Cybersecurity trends: a look into the (near) future of IT security
The AI hype and growing cyber threats pose new challenges for IT security. In addition to large companies, SMEs and the public sector are now increasingly being targeted by ransomware & co.
Since the beginning of 2024, the cybersecurity situation has worsened worldwide. In addition to browsers and email, networks, smartphones and even printers are increasingly becoming a target. This is changing the way security strategies need to be implemented.
Lukas Pfeiffer, Communications Director at PIABO, provides an overview of the ten latest cybersecurity trends and takes a look at the future of IT security.
Artificial intelligence and machine learning
Yes, AI is everywhere. With ChatGPT, OpenAI has launched the world's leading AI chatbot. The Generative Pre-trained Transformer uses artificial intelligence and modern machine learning technology. Numerous other companies have subsequently developed their own solutions or solutions based on ChatGPT. However, what makes work and leisure easier also opens up new threats to cybersecurity.
The integration of AI and ML into IT systems is therefore becoming increasingly intensive. These technologies not only enable faster (automated) detection of threats, but also more precise prediction of potential security risks. AI algorithms can already analyse cyber threats in real time and initiate immediate measures to neutralise attacks (even sooner). This autonomous and self-learning response capability will make companies and organisations more resilient and less dependent step by step.
Growing importance of IoT and IIoT security
"The Mittelstrand is the backbone of the German economy" used to be a common refrain. Nowadays, it's more accurate to say "The Internet of Things is the backbone of industry". And in addition to the IoT, the IIoT, the Industrial Internet of Things, is now one of the fundamental technological foundations of manufacturers and producers, many of whom are SMEs and hidden champions that operate globally and export worldwide.
Corporate networks know no national borders. CIOs and CTOs therefore have a growing need to secure IoT devices and IIoT systems as well as the resulting cloud or edge networks anytime and anywhere. The focus must therefore be on implementing advanced security protocols and advanced encryption technology for industrial facilities. Security certifications for new or external devices must also become mandatory. True to the motto: 2FA is good, MFA is better.
Remote working is here to stay
Even before the global coronavirus pandemic, remote work or work from anywhere has offered numerous advantages (not to mention sustainability). However, remote working also requires comprehensive, improved security concepts. Technologies that ensure secure and seamless access to company resources are crucial here. Acceptance is much higher if usability for end users is always taken into account. Encryption and advanced authentication methods are core aspects that significantly increase the security of remote work and protect the integrity of company data.
Although the "Bring Your Own Device" (BYOD) concept enabled rapid adaptation to the home office during the pandemic, it is increasingly being criticised for security risks. Using personal devices to access company networks increases the risk of security breaches. Strict security guidelines, compliance requirements or simply the GDPR often lead to employees looking for simpler but insecure solutions. Companies are therefore tending towards alternatives such as "Choose Your Own Device" (CYOD) or "Company-Owned, Personally Enabled" (COPE) to manage a heterogeneous device landscape.
Quantum computing and implications for cyber security
Ask ChatGPT how it would explain quantum computing to a child and you get this: "Quantum computing is like a super-fast type of computer that can solve very difficult tasks much faster than normal computers ever could." In reality, however, quantum computing poses a significant challenge to cybersecurity, as its ability to solve complex mathematical problems underlying traditional encryption methods extremely quickly could potentially render common cryptographic methods such as RSA and ECC obsolete.
In other words, IT managers are faced with the task of developing and implementing quantum-resistant cryptography. Attackers are getting stronger, so defences must also become more powerful. Protecting current and future IT infrastructures against quantum computing-based attacks using post-quantum cryptography will soon be (economically) crucial.
Phishing attacks gain sophistication
They just won't go away: phishing attacks have long been a persistent threat in the world of cyber security. In terms of effectiveness, phishing and its associated risks (malware, ransomware, injections, etc.) continue to evolve. Modern phishing attacks have learned to bypass traditional security measures and use personalised and technically advanced tactics to deceive users. According to a recent study by Captera, phishing and social engineering attacks are cited as the main reason for investing in AI security,
For a high level of IT security, robust authentication systems are needed to increase security. Two-factor and multi-factor authentication can make a decisive contribution to protecting the security of data and systems. Analysts see an increasing preparation of the "least privilege" concept, i.e. the principle of minimising the assignment of rights, to protect against such attacks. Each user is only given exactly as many access rights as they actually need.
A holistic view of mobile security
What do Remote Work, Bring Your Own Device and Edge Computing have in common? More and more mobile devices, portable control systems and variable sensors can be found in today's modern IT landscape. This results in more connectivity, more traffic - and also more potential security vulnerabilities. A 360-degree approach to mobile security is essential in order to effectively manage the growing challenges in the IT security landscape.
This requires a comprehensive cybersecurity strategy that not only includes robust encryption protocols and MFA, but also integrates advanced threat detection, endpoint security and regular security audits. VPNs and firewalls should also be integrated to secure data traffic and ward off man-in-the-middle attacks, for example.
Zero trust as a must-have
"Never trust, always verify". This is the principle of Zero Trust, which has evolved from a niche approach to a central element of cyber security strategy. Zero Trust treats every access attempt as a potential threat, which requires rigorous identity verification and continuous monitoring of network activity.
The transition to a zero trust framework marks a paradigm shift in cybersecurity for organisations, focusing on continuous verification and minimal access rights to strengthen network security. This approach is particularly effective in mitigating insider threats and is becoming increasingly relevant with the proliferation of cloud services and remote working.
More cybersecurity knowledge protects
Cybersecurity vs. skills shortage. An area that is still partly underestimated. The challenges in the field of cybersecurity are increasing, but training and further education are stagnating or cannot keep up with the pace of development. With the increase in complex cyber threats, the demand for qualified cyber security experts is rising sharply. There is often a lack of knowledge and sufficiently trained people to effectively combat these new types of threats. This deficit poses an increased risk not only for individual companies and the public sector in particular, but also for the global cyber infrastructure.
A variety of initiatives are being implemented to close this gap: security manufacturers and public education providers are expanding their offerings and curricula in the area of cyber security. Specialised degree courses and certifications are geared towards practical training. Professional development is also becoming increasingly important. In addition, public-private partnerships are strengthening collaboration between companies and educational institutions to develop training programmes that are directly tailored to industry needs. These measures play a crucial role in reducing the cybersecurity skills gap and lead to a more resilient digital ecosystem.
More Blockchain, More Cybersecurity
Blockchain technology is playing an increasingly important role in cybersecurity. Its core features – such as immutability, transparency, and tamper resistance – make it ideal for protecting digital transactions and sensitive data such as identity information and financial transactions. Blockchain can effectively prevent data manipulation, as changes are impossible without network consensus.
Industry experts expect that, in the near future, blockchain will be essential for the security of cloud systems and IoT devices by turning each device into a secure, autonomous network element, thus making networks more robust against security attacks. Additionally, the use of blockchain-based smart contracts is set to increase, enhancing the security of online transactions through self-executing contracts. These developments significantly bolster digital security and offer advanced solutions for protecting data and identities.
What the EU Has to Do with Cybersecurity
With the introduction of new EU laws such as DORA, NIS-2, the Cyber Resilience Act, and the EU AI Act, European companies are facing extensive regulatory challenges. Additionally, globally operating companies are confronted with overlapping regulations from other regions, including the USA and China. This wave of regulations is leading to a "New Era of Cybersecurity Transparency," where reporting on cyber incidents and practices shifts from being a voluntary task to a mandatory one.
This demands enhanced skills from CISOs, who now need to be able to transform operational cyber reports into reports that can be utilised by boards and form the basis for appropriate budgets for protective measures. According to PwC's "Digital Trust Insights" study, 73 per cent of the surveyed companies incur significant additional costs due to adaptations to the harmonised cyber and data protection laws. Companies should therefore act early and proactively to effectively meet these challenges.
Lukas Pfeiffer is the Communications Director at PIABO and has been advising companies for many years, including in the areas of AI, cloud, and IT security. The Deep Tech Unit at PIABO consists of many experienced experts and consultants who deal with highly current and complex technology topics from AI to quantum computing. Would you like to learn more about cybersecurity trends? Then contact the Deep Tech Unit now at: deeptech@piabo.net.