By Douglas M. DePeppe, Attorney and Founding Member, eosedge Legal, part of IR Global professional network
Will ransomware attacks continue an explosive trajectory in 2024? Will the US Presidential Election spur rampant disinformation and distrust? Will AI-generated deepfakes cause mayhem? Will critical infrastructure attacks impact the economy and public safety? Which of these cyberspace threats will dominate the headlines in 2024?
It is a fool’s errand to predict the future, at least as it concerns specific events and data points. The bigger question is how the digital transformation will be impacted by the offsetting force of cyberspace malignancy? Along with the benefits of the digital transformation, bad actors armed with scary technologies are thwarting the advances. Will 2024 be the year that a tipping point is reached, and the various drivers of the cyber threat are confronted?
There are indications that technological advances, geopolitics, social influences, and other externalities are creating the conditions for what Thomas Kuhn coined the “paradigm shift” (his 1962 book, The Structure of Scientific Revolutions, described the dynamics and the framework by which structural change emerges). The conditions for change that will result in a paradigm shift are the breadth, types and severity of attacks that are ongoing and will likely increase in 2024.
The assessed global cyberattack losses in 2023 amount to $8 trillion, which is larger than any national economy except for the US and China! In other words, the collective black market – the illicit profits generated from cybercrime – is a larger economy than Germany or Japan or India. That is a look at the problem in monetary terms.
Cyberattacks are now regularly compromising critical infrastructure, which places public safety at risk. In May of 2023, Denmark’s critical infrastructure network experienced the largest cyberattack ever, which was highly coordinated and could have resulted in power outages. Hospital computing systems in the US were attacked in August, which caused disruption of emergency services. Attacks on critical infrastructure are threats to public safety. Assuring public safety is a traditional role of government, which cyberattacks are now challenging.
Let’s look at AI. Experts, pundits, technologists, journalists and politicians are all calling the AI threat “existential”. That characterization was used before revelations about Q* (called “Q-star”) just appeared in the aftermath of the OpenAI board’s action to fire, and then quickly rehire, Sam Altman. Bad actors are already using AI to create and launch cyberattacks. Yet, perhaps the biggest threat will come from using generative AI to launch fake news, and deep fakes that trick viewers. The risk of violence as a result is real. Certainly, the geopolitics and national politics of our day provide an unending list of scenarios for bad actors to exploit.
Let’s not forget that 2024 is the year of the US Presidential Election. “A perfect storm” is an overused phrase, yet it is very well-suited to describe the convergence of social, environmental, geopolitical and technological forces that will collide throughout the year and culminate in the fall of 2024.
Against this dour foreshadowing of 2024 is a brighter expectation. Tipping points occur when situations become intolerable or perhaps a technological innovation emerges. Threats to public safety and illicit profits larger than national economies, combined or separately, could represent the catalyst for change. Neither is a tolerable, allowable or sustainable circumstance to civil society. Moreover, each represents a threat to a power base. But, let’s not disregard technological innovation as the fix.
AI is also being used in cybersecurity defense. Bad actors have scaled cybercrime to an $8 trillion black market by adopting the same practice of any industry: deploying repeatable functions. On defense, AI is a perfect technology for detecting repeatable patterns and executing countering defensive functions. Efficient attack modalities have structural features, and the patterns of structure can be countered using AI.
Web3 is another innovation that offers abundant advantages to tip the balance in favor of defenders. Web3 adoption levels that would represent a tipping point seem unlikely to occur in 2024, however.
So, when will the paradigm shift occur and what happens before it’s reached? 2024 is set to be a cyber-challenged year for the ongoing digital transformation. However, the paradigm shift is already underway alongside all the malicious disruption. Businesses of all sizes will need to manage cyber risks carefully during these stormy times. Being prepared rather than reacting will be essential – that is, having a Cyber Preparedness mindset along with readiness capabilities, because bad attacks will occur in 2024.
Businesses planning and budgeting for cybersecurity in 2024 should probably observe this proverb as their guiding principle for the coming year: “the darkest hour of the night comes just before the dawn.”
The IR Global strategic partnership with eosedge Legal and its founder Douglas DePeppe originated from a philosophy of cybersecurity leadership. A former legal advisor with the White House 60-day Cyberspace Policy Review in 2009, Mr. DePeppe is also a 2018 inductee into the Information Sharing Hall of Fame. His legal practice is interdisciplinary and data rights focused, and he regularly advises clients concerning cyber risk, data privacy compliance, and data breach representation. Recently, as shown in the linked articles, Mr. DePeppe is engaged in data ownership pursuits to protect sports data for athletes, celebrities, and other entities seeking to own their data.