The NIS2 directive requires the EU cybersecurity agency to produce a biennial report on the state of cybersecurity in the Union

Read More

It’s been the biggest year for elections in human history: 2024 is a “super-cycle” year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation would overwhelm the democratic processes. As 2024 draws to a close, it’s instructive to take stock of how democracy did.

In a Pew survey of Americans from earlier this fall, nearly eight times as many respondents expected AI to be used for mostly bad purposes in the 2024 election as those who thought it would be used mostly for good. There are real concerns and risks in using AI in electoral politics, but it definitely has not been all bad.

The dreaded “death of truth” has not materialized—at least, not due to AI. And candidates are eagerly adopting AI in many places where it can be constructive, if used responsibly. But because this all happens inside a campaign, and largely in secret, the public often doesn’t see all the details.

Connecting with voters

One of the most impressive and beneficial uses of AI is language translation, and campaigns have started using it widely. Local governments in Japan and California and prominent politicians, including India Prime Minister Narenda Modi and New York City Mayor Eric Adams, used AI to translate meetings and speeches to their diverse constituents.

Even when politicians themselves aren’t speaking through AI, their constituents might be using it to listen to them. Google rolled out free translation services for an additional 110 languages this summer, available to billions of people in real time through their smartphones.

Other candidates used AI’s conversational capabilities to connect with voters. U.S. politicians Asa Hutchinson, Dean Phillips and Francis Suarez deployed chatbots of themselves in their presidential primary campaigns. The fringe candidate Jason Palmer beat Joe Biden in the American Samoan primary, at least partly thanks to using AI-generated emails, texts, audio and video. Pakistan’s former prime minister, Imran Khan, used an AI clone of his voice to deliver speeches from prison.

Perhaps the most effective use of this technology was in Japan, where an obscure and independent Tokyo gubernatorial candidate, Takahiro Anno, used an AI avatar to respond to 8,600 questions from voters and managed to come in fifth among a highly competitive field of 56 candidates.

Nuts and bolts

AIs have been used in political fundraising as well. Companies like Quiller and Tech for Campaigns market AIs to help draft fundraising emails. Other AI systems help candidates target particular donors with personalized messages. It’s notoriously difficult to measure the impact of these kinds of tools, and political consultants are cagey about what really works, but there’s clearly interest in continuing to use these technologies in campaign fundraising.

Polling has been highly mathematical for decades, and pollsters are constantly incorporating new technologies into their processes. Techniques range from using AI to distill voter sentiment from social networking platforms—something known as “social listening“—to creating synthetic voters that can answer tens of thousands of questions. Whether these AI applications will result in more accurate polls and strategic insights for campaigns remains to be seen, but there is promising research motivated by the ever-increasing challenge of reaching real humans with surveys.

On the political organizing side, AI assistants are being used for such diverse purposes as helping craft political messages and strategy, generating ads, drafting speeches and helping coordinate canvassing and get-out-the-vote efforts. In Argentina in 2023, both major presidential candidates used AI to develop campaign posters, videos and other materials.

In 2024, similar capabilities were almost certainly used in a variety of elections around the world. In the U.S., for example, a Georgia politician used AI to produce blog posts, campaign images and podcasts. Even standard productivity software suites like those from Adobe, Microsoft and Google now integrate AI features that are unavoidable—and perhaps very useful to campaigns. Other AI systems help advise candidates looking to run for higher office.

Fakes and counterfakes

And there was AI-created misinformation and propaganda, even though it was not as catastrophic as feared. Days before a Slovakian election in 2023, fake audio discussing election manipulation went viral. This kind of thing happened many times in 2024, but it’s unclear if any of it had any real effect.

In the U.S. presidential election, there was a lot of press after a robocall of a fake Joe Biden voice told New Hampshire voters not to vote in the Democratic primary, but that didn’t appear to make much of a difference in that vote. Similarly, AI-generated images from hurricane disaster areas didn’t seem to have much effect, and neither did a stream of AI-faked celebrity endorsements or viral deepfake images and videos misrepresenting candidates’ actions and seemingly designed to prey on their political weaknesses.

AI also played a role in protecting the information ecosystem. OpenAI used its own AI models to disrupt an Iranian foreign influence operation aimed at sowing division before the U.S. presidential election. While anyone can use AI tools today to generate convincing fake audio, images and text, and that capability is here to stay, tech platforms also use AI to automatically moderate content like hate speech and extremism. This is a positive use case, making content moderation more efficient and sparing humans from having to review the worst offenses, but there’s room for it to become more effective, more transparent and more equitable.

There is potential for AI models to be much more scalable and adaptable to more languages and countries than organizations of human moderators. But the implementations to date on platforms like Meta demonstrate that a lot more work needs to be done to make these systems fair and effective.

One thing that didn’t matter much in 2024 was corporate AI developers’ prohibitions on using their tools for politics. Despite market leader OpenAI’s emphasis on banning political uses and its use of AI to automatically reject a quarter-million requests to generate images of political candidates, the company’s enforcement has been ineffective and actual use is widespread.

The genie is loose

All of these trends—both good and bad—are likely to continue. As AI gets more powerful and capable, it is likely to infiltrate every aspect of politics. This will happen whether the AI’s performance is superhuman or suboptimal, whether it makes mistakes or not, and whether the balance of its use is positive or negative. All it takes is for one party, one campaign, one outside group, or even an individual to see an advantage in automation.

This essay was written with Nathan Sanders, and originally appeared in The Conversation.

Read More

It’s not a new technique, but that doesn’t mean that cybercriminals cannot make rich rewards from SEO poisoning.

Read more in my article on the Tripwire State of Security blog.

Read More

Russian vodka-maker Stoli Group has filed for bankruptcy in the US after ransomware attack and alleged persecution by the Putin regime

Read More

Law enforcers in Germany have taken down dark web marketplace Crimenetwork and arrested a suspected administrator

Read More

Security leaders continue to be under intense pressure. Increasingly, they are turning toward third parties for support and expertise as their cybersecurity woes become more dire and it becomes harder to recruit and retain talent.  This is reflected in the projected growth for cybersecurity services through 20281 (managed security services, managed detection and response, security consulting, and security professional services).

According to Gartner1, end-user spending for all security services will grow from $77.4 billion in 2024 to $116.9 billion in 2028, with a compound annual growth rate (CAGR) of 11.4 percent. Managed detection and response (MDR) is forecasted to be the highest growth area of security services, with a projected 17.1 percent CAGR through 2028. This is in part due to the continued, acute need for support with threat monitoring, detection, and response. However, it’s also due to a growing need for help with risk identification, management and governance, exposure and vulnerability management, and incident readiness due to increasingly stringent requirements by regulators for reporting in these areas.

Let’s compare that to the forecasted growth rate of network security products (a 9.9 percent 5-year CAGR, 2023-28, projected to reach $32.8 billion) and security software spending (a 13.4 percent 5-year CAGR, 2023-28, projected to reach $132.0 billion). What’s the storyline? The desire for help and expertise within security is as critical as the need for security products themselves. And, as the threat landscape grows ever-more formidable, especially with adversaries leveraging new AI tech, that need is likely not going to wane. 

With this growing demand, many, many different (and very large) providers have realized the opportunity in security services and are diving into the security services market for their piece of the “cyber money pie.” This includes everyone from software vendors, telecom companies, cloud service providers, IT service providers and traditional IT consulting firms to global MSPs (managed service providers) and MSSPs (managed security service providers). This is creating a very crowded market, and one in which business models are quickly changing so providers can better compete. For example, many organizations now see some of the big consultancies as a “one-stop shop,” for everything from consulting to MDR.

In managed security services, for example, the top 10 MSSPs include (alphabetically): Accenture, Atos, AT&T (LevelBlue), Deloitte, Fortinet, Leidos, HCL Tech, NTT Data, PwC, and Tata Consultancy Services. Together, these providers hold 49 percent of MSS market share worldwide. Extending beyond the top 10 to top the 30 global MSS providers, the total “owned” market share jumps to 88 percent, leaving just 12 percent for the smaller, regional players. The raises several questions. Can the smaller, regional players compete against these big guns? Or, do they have to remain satisfied with fighting over the remaining 12 percent market share globally (which equates to approximately $3.5 million worldwide for MSS in 2025). Is it possible for smaller players to take a portion of the $26 million projected 2025 market share from the top 30?

How can smaller, regional players win the security service game?

Yes, smaller, regional service providers are going to be the most challenged as the services market continues its rapid evolution, especially as they try to keep up with technology changes, AI’s impact on service delivery, cyber skills shortages, and more. However, they also have an advantage, including the ability to:

Specialize in industry or specific tech environments such as OT, cloud, or edge
Provide regional context (including culture and language support)
Partner with the larger players who can’t be everything to everyone 

This is why many are choosing to partner with the larger providers in the market, augmenting their existing services, including the operational delivery of those services. It’s the classic “do I build or buy?” Which path should a regional player take to not just survive, but to thrive as a security service provider? On the one hand, building out your own service operations and tech platforms will likely yield higher margins, but it requires a significant investment of time, capital, and people. Can the “build” be done fast enough to keep up with the market?

For many, partnering means they can refocus their energy from development or operations to the business of selling, marketing, and building stronger relationships with their customers. Partnering with a larger provider can mean faster time-to-market on new services while also giving less established brands important credentials and “weight” in terms of customer trust (which is a big deal when it comes to cybersecurity). It’s the more compelling path. 

LevelBlue, formerly AT&T Cybersecurity, has worked with regional MSSPs, MSPs, IT service providers, resellers, and more as just such a partner for nearly three decades. And, we continue to support those regional players with a flexible, highly extensible technology, tactical threat intelligence from LevelBlue Labs (formerly Alien Labs), operational and consulting support, and integrations through our partnerships with the leading global tech providers.

We’re also continuing to expand service opportunities for our indirect channel partners in areas that will help them to compete and grow in a market saturated with heavy hitters. LevelBlue channel partners today can build their own MDR service using LevelBlue’s platform, USM Anywhere, bundled with the SentinelOne endpoint security platform. The advantages to service providers and resellers include discounted pricing and operational support from a partner with more than 30 years of experience in security services. As one of the top ten MSSPs globally, LevelBlue also brings established market best practices, which we share with our partners.

We’re beginning to roll out additional service offers in the areas of incident response and exposure and vulnerability management that our partners can resell or build upon. Think of these as a fast-track to an expanded and comprehensive MDR service suite.

Why isn’t plain-ole’ threat detection and response good enough?

Life is getting complicated for security leaders, and they now expect more than just “alarms thrown over the fence” from their providers. They are seeking a partner who can deliver in multiple areas and become a trusted advisor. 

There are good reasons why MDR is the fastest segment in security services.  

Organizations are struggling to build and maintain internal security operations teams that include SOC analysts, threat hunters, threat intelligence research teams, endpoint security pros, and vulnerability management experts. The cost and complexity has become too high for anyone other than the biggest and most sophisticated organizations (and even they are looking to augment their in-house teams). 
The MDR market is evolving at a very fast pace. Customers are asking for proactive protection (i.e., vulnerability and exposure management and incident readiness) paired with effective reactive mitigation, response, and recovery. And, they want response to inform future preventative measures – taking the learnings from an incident to improve their security posture and reduce future risks. This requires more than just a single platform. It requires tech (often more than one platform), people, and established processes working together. 
Let’s not forget new regulations, which now call for annual or bi-annual reporting on how organizations identify, mitigate, and govern risk. In addition, they require faster, more comprehensive reporting on incidents that could have a material impact on the business. For example, the European Union NIS2 directives and DORA updates, U.S. SEC regulatory updates, as well as regional and other country-specific requirements have all rolled out in the last three years. Customers need help not only understanding the requirements but also ensuring they are set up to comply.

With 40 percent of IT services contracts having a security services component by 20281 (up from 25 percent in 2022) according to Gartner, it’s easy to see there is opportunity for everyone to grow their business. However, regional security service providers must meet the opportunity by expanding their suite of services beyond traditional MSS and MDR.  How they accomplish this will determine the speed at which they bring new services to market with which they can capture a bigger piece of the cyber pie.  Whether you are an IT services provider, managed service provider, small consultancy, traditional MSSP, or even a reseller, it’s going to get more difficult to compete in the very crowded and raucous security services market. Now is the time to rethink or simply refresh your business model and consider new ways of growing your business — on the coat tails of someone bigger.

1 Gartner Market Share Analysis: Security Services, Worldwide, 2023
2 Gartner Forecast: Information Security, Worldwide, 2022-2028, 3Q24
3 IT Key Metrics Data 2024: IT Security Measures — Analysis

Read More