Zscaler’s 2024 predictions, from 5G to AI & cybersecurity

Computer network company Zscaler helps businesses to securely transform their networks, for a mobile and cloud first world. Zscaler operates the world’s biggest cloud security platform, protecting thousands of enterprises and government agencies from cyberattacks and data loss. 

In its annual ZscalerTM ThreatLabz 2023 State of Encrypted Attacks Report, the company focused on the increase in threats over HTTPS, which grew by 24% from 2022. For the second year in a row, manufacturing was the industry most commonly targeted. 

Here, Sam Curry, CISO at Zscaler, shares its predictions for the manufacturing sector for 2024.

1. AI and Machine Learning will resurface the data privacy debate

We are starting to see customers asking about how best to protect their own data when working with third-party providers. There is a growing concern that as cloud providers and other vendors have access to an organisation’s data, they are more likely to become a target of bad actors to acquire a company’s data using AI and ML solutions. Additionally, there is also a legislation discussion to be had as GDPR currently puts AI models in jeopardy. 

As models are trained on datasets, organisations need a stable and consistent set of data in order to be as accurate as possible. GDPR currently says that companies should only keep data for as long as it is necessary to process it, which could have serious implications for AI models moving forward. In 2024, we expect companies to revisit their data privacy statutes and strive to enforce more bespoke data loss prevention (DLP) tools to secure their datasets and ensure data privacy is at the top of the cybersecurity agenda.

2. Organisations will need to learn to hide their attack surface at a data level

The influx of generative AI such as ChatGPT has forced businesses to realise that if their data is available on the internet, then it can be used by generative AI and therefore competitors, no matter if it is an owned IP or not. 

So, if organisations want to avoid their IP getting utilised by AI tools then they will need to ensure their attack surface is now hidden on a data level rather than just at an application level. Based on this trend, we predict to see initiatives to classify data into risk categories and implement security measurements accordingly to prevent leakage of IP.

3. AI-operated social engineering to increase

The concept of fake news isn’t new, but typically this type of news has been driven by humans. Now, we expect to see a greater number of AI-operated attacks using fake news in 2024 to disseminate disinformation. The media industries – print, film, streaming, etc. – are all highly regulated, whereas we know the internet itself isn’t. This allows bad actors to take advantage of the growing influence of celebrities and YouTube stars and create AI-generated versions of these stars to disseminate fake news and give it a sense of legitimacy without ever having to be fact-checked. Without any governmental legislation to clamp down on these tactics, bad actors will be able to socially engineer behavioural changes in different pockets of society.

4. Looking beyond ‘zero trust’ to ‘negative trust’

In 2023 we have seen that zero trust has matured in the eyes of security teams and the C-suite and is gaining more traction than in previous years. But adversaries are also starting to take greater notice of it and are searching for ways to exploit it. We therefore expect the next evolution of zero trust is going to be negative trust as a deception methodology. We expect attacks will become less malware based, as adversaries will want to leverage IT tools and be under the radar of detection. If an adversary has gained access to a zero trust environment (e.g., by using a stolen identity), organisations still need to avoid damage and this can happen by deceiving the intruder. The way to achieve this is by putting that adversary in an environment where they can’t be sure what is real or not (e.g. simulating that the space houses thousands of applications, but there is actually only handful of real applications in that environment), then we can set traps and tripwires that can catch human operators in the act.

5. Increase in public sector exploitation

In 2023 we saw a number of public sector-related attacks across Europe, with a local police department of a major city in the UK being the latest to have had sensitive information hacked. We expect that this trend of attacks against public bodies will continue to increase in 2024 with more state-sponsored attacks on national infrastructure to exploit information across Europe as this is a vertical segment that has not yet fully encompassed modern security infrastructures like zero trust models. While the US has been taking the lead with creating legislative orders, Europe is lagging behind and has to invest not only in the digitisation of the public sector, but also the adoption of appropriate security infrastructure.

Sam Curry, CISO at Zscaler.

6. Companies will face a war of requirement for zero trust

For the past few years, organisations have come to us and asked: “What is zero trust and how will it benefit my business?” As we enter 2024, the zero trust model is now a proven solution,= and as a result, there is a far greater number of offerings for organisations to choose from. We predict that 2024 will be a ‘war of requirements’ within the zero trust space as organisations look to choose which flavour of zero trust they deem the most beneficial to them as they look ahead. Competition in the market will lead to faster evolutions in the space and will result in greater choice and depth for the customer. They will have to learn to differentiate between point solutions and highly integrated cloud-based platform offerings that support further consolidation efforts.

7. Move to infrastructure as code for faster automation on the horizon

Over the past year we have seen a huge uptick in businesses looking to provision their services in hours rather than weeks as time to market matters. This urge for a competitive advantage spearheaded the demand to automate development processes. Organisations are starting to see the benefits of zero trust principles for cloud native implementation of their new applications, which are going along with reduced complexity and costs for development. Starting a green fields approach, without the need to care about what to do with the existing legacy, will support automation of implementing new services and organisations will learn how to adapt the security concept from users accessing workloads to communications among workloads themselves. Organisations have understood this challenge and will switch to agile concepts and DevSecOps principles for a faster and more efficient cloud transformation. 

8. Organisations will start thinking about becoming infrastructure-less

Operational costs are growing for businesses and the cost to maintain infrastructure is a burden for many businesses as inflation continues to be a topic. As a consequence, we expect to see a shift in mindset towards infrastructure-less businesses that are running their services in the cloud only. By doing this, companies can cut costs on devices and hardware as they can run businesses simply via a browser. This will all be underpinned by a ‘connection-as-a-service’ model which will see businesses pay for specific connectivity services that will allow them to remain mobile and agile and not bogged down by infrastructure that they will need to continuously evolve to compete. A prerequisite to this model is guaranteed service levels of internet connectivity. 

9. 5G has a long life ahead of it

For the past two to three years, 5G has been a bit of a misnomer and all marketing hype, rather than producing the transformational change it promised. However, we are starting to see it truly come to life and real 5G deployments that are profiting from the low latency and high-reliability requirements at the edge are increasing globally. We are still waiting for the killer use case for companies to invest in 5G and sunset 4G solutions, but much like AI saw true traction in 2023, we expect to see 5G start to take the lead in 2024, as telecommunication service providers want to harvest the fruits of their huge infrastructure investments.

10. Shift to strategic thinking, rather than CapEx lifecycles

One of the big issues we see across all industries is organisations only thinking three to five years ahead while they really need to be thinking 10 years ahead to gain competitive advantages with transformation initiatives. Businesses that are aggressively pursuing technologies that future-proof their IT and security infrastructures for a decade are able to drive a longer framework to success and implement more groundbreaking changes. It will allow them to build proper milestones that will support their larger goals, making their business more transformational as a result.

*************************************************

For more insights into Manufacturing - check out the latest edition of Manufacturing Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Healthcare Digital. 

*********************************************

BizClik is a global provider of B2B digital media platforms that cover 'Executive Communities' for CEO's, CFO's, CMO's, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik, based in London, Dubai & New York offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.