By Nick France, CTO at Cybersecurity Leader Sectigo
Given the fact that bad actors are always on the prowl, 2024 is off to a fast start with numerous cybersecurity incidents already occurring, affecting a myriad of industries, both large and small. What can we expect as the year progresses? Below, I address some of the major trends and developments that will shape the cyber landscape in 2024.
In 2024, transitioning to quantum-resistant cryptography will become a mainstream boardroom discussion. No longer a buzzword or a topic to be tabled, becoming crypto-agile to prepare for post-quantum encryption will be a key focus for the C-suite. This shift has been massively supported by NIST’s development of quantum-resistant encryption and its impactful educational campaign on quantum’s threat to decryption. They have now transformed a once theoretical discussion about decryption into a mainstream business focus.
Certificate automation is poised to mark another significant milestone, transcending its previous enterprise-level boundaries to redefine businesses and sectors across all scales. The surge in automation will intricately weave together our already interconnected digital infrastructure, transforming it into a seamless entity of automated services.
In the upcoming year, a decisive showdown will unfold, determining whether AI emerges as a formidable threat actor or the ultimate guardian of cybersecurity. In a race against time, hackers and cybersecurity professionals are actively harnessing the power of AI to fortify their respective endeavors. The culmination of this race will reveal whether AI stands as a potential menace or the most impactful emerging technology protecting our cybersecurity realm.
2024 will be the year that the reliability of the digital record meets its demise as deep fakes fully undermine digital trust. Gone are the days when people could trust what they saw and heard. With the proliferation of deepfakes, every digital record, whether that be a photo, video or voice recording could be a fake. Given our current reliance on digital records within our legal, security and digital systems, and without a solution, we will witness the crumbling of our systems that rely on biometrics to authenticate identity. Soon, all forms of recording devices will have a built-in encrypted timestamp, acting as a watermark at the time of capture. These encrypted watermarks must be built upon the only unimpeachable form of encryption, PKI, to separate authentic images from deepfakes to re-establish digital trust in images, videos, and recordings.
This year, the security of digital identities will enter an era of either complete blanket security or fundamental foundational insecurity. Digital identities are everywhere and encompass all aspects of everyday life. Anything short of full-scale security is inadequate. Thanks to the saturation of digital identities, the days of unsecured digital systems are behind us. We are now in an everything-or-nothing era of either complete security or a rotting foundation.
2024 will also be the year RSA comes under siege as researchers worldwide intensify their efforts to unravel its encryption. The revelation of Post-Quantum Cryptography (PQC) was a lightbulb moment for researchers, who realized they no longer needed an operational quantum computer to achieve decryption. Next year, more shortcuts to cracking RSA will be discovered as an influx of academics compete to breach encryption. Although RSA is not expected to succumb, it will undoubtedly grapple with an immense amount of pressure.
Lastly, businesses will have the rug pulled from underneath them as digital certificate lifespans exponentially shrink. As leading web browsers continue to reduce the lifespan of digital certificates, businesses will face a major headache in replacing foundational elements of security. The impending shift will mean that foundational elements crucial to businesses will become notably challenging to replace once the new policy takes effect.
In 2024, businesses must brace for a game-changing reassessment of security fundamentals that have long lingered in the shadows.
About the Author
Nick France, CTO of SSL at Sectigo, the leading provider of automated certificate lifecycle management and digital certificates, is responsible for the technology and practices necessary to operate Sectigo’s global Certificate Authority (CA) and related services. Nick previously served for more than 15 years as Sectigo’s Technical Security Officer.