AppOmni experts warn of AI risks & mega breaches in 2024
As the year 2024 unfolds, cybersecurity experts and executives at AppOmni, trusted by 20% of the Fortune 100, provide their insightful predictions concerning the cybersecurity landscape. Brendan O'Connor, CEO and Co-Founder of AppOmni, cautions that good intentions might lead to undesired consequences when Artificial Intelligence (AI) is connected to highly sensitive data.
O'Connor warns, "Anyone with good intentions will connect AI to highly-sensitive data they shouldn't (e.g. PII, medical records, financial transactions) and it can go very wrong. While AI can be a force for good, securing data-hungry LLMs has not matured."
He also predicts the continuation of mega breaches impacting major platforms and industries, a recurring threat in the cybersecurity world. O'Connor comments, "The more things change, the more they stay the same. In 2024, mega breaches will continue to have a profound impact on SaaS platforms, large institutions, and industries such as healthcare, consumer products, and automotive. Attackers will leverage the same tactics and techniques since they've proven to be successful."
The top executive also anticipates an escalation of cyber weaponry, highlighting the importance of proactive measures. "Expect to see an arsenal of new cyber weapons. There is a hierarchy of how these things reach the dark web. Military-grade exploits and espionage-motivated campaigns will work their way down to organised crime. Businesses must get ahead of this, those without a governance process will fall far behind if they do nothing."
Joseph Thacker, Principal AI Engineer and Security Researcher at AppOmni, also emphasises the growth of AI security in the coming year with the rise of AI-driven startups and increased AI integration in major applications, potentially leading to new vulnerabilities. However, he warns about the convenience-driven deployment of AI without ample security testing.
Joseph Thacker states, "Allowing AI systems to make decisions is convenient. That means many products will incorporate it without adequate security testing. We will see where this leads really soon."
The targeting of SaaS apps in cyberattacks is expected to rise, according to Tim Bach, SVP of Security Engineering at AppOmni. He recalls notable misconfigurations at Salesforce and ServiceNow that severely impacted numerous organisations. For Bach, vigilance and increased monitoring of SaaS activity logs for signs of attackers are critical.
Tim Bach stresses, "This threat hunting is only possible when, and should be conducted in addition to, deploying a comprehensive SaaS security management solution." This could help IT and security leaders understand and monitor the security posture of their SaaS applications, leading to proactive and reactive measures for their most sensitive applications and data.
Bach ends on a note of action, saying, "IT leaders need to direct their threat hunters to be vigilant when looking at SaaS activity so incidents can be detected and mitigated swiftly."