- hello@group8.co
- 12 Marina View, Singapore
Change is the only constant in life, and this is embodied in many facets of our now highly digital world. One prime example is cybersecurity, which evolves in step with the latest technological advances. Among these advances, the cloud and smartphones are certainly among the biggest transformations of our generation. But in more recent times, none can disagree that the advancements in AI and the introduction of generative AI tools have taken the spotlight and that their arrival has signalled the beginning of a new frontier for the cybersecurity landscape. So, as we welcome a new year of opportunities, let us also be wary of the cybersecurity trends and emerging threats in store for the next eleven months.
After successfully breaching a long list of international and well-known companies, threat actors will move on to find new targets and focus on non-English regions. With the help of AI chatbots like ChatGPT, anyone can now be extremely capable of communicating in any language, hence the shift in attention and expected increase of cyberattacks developed for more local languages. In fact, these attacks that extend beyond the English language have been happening since last year, with the greatest impact taking place in non-English speaking countries as the organisations there have yet to build up the experience their well-known contemporaries have. The inevitable advancements in generative AI will only further accelerate this trend. As such, recognising the importance of cyber risk re-evaluation in the age of AI is crucial as organisations worldwide face evolving threats in an increasingly multilingual cyber landscape.
As AI tools expedite the process of generating content and building out rich profiles for individuals by scraping data from the web, expect to see challenges in how much data can be collected and who is responsible for it: the person using the tool or the tool that is performing all the data aggregation?
Because of this, businesses should expect increased customer requests for the right to be forgotten in the short term, and they may also have to take an increased interest in their employees' publicly visible personal data. Lastly, they may need to look further at their corporate data and verify whether it is accessible by AI tools. With all that said, we should assume that current data privacy laws will need further revisions as AI becomes more commercialised.
Previously, AI chatbots simplified the process of gathering and aggregating public domain information, but since they only had access to legacy data, they could only output outdated results. However, newer versions like GPT-4 can now access the internet, enabling them to produce more accurate and up-to-date responses and allowing anyone to gather and build a detailed profile. This potential, combined with AI chatbots that can dynamically create personalised communications, empowers bad actors to carry out more personalised attacks and whaling attacks, as well as those in the supply and communication flows of their targets.
With more businesses embedding generative AI into their applications, the use of synthetic user accounts for testing, monitoring, dynamically querying and exchanging data between capabilities may soon become an established practice. The challenge here is that once these accounts are set up and instigated to test system capabilities, they run the risk of becoming forgotten in systems with many permissions, making them a prime attack vector for hackers.
Although much of today's technology is moving to the cloud, there is an ever-growing number of critical systems that are not cloud-enabled. Despite their remote nature, these systems are still getting targeted by adversaries and, more often than not, become collateral damage in the wake of more generic attacks. This is because, in truth, no closed or offline network is 100% disconnected. With the advent of the new EU NIS directive v2 and similar regulations focusing on vital business systems and the supporting supply chain, organisations must find and review the security solutions designed to run in completely offline environments.
Staying on top of cybersecurity trends requires attention to detail and thinking about the bigger picture. Naturally, the various macro forces now shaping the security landscape, from generative AI and compliance updates to ongoing real-world conflicts, are all essential factors that should inform your cybersecurity strategy. But at the end of the day, your organisational objectives should be the ultimate signpost that guides your decision-making.
If you are interested in keeping your cybersecurity defences ready for the threats of tomorrow, GROUP8 is the partner you can trust to make it so. As the one-stop shop for extensive and effective cybersecurity services in Singapore, you can rely on us to continuously innovate and improve your solutions to stay ahead of future threats and keep your organisation secure against the unknown. To learn more about our top-tier solutions, don't hesitate to contact us at hello@group8.co today.