As the saying goes, “Those who do not learn from history are doomed to repeat it.” So as 2023 enters our rearview mirror, what lessons can we take from it? In the case of cybersecurity, there are plenty. It’s been a packed year of cybersecurity incidents and trends that are bound to shape the field in 2024. In this post, we roundup just some of the common themes.
AI and Cybersecurity
Fast Company’s Andrew Newman reports that “cybersecurity costs are predicted to rise globally to $10.5 trillion by 2025 as cybercrime becomes more sophisticated.” One of the key factors in this rise will undoubtedly be artificial intelligence (AI). In fact, 2023 taught us that AI – Generative AI particularly – is already playing a role in cyber crime. By advancing phishing capabilities, Generative AI was utilized in high-profile attacks against companies such as Clorox and MGM Resorts.
AI’s prominence is one of the reasons that it has been included as a major component of the National Defense Authorization Act for Fiscal Year 2024 (NDAA). NDAA establishes several AI tasks for the Pentagon and US State Department in order to address the evolving connection this technology has to protecting sensitive information such as nuclear information.
Medical Device Cybersecurity
In addition to AI, another concentration of NDAA is the creation of a military pharmaceutical and medical device vulnerability working group. As Cynthia Brumfield writes for CSO, this group is meant to “discuss issues involving access, threats, and vulnerabilities to pharmaceuticals, therapeutics, and medical devices in operational environments of the Defense Department.”
But it isn’t just NDAA focusing on the cybersecurity of medical devices. The Food and Drug Administration also introduced a policy this Fall that intends to address the growing cybersecurity risks facing the increasingly connected healthcare sector. Manufacturers submitting new devices must now include a software bill of materials (SBOMs) in order to provide transparency around any potential vulnerabilities. This requires having to turn in reviews of the hardware and software used in the development of devices, which is a practice that is projected to expand. Health Data Management predicts that both manufacturers and providers should expect more regulations to roll out in 2024.
China and Cybersecurity
Because cybersecurity is so wide-reaching at this point, it really has no sector or location boundary. Therefore, it is likely to continue climbing the international affairs ranks. One country stirring cybersecurity stories in 2023 was China. Britain’s National Grid just announced that it is cutting out China-backed Nari Technology’s services due to cybersecurity concerns.
Experts have also been tracking worrisome activity being carried out in the U.S. as well. According to Ellen Nakashima and Joseph Menn at The Washington Post, “Hackers affiliated with China’s People’s Liberation Army have burrowed into the computer systems of about two dozen critical entities over the past year.” Organizations targeted spanned a Hawaiin water utility, West Coast port, power grid operator in Texas, and an oil and gas pipeline. Luckily, none were actually affected, but this is a matter that will certainly carry over into the new year.
- “5 cybersecurity predictions for 2024” – Andrew Newman, Fast Company
- “2024 US NDAA boosts nuclear cybersecurity, highlights artificial intelligence” – Cynthia Brumfield, CSO
- “New FDA cybersecurity standards are a paradigm shift in device security” – Olin Dillard, Health Data Management
- “Britain’s National Grid Drops China-Based Supplier Over Cybersecurity Fears” – VOA, Reuters
- “China’s cyber army is invading critical U.S. services” – Ellen Nakashima and Joseph Menn, The Washington Post