Forrester's cybersecurity, risk, and privacy predictions for 2024 warn of the increasing use of AI-coding assistants by DevOps teams, emphasizing the potential for flawed AI-generated code leading to breaches. The predictions highlight the challenges CISOs will face in balancing productivity gains from generative AI with compliance and security needs. Additionally, the forecast outlines key issues, such as the rise in social engineering attacks leveraging generative AI and the impact on cyber insurance standards. The predictions also touch upon the scrutiny faced by OpenAI and the growth of senior-level roles in zero-trust security.
DevOps teams are relying more on AI-coding assistants to automate coding tasks and enhance productivity. Forrester predicts that experimentation with multiple AI-coding assistants simultaneously may lead to flawed AI code responsible for public breaches in 2024.
The use of over 40 available AI-coding assistants has led to a new form of shadow IT, with DevOps teams switching between assistants. Enterprises are challenged to meet the demand for approved AI-coding tools, and Gartner predicts a significant increase in enterprise software engineers using AI coding assistants by 2028.
CISOs face a challenging year ahead as they balance the productivity gains of generative AI with the need for compliance, governance, and security for AI and machine learning models. The predictions emphasize the importance of achieving compliance to protect intellectual property.
Forrester highlights the need for CISOs to triangulate innovation, compliance, and governance to gain a competitive advantage in 2024. The successful management of these elements will be crucial in measuring an organization's security posture.
Forrester’s Cybersecurity Predictions for 2024:
- Soaring Social Engineering Attacks: Generative AI, including tools like FraudGPT, will contribute to a rise in social engineering attacks, comprising 90% of all breach attempts in 2024. The predictions stress the need for a data-driven approach to behavior change in security awareness training.
- Tightening Cyber Insurance Standards: Insurance carriers will leverage real-time telemetry data and AI tools to assess risks better. The predictions anticipate red-flagging two tech vendors as high risk based on risk scoring. Security vendors will face assessments influencing insurance premiums.
- Fines for Mishandling PII: An implicit prediction suggests that a ChatGPT-based app might be fined for mishandling personally identifiable information (PII). The vulnerability of identity and access management systems, particularly Active Directory, is emphasized.
- Regulatory Scrutiny on OpenAI: OpenAI, the provider of ChatGPT, faces continued regulatory scrutiny globally, with ongoing investigations and lawsuits in Europe and the U.S. The European Data Protection Board and the FTC are involved in assessing OpenAI's compliance with regulations.
- Surge in Zero-Trust Roles: Senior-level zero-trust roles and titles are expected to double globally across public and private sectors. The adoption of the NIST Zero Trust Architecture framework is cited as a driving force, leading to increased demand for cybersecurity professionals with zero-trust expertise.
Forrester's cybersecurity predictions for 2024 highlight the evolving landscape shaped by AI-coding assistants, the challenges faced by CISOs, and the anticipated trends in social engineering attacks, cyber insurance standards, regulatory scrutiny, fines, and the surge in zero-trust roles. Organizations are urged to prioritize compliance, governance, and guardrails to maximize AI innovation gains while minimizing risks.