While security practitioners will reap the benefits of AI, it’s equally likely that cybercriminals will explore ways to wield it as yet another weapon in their arsenal. AI will no doubt expand organisations’ attack surfaces as bad actors push its uses to new extremes, according to Splunk’s Security Predictions 2024 report.
“Generative AI is poised to enhance the portfolios and tactics of malicious actors. In 2024, we foresee the emergence of novel attack methods, where AI will not be the sole instrument introducing new threats as the robust adoption of 5G in India will also broaden the attack surface in ways that currently lack adequate protection, therefore presenting more opportunities for cybercriminals,” said Robert Pizzari, group vice president, strategic advisor, Asia Pacific, Splunk.
Here are some of the key trends in security and observability that have been outlined by Splunk for 2024:
CISOs will have more at stake: In 2024, CISOs will also have more at stake as the regulatory environment becomes more stringent, more complex and harder to navigate. 79% of line-of-business stakeholders see the security team as either a trusted source of information or a key enabler of the organisation’s mission. (from State of Security 2023).
AI will take on security tasks: Recent research from Splunk’s CISO Report revealed that 86% of security leaders believe generative AI will alleviate skills gaps and talent shortages. AI will be more like that assistant you can’t function without, taking on repetitive, mundane and labour-intensive tasks.
CIOs and CTOs will cut back on their architecture and infrastructure spending, making this the year of mindful budgets and massive disruption: Though people are excited about AI, they are also nervous – CIOs and CTOs will feel the demand to get more from less.
AI will change the way we detect and identify anomalies — it won’t replace manual troubleshooting’: AI will bring a more concise understanding of what’s going on in an environment. First AI will tackle anomaly detection, next up will be investigation and automated response. We will see automated remediation in the near future.
Observability becomes a meaningful signal to security operations: For many vendors, observability products are completely separate from security products. Customers are often frustrated by their lack of interoperability. Whether your servers live in the cloud or a back corner of your garage, a DevSecOps mindset will lead your organisation — big or small — toward digital resilience.