In this article, Scott Register, Vice President for Security Solutions at Keysight, emphasizes the importance of intelligent security testing.
With the pace of technology quickening, 2024 is shaping up to deliver another round of breakthroughs. Particularly, promising to fundamentally reshape how the world lives, interacts, and communicates. Pushing the boundaries of innovation, artificial intelligence (AI) and machine learning (ML) are poised to begin making serious impacts in every aspect of our lives, including cybersecurity.
Looking ahead, Scott Register, Vice President of Security Solutions at Keysight Technologies, shares cybersecurity insights in the era of AI and data privacy. Moreover, the increased attacks on critical infrastructure in 2024.
AI is impacting every aspect of our lives, including cybersecurity. Adversarial AI will increasingly be a problem. For example, generative AI can collect information from social media, corporate email, blogs, and other sources. Particularly, to generate specific and realistic phishing emails that can be personalized and mass-produced with almost no human input.
As a result, companies must deploy more advanced phishing detection systems, including those optimized to detect AI-generated content and improve employee training.
Moreover, AI will increasingly be used to generate network or endpoint behavioral patterns to see if different security products can identify them. As a lot of detection occurs at the SIEM (security information and event management), this can be tested via log messages rather than actual behavior, so AI is perfectly suited to take on this task. AI will increasingly take on a pivotal role in testing and evaluating security products.
Data privacy is a critical component of cybersecurity, and how you think about it differs significantly from areas like intellectual property. Stringent enforcement of who and what has access to personally identifiable information (PII) data and how to manage it securely requires special attention and specific skills. Increasingly, organizations will outsource the management of PII to help step up their efforts to protect the data and shift more of the risk to a third party.
Meanwhile, organizations will start to push more risk assumptions into the supply chain to protect themselves against inherited security flaws. In 2024, there will be stricter documentation requirements for secure design, implementation, and validation of supply chain components. Thus, to build resiliency, organizations will diversify their supply chain for critical parts.
Nonetheless, critical infrastructure is a key target of cybercriminals. If the wars in Ukraine or Israel spread, this will drive up the number of attacks from threat actors loosely aligned with nation-states. We’ve already seen increased attacks on utilities. Hence, in 2024, this will expand to include connected medical and smart home devices.
Products are an essential part of cybersecurity; however, people and policies are critical to fine tune and strengthen defenses. For example, testing your security stack and up-skilling your team will bolster your cybersecurity posture more than adding another dashboard.
There are numerous country-wide regulations to improve IoT cybersecurity, including the Cyber Trust Mark in the US, the ETSI EN 303 645 standard in Europe, and a labeling program in Singapore. In 2024, there will be more harmonization of the legislation to avoid manufacturers having to grapple with a multitude of requirements, which slows production and drives up costs. However, a global standard will remain elusive for now.
Cybercrime is the world’s 3rd largest GDP, and organizations are under constant attack. Bad actors are already utilizing intelligent tools to try to access networks, so it’s vital for enterprises to strengthen their defenses by integrating AI-driven security testing. Moreover, companies that fail to embrace intelligent testing are leaving flaw discovery within their network to bad actors. As always – you want to find it before they do.
The author of this article is Scott Register, Vice President of Security Solutions at Keysight Technologies. Scott has more than 20 years of experience leading product management and go-to-market activities for global technology companies. Register has served in product management and go-to-market roles in a range of companies, from startups to BreakingPoint, Ixia, Blue Coat, Check Point Software, and Keysight. He holds B.S. and M.S. degrees in computer science from Georgia Institute of Technology and also served as a member of the research faculty.