain. These attacks are characterized by attackers targeting the input and output data pipelines to manipulate data and poison both AI models and the results they produce. As AI is used in a wide range of business-critical workloads – potentially with very little oversight – the integrity of such systems is of paramount importance. Even small changes to the input data can dramatically affect the results, either immediately or slowly over time. Therefore, it is crucial to secure all data fed into AI. This means that the origin of the data must be traced and technologies such as code signing must be used to ensure the security of the data.
Coinciding with major global elections, the widespread adoption of generative AI in 2024 is expected to lead to a significant increase in election interference. From the creation of convincing deepfakes to the increased spread of targeted misinformation, the concept of trust, identity and even democracy itself is under serious scrutiny. This will mean increased responsibility for individuals to think critically and make informed decisions. Likewise, media platforms are required to actively combat and eradicate false content.” – Shivajee Samdarshi, senior product manager at Venafi
3. Next year, regulations will further intrude on development as changes to liability for data breaches could impact innovation.
“Next year, the EU will likely be forced to revise the Cyber Resilience Act as it is unworkable in its current form. The wording of the law regarding liability for data protection violations and open source is particularly worrying. As it currently stands, a 16-year-old developer who creates open source code and receives only a coffee as a reward could theoretically be held accountable if an organization using his code suffers a data breach. Therefore, it is necessary to clarify the law regarding liability provisions to ensure that people developing open source code in the EU can continue to contribute.
Cyber Resilience Act: As currently drafted, a 16-year-old developer who creates open source code and receives only a coffee as a reward could theoretically be held accountable...
Looking ahead to 2024, the topic of “Know Your Code” will become increasingly important, supported by regulations such as the Executive Order on SBOMs. This means that companies must identify and verify the origin of the code they use. In an age where AI is being used to generate code, determining the origin of code is more difficult than ever. Companies that fail to adhere to this principle face not only attacks, but also potential fines.” – Matt Barker, Global Head of Cloud Native Services at Venafi.
4. As enterprises struggle to scale security and governance across trust boundaries, machine identity and access management in 2024 will focus on the workload layer.
“Research shows that 76 percent of IT leaders believe we are moving toward a cloud bill in terms of cost and security. Many organizations began their journey with a single cloud provider, requiring them to manage identity and access only within that one environment. However, 69 percent admit that they took many old security problems with them when moving to the cloud. As organizations have matured, they have begun to use the cloud in a distributed manner across multiple trust boundaries, requiring management of all identities.
The challenge in 2024 is to ensure that security controls work everywhere and can be managed consistently. This requires a strategic shift to a neutral, decentralized method of managing machine identities and access control. This change enables workload-level identity and access authentication. As a result, the adoption of federated identities, such as SPIFFE machine identities, will increase. Enterprises can then leverage their existing public key infrastructure to robustly encrypt workloads regardless of where they run.” – Sitaram Iyer, Senior Director of Cloud Native Solutions at Venafi.
5. Failures will double by 2024 as the lifespan of machine identities decreases.
“Shorter lifespans of machine identities can cause chaos as failures can double or even triple. Google has already announced that it will shorten the validity period of public trusted TLS certificates to 90 days - an important step to make it more difficult for cybercriminals to misuse identities. However, most companies are not prepared for this. We have seen the most recent impact of certificate defaults when entire payment systems collapsed and people were no longer able to fill up their cars or buy groceries. As certificate lifespans continue to shorten, this will become more common unless organizations automate machine identity management.” – Kevin Bocek, VP of Ecosystem and Community at Venafi.
More at Venafi.com
About Venafi Venafi is the leader in cybersecurity for machine identity management. From the foundation to the cloud, Venafi solutions manage and protect identities for all types of machines - from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, lifecycle automation, and actionable intelligence for all types of machine identities and their associated security and reliability risks.