Attacks on Supply Chain and Critical Infrastructure Will Lead to “Zero Trust” Models
The increase in cyberattacks on supply chain and critical infrastructure, particularly attacks with nation-state involvement, will lead to a shift toward “zero trust” models that require verification from anyone attempting to connect to a system, regardless of whether they are inside or outside the network. With governments introducing stricter cybersecurity regulations to protect personal information, it will be essential for organizations to stay ahead of these new legal frameworks. Organizations should also strengthen security protocols and carry out stricter evaluations of third-party suppliers.
Dr. Patrick Appiah-Kubi, Program Director, Cloud Computing, Cybersecurity & Computer Networking, School of Cybersecurity & Information Technology
Global Unrest and the Rise of Nation-State Actors Will Usher in the Use of APTs
As unrest and tensions continue to climb around the world, an increase in nation-state actors and terrorist sponsored cyber-attacks is expected. This will most likely include the use of Advanced Persistent Threats (APTs) that attempt to infiltrate, monitor and eventually disrupt critical infrastructure and government services. Implementing sound cybersecurity controls and processes to automatically detect and stop these threats requires skilled cyber warriors armed with the right tools including AI/ML technologies.
Jimmy Robertson, EdD, Program Director, Cybersecurity Development and Operations, School of Cybersecurity & Information Technology
Organizations Will Turn to New Resources to Combat Software Vulnerabilities and Supply Chain Attacks
Industries will continue to drown in software vulnerabilities. Employing a host of security tools to “shift security left,” a practice that helps developers find vulnerabilities and coding errors earlier in the software development process, will create vulnerability backlogs in the thousands if not millions. Since less than 5 percent of common vulnerabilities and exposures (CVEs) are ever exploited, the industry will turn to Cybersecurity and Infrastructure Security Agency (CISA) resources, such as the Known Exploited Vulnerabilities (KEV) catalog and the Exploit Prediction Scoring System (EPSS) to focus on actual exploitation, as well as modern supply chain attack (SCA) tools that enhance findings with reachability. We will also continue to see software supply chain attacks accelerate as attackers increasingly realize the high ROI of impacting a single target and having a cascading impact across the entire software ecosystem. However, the most notable and widespread impacts won't be against open source software (OSS) projects and components, but against large proprietary software vendors—such as Microsoft, Okta, MoveIT—like we saw in 2023.
Chris Hughes, Adjunct Professor, School of Cybersecurity & Information Technology
More Smart Decisions, Ethical Choices and an AI Revolution with Neuro-Symbolic Ethics
Imagine a smart AI system designed to help doctors make medical decisions. Soon, we will be able to make this AI more ethical by using neuro-symbolic AI. This kind of AI, like a special blend, combines the learning abilities of neural networks with clear, rule-based reasoning. So, it's not just about learning from data but also about following important rules. For instance, when AI helps decide on a patient treatment plan, it doesn’t only rely on medical data it has learned. It also checks its decisions against ethical rules about patient care. So, if the AI faces a tough choice, like deciding who should receive a limited life-saving treatment, it can understand the complexity and make choices that align with our moral values. This way the decisions it helps make are careful and considerate of everyone. By mixing learning with rule-following, we create AI that's more trustworthy and ethical for challenging situations.
Jason Pittman, Collegiate Associate Professor, School of Cybersecurity & Information Technology
The Emerging Role of the Cyber Accountant Will Continue to Gain Value in 2024 and Beyond
The accounting and finance industries are prime targets for cyberattacks due to the vast amount of confidential information and monetary assets held by them. As a result, we will see the continued growth of cyber accounting, a new field that bridges the divide between finance and cybersecurity. Cyber accountants work alongside cybersecurity and IT experts and have the technical and financial training to assess costs, system vulnerabilities and risks of cyber-attacks. We will also see the emergence of more training opportunities in this area, much like UMGC’s own innovative Master of Science in CyberAccounting Program, which prepares graduates for these cybersecurity-related roles.
Dr. Sharon Levin, Professor of Graduate Accounting, School of Business