*Per Matt Waxman
Data is the lifeblood of every modern organization, making its management and protection a top priority for virtually every IT department. With increasing importance every year, anticipating and projecting risks and future actions is essential for companies. In this sense, we share the seven main perspectives for 2024 that will impact data management and protection:
1. The first end-to-end AI-powered robotic ransomware attack will usher in a new era of cyber torment for organizations.
Almost two thirds (65%) of organizations have suffered a successful ransomware attack in the last two years in which an attacker gained access to their systems. While surprising in itself, this is even more worrying when combined with recent developments in artificial intelligence (AI). Tools like WormGPT already make it easier for attackers to enhance their social engineering with AI-generated phishing emails that are much more convincing than those we have previously learned to detect. By 2024, cybercriminals will put AI to full use with the first end-to-end autonomous AI-driven ransomware attacks. Starting with robocall-style automation, eventually AI will be put to work identifying targets, executing breaches, extorting victims, and then depositing ransoms into attackers' accounts, all with alarming efficiency and little human interaction.
2. Targeted data corruption at the cellular level will make ransomware more dangerous than ever.
As more organizations become more prepared to recover from ransomware attacks without paying ransoms, cybercriminals will be forced to continue evolving. In 2024, we expect hackers to turn to targeted cell-level data corruption attacks – code secretly implanted deep within a victim's database and lying in wait to secretly alter or corrupt specific but undisclosed data if the target refuses to pay a ransom. The real threat is that victims will not know what data – if any, the hackers may be bluffing – has been altered or corrupted until the repercussions take hold, thus rendering all of their data untrustworthy. The only solution is to ensure they have secure copies of their data, with 100% assured that it is not corrupted and can be quickly restored.
3. Adaptive data protection will combat hackers autonomously, without organizations lifting a finger.
More of two thirds of organizations are looking to increase their cyber resilience with the help of AI. But given the dual nature of AI as a force for both good and evil, the future question will be whether AI-powered protection of organizations can evolve ahead of AI-powered hacker attacks. Part of this evolution in 2024 will be the emergence of AI-based adaptive data protection. AI tools will be able to constantly monitor changes in behavior patterns to see if users may have been compromised. If the AI detects unusual activity, it can respond autonomously to increase its level of protection. For example, starting more regular backups, sending them to differently optimized targets, and generally creating a more secure environment to defend against bad actors.
4. Data compliance regulations focused on generative AI will impact adoption.
For all its potential use cases, generative AI also carries heavy risks, including data privacy concerns. Organizations that do not implement adequate safeguards to prevent employees from potentially violating existing privacy regulations through inappropriate use of generative AI tools are playing a dangerous game that is likely to have significant consequences. In the last 12 months, the average organization that suffered a data breach resulting in regulatory non-compliance spent more than 336,000 dollars in fines. Right now, most regulatory bodies are focused on how existing data privacy laws apply to generative AI. But as the technology continues to evolve, specific legislation for generative AI is expected in 2024 that applies rules directly to these tools and the data used to train them.
5. For every organization that moves to the cloud, another will develop an on-premises data center as the hybrid cloud balance settles.
The percentage of data stored in the cloud compared to on-premises has steadily grown to the point where it is estimated that 57% of the data is now stored in the cloud, with 43% being on-premises. This growth has come from both mature companies with on-premises foundations moving to the cloud and newer companies building their cloud infrastructure from the ground up. But both categories of organizations are learning that, despite all its benefits, the cloud is not ideal for all applications and data. This is leading many companies that have moved to the cloud to partially repatriate their data and cloud-native companies to supplement their cloud infrastructure with on-premises computing and storage resources. As a result, by 2024, we will see hybrid cloud balance: for every organization that moves to the cloud, another will build an on-premises data center.
6. Tool expansion will force a “one in, one out” approach to enterprise security.
Estimates put the average set of enterprise security tools at 60-80 disparate solutions, with some companies as many as 140. Too much of a good thing is a bad thing – expanding enterprise security tools leads to lack of integration, alert fatigue, and management complexity. The end result is a weakened security posture, exactly the opposite of what was intended. Recognizing this, by 2024, many companies will reach maximum capacity, forcing a “one in, one out” mentality into their enterprise security toolkits or consolidating to more comprehensive integrated solutions.
7. The repercussions of not hiring CISOs in 2023 will impact many organizations and be catastrophic for some.
The role of chief information security officer (CISO) is often seen as a poisoned chalice – a lofty position, but one that often comes with heavy consequences. Recent headlines have highlighted several CISOs who have been held accountable for security breaches, facing termination of employment and even litigation. It's no wonder that many organizations have struggled to fill vacant CISO positions in 2023. At the same time, data security is the main risk organizations face today – even overcoming economic uncertainty and competition – and the risk is increasing. By 2024, the fallout from CISO job vacancies will have a major impact as cybercrime, such as ever-evolving ransomware threats, continue to target unprepared organizations – more than a third (38%) states that they do not have a data recovery plan in place or only have a partial plan. So much so that 15% of IT executives and leaders think their organizations might not even survive until the end of 2024.
Anticipating risks and defense actions are key elements for preparation. And, preparing, in turn, is the key to success. Understanding the trends outlined here gives organizations a head start to ensure effective data management and protection in 2024 and beyond
*Matt Waxman, Senior Vice President and General Manager, Global Data Protection, Veritas Technologies
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
