Seven predictions that will shape this year

As we look back on 2023, we saw a flurry of opportunities and challenges for Australia’s technology landscape — from AI adoption surging, to more high-profile data breaches and outages, alongside a turbulent economic environment putting more pressure on IT budgets than ever.

The forecast for this year is looking no different, meaning now is the time for IT leaders to look ahead and prepare for the trends that will take flight in an ever-changing tech ecosystem.

Here are the trends I predict will take the Australian technology industry by storm this year.

1. The first end-to-end, AI-powered robo-ransomware attack will occur

The first end-to-end, AI-powered robo-ransomware attack will usher in a new era of cybercrime pain for organisations. Three-quarters of Australian organisations experienced a successful ransomware attack over the past two years in which an attacker gained access to their systems. While startling in its own right, this is even more troubling when paired with recent developments in artificial intelligence (AI). Already, tools like WormGPT make it easy for attackers to improve their social engineering with AI-generated phishing emails that are much more convincing than those we’ve previously learned to spot.

In 2024, cybercriminals will put AI into full effect with the first end-to-end AI-driven autonomous ransomware attacks. Beginning with robocall-like automation, eventually AI will be put to work identifying targets, executing breaches, extorting victims and then depositing ransoms into attackers’ accounts, all with alarming efficiency and little human interaction.

2. Targeted cell-level data corruption will make ransomware more dangerous than ever

As more organisations become better prepared to recover from ransomware attacks without paying ransoms, cybercriminals will be forced to continue evolving. In 2024, we expect hackers to turn to targeted cell-level data corruption attacks — code secretly implanted deep within a victim’s database that lies in wait to covertly alter or corrupt specific but undisclosed data if the target refuses to pay a ransom.

The real threat is that victims will not know what data — if any, should the hackers be bluffing — has been altered or corrupted until after the repercussions set in, thus effectively rendering all their data untrustworthy. The only solution is to ensure they have secure copies of data they are 100% certain are uncorrupted and can be rapidly restored.

3. Adaptive data protection will autonomously fight hackers without organisations lifting a finger

More than two-thirds (72%) of Australian organisations are looking to boost their cyber resiliency with the help of AI. But, given AI’s dual nature as a force for both good and bad, the question going forward will be whether organisations’ AI-powered protection can evolve ahead of hackers’ AI-powered attacks.

Part of that evolution in 2024 will be the emergence of AI-driven adaptive data protection. AI tools will be able to constantly monitor for changes in behavioural patterns to see if users might have been compromised. If the AI detects unusual activity, it can respond autonomously to increase their level of protection. For example, initiating more regular backups, sending them to differently optimised targets and overall creating a safer environment in defence against bad actors.

4. Generative AI-focused data compliance regulations will impact adoption

For all its potential use cases, generative AI also carries heavy risks, not the least of which are data privacy concerns. Organisations that fail to put proper guardrails in place to stop employees from potentially breaching existing privacy regulations through the inappropriate use of generative AI tools are playing a dangerous game that is likely to bring significant consequences.

In Australia, over the past 12 months, the average organisation that experienced a data breach resulting in regulatory noncompliance shelled out more than US$21,000 in fines. Right now, Australian regulatory bodies are focused on how existing data privacy laws apply to generative AI, but as the technology continues to evolve, expect generative AI-specific legislation in 2024 that applies rules directly to these tools and the data used to train them.

5. Hybrid cloud equilibrium will set in

For every organisation that makes the jump to the cloud, another will develop an on-premises data centre.

The percentage of data stored in the cloud versus on-premises has steadily grown to the point where it is estimated that 57% of data is now stored in the cloud with 43% on-premises. That growth has come from both mature companies with on-premises foundations making the jump to the cloud and newer companies building their infrastructure in the cloud from the ground up.

But both categories of organisations are learning that, for all its benefits, the cloud is not ideally suited for all applications and data. In fact, more than half (53%) of Australian organisations agree that relying solely on CSP backup and recovery tools puts their organisation at risk. This is leading many companies that made the jump to the cloud to partially repatriate their data and cloud-native companies to supplement their cloud infrastructure with on-premises computing and storage resources.

6. Tool sprawl will force a ‘one in, one out’ approach to enterprise security

A whopping 97% of Australian IT leaders state they need to improve their ability to track their entire data footprint, with many adopting a range of enterprise security tools to improve data visibility. But, too much of a good thing can be a bad thing — enterprise security tool sprawl leads to a lack of integration, alert fatigue and management complexity. The end result is a weakened security posture, the exact opposite of what was intended.

Recognising this, in 2024, many enterprises will hit their maximum capacity, forcing either a ‘one in, one out’ mindset to their enterprise security toolsets or consolidating to more comprehensive integrated solutions.

7. The repercussions of not hiring CISOs in 2023 will impact many organisations

The role of chief information security officer (CISO) is often viewed as a poisoned chalice — a lofty position, but one that very often comes with heavy consequences. CISOs held responsible for security breaches often face employment termination and even litigation. No wonder then that many organisations struggled to fill vacant CISO roles in 2023. At the same time, data security is one of the top risks facing Australian organisations today — outranking even economic uncertainty and talent shortages — and the risk is rising.

In 2024, the consequences of vacant CISO roles will exact a heavy toll as cybercrime, such as ever-evolving ransomware threats, continues to target unprepared organisations — nearly a third (32%) say that they have no data recovery plan in place or have only a partial plan. So much so that 7% of executives and IT leaders think their organisations may not even survive to the end of 2024.

Image credit: iStock.com/maxkabakov