DigiCert today revealed its top strategic predictions for 2024, detailing key trends in digital trust during the coming year in the Asia Pacific (APAC) region. These predictions underscore the emerging importance of trust in content, software supply chains, and devices, the need to plan for transition to quantum-safe cryptography and the emerging role of the Chief Digital Trust Officer in pairing trust investments with business objectives and outcomes.
DigiCert’s CEO Amit Sinha discussed trust challenges with Vishal Amin, General Manager of Security Solutions, Defence at Microsoft, while at Trust Summit 2023 who noted, “When it comes to who’s responsible for trust, we should all be asking: If not me, then who?”
“In 2024, we will see tectonic shifts in cybersecurity due to the impact of artificial intelligence on the adaptability and velocity of cyberattacks, and on identity and provenance,” said Amit Sinha, CEO of DigiCert. “This is also occurring at a time when companies will start transitioning their cryptography to quantum-safe algorithms. The intersection of these two trends makes deeper investments in trust a necessity to secure interactions with content, software and devices in business and in our personal lives.”
Armando Dacal, Group Vice President APJ at DigiCert, added that such tectonic shift will be even more challenging for companies in Asia Pacific: “This region, grappling with a surge in cyber-attacks, navigates a complex landscape characterised by fragmented regulations, a pronounced cybersecurity workforce gap, and markets with less mature IT practices. In light of these obstacles, it is crucial for firms in the APAC region to prioritise and invest in building robust digital trust as an integral pillar of their cybersecurity strategy.”
Anant Deshpande, DigiCert Regional Vice President, India & ASEAN, adds, “India too, is not immune to some of these challenges. While threat actors are targeting digital infrastructure with increasingly sophisticated tools, there are new challenges emerging. Using AI as a mechanism to craft attacks poses a major threat with far reaching implications. Recently, the Indian government has announced its intent to deal with the risks posed by deepfakes. DigiCert has a big role to play in this area. Together with industry leaders like Microsoft and Adobe, we have created the Coalition for Content Provenance and Authenticity (C2PA) which aims to provide transparency to digital media files and content, particularly when AI generated content is becoming harder to distinguish from reality.”
Senior executives will become more knowledgeable about post-quantum computing, and companies will start accelerating their investments.
A recent Ponemon Institute survey on PQC revealed that while most IT leaders are concerned about the risk of “harvest now, decrypt later” cyberattacks, business executives are still not aware of the present implications of quantum computing. In APAC, only 19% of respondents currently have a strategy to address the security implications of quantum computing. It also revealed that the majority of organisations lack clarity in ownership, budget, and strategy for PQC preparation. In 2024, education and planning activities will accelerate investment in this area.
Identity and provenance become the foundation for content authenticity.
Identity-based attacks are one of the most common types of cyber security attacks, with 72% of APAC organisations having fallen victim to identity-based attacks last year. In 2024, verified identity will become the foundation of how we can trust the source and authenticity of content. Companies will begin to explore ways in which digital identity can be established once, without requiring additional proof checks each time it is applied.
Software supply chains will see trust embedded in building blocks: inspect before you sign, check packages, provide Software Bill of Materials (SBOM) transparency.
Recent incidents involving prominent organisations like Singapore Airlines, Singtel, Singapore’s National Trade Union Congress (NTUC), Microsoft, SolarWinds and Asus have highlighted the severity of software supply chain attacks. In Asia Pacific, more than 50% of companies have been negatively impacted by between two to five cybersecurity breaches in their supply chain. In 2024, the software supply chain will become more robust, with inspections at various points of delivery. The composition of embedded software will become more transparent with the increasing adoption of software bills of materials.
IoT Trust will enable real world use cases such as EV chargers and medical devices.
Devices will increasingly be secured with identity and operational checks to confirm authenticity. This will enable individuals to interact with devices that support everyday activity, knowing that their information is secure and that the devices are tamper resistant.
We will see Chief Digital Trust Officers emerge as a key participant on the executive team leading the business.
Chief Digital Trust Officers will increasingly have a seat at the executive table, tying digital trust investment and strategy to desired business outcomes. This will become a foundational element of business resiliency and customer retention. In APAC, the main challenge for companies will be finding the right talent, amid the region’s cybersecurity workforce gap.
Zero trust as an architecture will proliferate. Its foundation will rest on digital trust.
According to data from Forrester, Asia Pacific organisations are starting to realise the benefits that zero trust offers, with 71% of APAC business and technology professionals saying that their organisation will adopt zero trust edge in the next 12 months. “Never trust, always verify” architectures will become pervasive through information technology, product security and consumer ecosystems, replacing networks and VPNs that formerly provided implicit trust to their users. The use of certificate-mediated authentication to deliver identity, integrity and encryption to application and data interactions will continue to grow.