PQC, AI & sustainability: five cybersecurity trends for 2024

2023 will go down as a transitional year for cybersecurity and information technology in general. Quantum Computing is still in its infancy, and artificial intelligence is still limited to creating (mostly) authentic written and visual content rather than Artificial General Intelligence. Transformative technology is coming soon, but in the meantime, we are still struggling with rising rates of online crime and a shaky economy throughout much of the developed world.

2024 may be when we start to see these themes really begin to change the world, with their impact felt in the realm of cybersecurity and, ultimately, in all our lives. In this article, we will be looking at some of the most important developments that our experts see coming in 2024, both in technology and the wider world it intersects with.

PQC’s Y2K

Although for home computer users the ‘Y2K bug’ was largely a myth and stories of ‘planes falling out of the sky and nuclear reactors shutting down’ were very much over-egged, the transition from the 20th to 21st centuries did produce problems for a number of vital legacy systems that needed to be addressed. 

We see similarities with post-quantum cryptography (PQC) which will protect all computer systems and communication against quantum computer attacks. Unlike with Y2K, we don’t have a set date for when quantum computers will be able to break today’s cryptography, but when the day comes that quantum computers are able to break today’s cryptography, it will affect all of society. For large organizations and governments who depend on legacy systems, the impact could be particularly dangerous. With IBM announcing a 1,000 qubit quantum chip and an error-resistant 133 qubit chip, it is clear that advancements are being made.

There has already been a concerted effort to develop quantum-safe cryptography, and it is starting to be more widely deployed for commercial use – we’ve been offering it for several years. With Y2K, the industry made a concerted effort to reduce the risk of it causing significant impact. Now the same efforts should be made to prevent a data apocalypse in the future. It is a long process of adapting to the reality of quantum computing and post-quantum cryptography, but one which has already begun in earnest and will accelerate this year.

Artificial intelligence

2023’s biggest digital story will undoubtedly continue to be a major theme in 2024, and like many new technologies, it will go from a novelty to routine, with regulations in place to keep it safe.

We have already seen cybersecurity agencies from governments around the world come together to work on security principles for AI, emphasizing design, development, deployment, operations and maintenance. In fact, an agreement has been reached between the Council Presidency and European Parliament on proposed harmonized rules for artificial intelligence – the so-called AI Law. The draft regulation aims to ensure that AI systems placed on the EU market and used in the Union are safe and uphold the values of the EU. Much of what the guidance lays out are the proposed safety mechanisms to effectively control and regulate AI and could apply to other areas of software development, such as supply chain security, threat modeling and even something as mundane as proper documentation. 

On the other hand, we have already seen AI used for cybercrime (although it tended not to be used in major hacks of large institutions yet). As with any new technology, there are those that want to use it for good or bad; AI will also help detect attacks and to defend networks/companies. I’d argue that as it has the potential to do so much more efficiently than humans can, with the ability to correlate large datasets, it will become a strong ally to improve cybersecurity.

Cybersecurity and sustainability

On the surface, there would seem to be little that unites the practices of making sure that digital systems are secure and ensuring that companies and institutions are sustainable. However, there is an increasing consensus that the two are more connected than might be apparent at first.

Firstly, cyberattacks create waste. Time, money, electricity, and countless other resources must be expended to undo the damage of successful attacks. We have also seen attacks that directly damage the environment, such as water treatment facilities being taken offline remotely.

Secondly, achieving sustainability goals, whether in the ESG framework or not, requires the deployment of new technology and the monitoring of that technology. These are largely Internet of Things devices – networks of Co2 sensors, micro-solar grids and so on. We have noted before that since they involve hundreds or thousands of individual data connections, IoT projects have a vastly increased attack surface compared to traditional deployments, so the same holds true of sustainable projects.

Skills gap

A significant gap between the number and training of cybersecurity professionals that we need and the number we have has been an ongoing problem, but we predict that in 2024 progress will finally start being made.

Why? Because a situation in which 71% of organizations are impacted by a cybersecurity skills gap isn’t sustainable. It’s simply the case that the problem has reached a point where it can no longer be ignored and enough noise is being made that something will be done.

What will this be? Continually updated university-level training for cybersecurity professionals would be useful, but it would take several years for the next generation of professionals to make it through their training and into the workforce. Cloud-based third-party security solutions can also lower risk but another potential answer is to crosstrain and upskill within companies. For example, Utimaco is invested in International School of IT Security AG, which offers a Masters in Applied IT Security, as well as on-site and digital in-house training. 

Infrastructure resilience

The fragility of our current ecosystem is underscored by the susceptibility of infrastructures to attacks, with the potential to disrupt entire systems. A scenario as simple as severing critical cables could regress us to a technological Stone Age, highlighting the urgent need for robust defenses.

To address this vulnerability, numerous initiatives are underway to augment traditional terrestrial infrastructures with satellite-based solutions for communication and infrastructure. However, this introduces a new challenge: ensuring these space-based technologies themselves are secure. Layering multiple security measures - such as encryption between satellites - on top of the infrastructure and its basic security will provide the high level of security required for critical data. 

The future demands not only technological innovation but also a foundation of trust and security to fortify our interconnected world.

Moving cybersecurity into 2024

As we can see, 2024 is going to be the year when a lot of the major themes that have been mounting up for years now will come to a head. It will be an interesting time for many industries, but cybersecurity perhaps most of all – we will be at the forefront of many of the major changes that will be happening over the next year, and for many more to come.

About the author

Nils Gerhardt has 19 years’ experience in the cybersecurity industry. In his current role, Nils is the Chief Technology Officer and head of product for Utimaco, a leading provider of cybersecurity solutions, and supervisory board member of ISITS AG. Before joining Utimaco, Nils worked at Giesecke + Devrient in various executive management roles with regional and global responsibilities in Germany, Canada, and the USA. As Chairman of the Board of GlobalPlatform, a global industry organization, Nils brought major companies together and led collaborative efforts to establish standards for secure global digital services and devices.