“Security issues are closely intertwined with AI and blockchain technologies. With over 20 years of practical experience in security protection and cryptography, particularly as a security company specializing in cryptographic technology, Albert Cheng, CEO of WiSECURE Technologies, emphasized the importance of focusing on three major issues to understand the security trends of 2024,” Cheng stated at the 7th “Hit AI & Blockchain” Artificial Intelligence and Blockchain Industry Summit.

Cheng highlighted three significant security aspects to be particularly vigilant about this year. Firstly, he pointed out that “Political and economic motives are becoming the primary drivers of hacker attacks.” “Most white-hat hackers currently engage in attacks not for fame or self-realization, but mainly for economic gain,” Cheng explained.

Moreover, due to the emergence of Cyberwarfare, hackers have transitioned into specialized professionals, with military powers heavily investing in military-grade hacker training. Within the civilian hacker community, data theft and resale have become prevalent. Hackers employ ransomware to extort enterprises to unlock file data, aiming to signal the possession of valuable data. Consequently, whether it involves disrupting infrastructure or extorting crucial operational data from companies, hacker economics has evolved into a burgeoning industry. “However, encrypting files before storage can significantly thwart hackers’ ransom intentions,” Cheng added.

Another critical security issue requiring attention is the shift in mainstream security defense thinking towards zero trust. In 2022, President Biden issued an executive order mandating federal government agencies to develop and implement plans for promoting the adoption of zero-trust frameworks by September 30, 2024, thereby establishing zero trust as a new security standard.

Cheng elucidated that the foundational premise of zero trust lies in distrusting everything―transactions, entities, and identities―until proven otherwise, and consistently maintaining this skepticism. Embracing the principle of never trusting and always verifying, the transition from perimeter defense to a zero-trust framework underscores to enterprise decision-makers that neither employees nor hackers can be inherently trusted, necessitating authorization for every action.

Presently, the National Institute of Standards and Technology (NIST) has issued guidelines on zero trust architecture (ZTA), with network defenses adhering to ZTA security model characteristics termed as zero trust network access (ZTNA). According to Gartner, by 2025, 70% of remote access will predominantly shift from VPNs to ZTNA solutions. Cheng stressed that contemporary enterprises must adopt a coexistence mindset with hackers. Despite robust defenses, network attacks are inevitable. Therefore, effectively mitigating security event damages entails deploying superior identification systems to manage system and data access and provide multi-layered defense mechanisms.

The third significant issue is the “Serious threat posed by quantum computers to public key cryptography systems.” Quantum computing is set to revolutionize current computing architectures, capable of processing vast amounts of data simultaneously compared to traditional linear processing. Quantum computing is particularly suited for resolving numerous potential problem scenarios, including DNA analysis or breaching public key cryptography systems. IBM projects the production of a 4000-qubit quantum computing system by 2025. Consequently, the decryption threat is increasingly imminent, especially given that blockchain relies on public key cryptography system technology and will directly confront the quantum computing revolution, ushering in the “Year to Quantum” (Y2Q) challenge.

Given that public key cryptography systems underpin the current Internet operation by furnishing computers with identification and key exchange protocols, any breach of these systems could lead to the paralysis of city infrastructures or blockchain financial systems. How are we addressing this challenge? Cheng highlighted the global development of post-quantum cryptography algorithms resilient to quantum threats. The U.S. government intends to promote CNSA 2.0 from 2025 to 2030 as the default cryptographic application for both governmental and civilian use, with these ubiquitous applications expected to adhere to CNSA 2.0 operational standards by 2030 to 2033 to defend against quantum computing decryption capabilities.