Specific Criticism of CVSS4
Marc Ruef
As we do every year, we would like to make a forecast for the coming year 2024 at the end of 2023. Below are the topics that we believe will manifest themselves or even develop further. Regardless of this: Stay healthy!
The business model of ransomware attacks has become consistently established in recent years. There are no signs that this risk will decrease in any way. On the contrary, the peak has probably not yet been reached for the next few years. Too many organizations have criminally neglected the issue of cybersecurity in recent years. The ransomware gangs are on the lookout for these in order to make money quickly and easily. It is therefore high time to take the danger seriously and get up to date. New vulnerabilities, especially on exposed systems, must be constantly monitored in order to counteract future compromises.
Blackmailing compromised organizations is worthwhile in many cases. But sometimes the victims are unwilling to pay. In this case, double-extortion comes into play, in which the threat is made to publish the data. Sooner or later, however, triple extortion also becomes interesting. In this case, the people concerned, usually staff or customers, are blackmailed with the stolen data. This approach is particularly perfidious, as they are not responsible for the organization’s inadequate security. Payroll data and patient data in particular lend themselves to such blackmail attempts.
Probably no other development in artificial intelligence has been so widely recognized in society as ChatGPT. The language understanding is fascinating. It can help with the generation and revision of texts or even automate them completely. The high quality will have a direct impact on certain professions. Many copywriters at media companies will be automated away by such solutions. Shorter texts in particular, which are primarily based on reports from news services, lend themselves to this transformation. It is unclear what will happen to the journalists who have become obsolete, for example whether they will be allowed to invest more time in time-consuming research.
Higher, faster, further. This is also the motto of artificial intelligence. However, more training can also lead to solutions being trained to destruction. The processing and data quality then decreases. This is mainly due to the fact that AI is trained over time on the basis of data that has also been generated by an AI. This feedback loop will lead to the amplification of negative effects, which can probably only be prevented by human intervention in an initial phase.
In the USA, copyright infringements involving artificial intelligence trained using publicly accessible data are a major talking point. The rights holders want to prevent access or share in the profits. In Europe, the focus is on privacy concerns. The collection, analysis and use of personal data should be restricted. These discussions are important and right. At the same time, they give the Chinese efforts a head start, which can then be expanded unhindered.
People are tired of traditional social media. Facebook is desperately fighting against a user decline. And with Elon Musk’s takeover of Twitter, X’s future prospects have not necessarily improved significantly either. The brazen algorithms and annoying advertisements are making the platforms increasingly unattractive. The absence of an audience inevitably leads to a loss of advertising revenue. The arrogant and condescending behavior of the super-rich owners of these platforms is not necessarily conducive in this respect either.
With the ongoing tense political situation in Eastern Europe and the escalation in the Middle East, the topic of cyber in the military environment is perceived as important in society at large. Politically and militarily motivated attacks can severely damage a society, even below the threshold of war. The economy and critical infrastructure must strive to be sustainably robust in the face of impending threats.
Cyber threat intelligence is increasingly seen as a helpful tool for detecting and responding to impending threats at an early stage. The classic analysis of malware and IP access is being expanded by behavior-based approaches. In the coming years, CTI will establish itself as an additional central tool for many organizations that have reached a high level of cybersecurity. Especially in the age of systematic ransomware attacks, which can cause significant damage, this will significantly strengthen the defense.
Our experts will get in contact with you!
Marc Ruef
Marc Ruef
Marc Ruef
Marc Ruef
Our experts will get in contact with you!