According to Forbes, by the end of the coming year, the cost of cyber attacks on the global economy is predicted to top $10.5 trillion.
As we step into the new year, fresh trends emerge on the cybersecurity horizon!
Today, we'll delve into the anticipated trends of 2024. Given that many of these trends are projections rooted in the developments of 2023 or earlier, it's essential to take a moment to look back and examine the challenges encountered by cyber experts in the past year. This retrospective glance will provide us with valuable insights to navigate the evolving landscape of cybersecurity in the upcoming year.
2023: A Year in Review
In 2023, several major companies experienced data breaches. Okta, for instance, fell victim to a breach linked to a compromised personal Gmail account. The hacker used it to sneak into the support case management system, and swiped customer session tokens that could be used to break into the networks of Okta customers. Another affected entity was 23andMe, a consumer genetics and research company headquartered in California US, which encountered a credential stuffing attack, exposing the information of over 5 million users. UPS faced a security incident involving attackers using obtained information to conduct SMS phishing attempts, falsely claiming to provide delivery details. Lastly, the MGM Ransomware attack targeted the company's employee password reset workflow.
Certainly, ransomware attacks were among the negative trends of the previous year. In 2023, we observed some of the most notable instances of ransomware attacks. This surge of digital attacks centers around taking advantage of a weakness in a managed file transfer software called MOVEit. The vulnerability, targeted by the Clop ransomware group linked to Russia, aimed to data theft, particularly personally identifiable information (PII) from customer databases. Moreover, one of the largest US dental health insurers, Managed Care of North America (MCNA) Dental, was targeted by a ransomware attack that compromised the personal data of about 9 million individuals.
Nevertheless, 2023 also ushered in positive trends that enhanced global security. Multi-factor Authentication (MFA) emerged as a key player in this landscape. It mandates individuals to authenticate not only with something they know, like a password, but also with something they are or something they have. This extra layer of verification significantly bolsters security by adding multiple checkpoints, making it more challenging for unauthorized access. MFA's widespread adoption marks a crucial step forward in fortifying digital defenses against evolving threats. Furthermore, let's delve into the realm of quantum computers. This trend carries both positive and negative implications. On the positive side, their remarkable speed enables the swift resolution of problems, such as optimization problems or machine learning optimization, that would traditionally take years. However, on the flip side, this very capability raises concerns about the potential to crack current encryption. If that happens, our existing ways of keeping data safe would be outdated, and we would need new methods to guard against these super-powerful computers. Artificial Intelligence (AI), too, emerges as a trend with dual implications, encompassing both positive and negative aspects. On one hand, AI in the hands of ethical practitioners enables robust analysis and investigation. On the other hand, malicious actors utilizing AI can devise sophisticated attacks. This dual nature underscores the need for responsible development and deployment of AI technologies, as they wield the power to both enhance and potentially undermine various aspects of our digital landscape.
10 Top Cyber Trends in 2024
And now let's turn our attention to what's happening in 2024.
1. Moving from passwords to passkeys. Remembering passwords can be a hassle and poses a risk if they fall into the wrong hands. That's why there's a shift towards using passkeys, a new technology, based on FIDO2 authentication, for secure logins. With passkeys, you don't need to remember a traditional password; instead, you can use a simpler, more user-friendly, and secure method. Passkeys enable users to access apps and websites employing features like fingerprint recognition, facial scans, or screen lock PINs. Unlike passwords, passkeys offer resistance against online threats such as phishing, enhancing security compared to methods like SMS one-time codes.
According to Blair Cohen, founder and president of AuthenticID, "I applaud it and think it's great for everyday consumer use, but don't think FIDO2 will be the choice of enterprises, large-scale banks, etc. There are just too many vulnerabilities," he said, specifically highlighting its vulnerability to first-party fraud.
Jack Poller, analyst at TechTarget's Enterprise Strategy Group (ESG) disagreed saying "FIDO2 is going to win in the consumer marketplace since many enterprise organizations, such as Google, Amazon and Apple, currently support it because it's phishing-resistant."
2. Increase of IoT attacks. Today an increasing number of individuals opt for smart devices that seamlessly communicate with each other and connect to the internet. This happens because these devices are designed for ease of use and convenience rather than secure operations, and home consumer IoT devices may be at risk due to weak security protocols and passwords. Nevertheless, this growing reliance on interconnected devices also presents additional opportunities for cyber attackers to infiltrate and exploit potential vulnerabilities. Additionally, with the ongoing work-from-home revolution, the risks associated with employees connecting or sharing data over inadequately secured devices persist as a significant threat in 2024.
In the realm of IoT, every device transforms into a computer, and as we understand, every computer is susceptible to hacking. Thus, each smart device holds the potential vulnerability to hacking.
3. Increased focus on AI. The 2024 is AI heavy.
AI phishing: People have become educated and can often identify phishing emails due to the presence of poor grammar and spelling mistakes. With AI phishing, bad actors can use Large Language Models (LLMs) to remove these idiosyncrasies and sound more like a native speaker, luring victims into a false sense of security. So, organizations will need a more advanced tool to effectively prevent fraud, that examines additional factors about the fraudster, like their IP address, location, and user ID, rather than just focusing on the content they generate.
Increase of deepfake social engineering attempts: This kind of attack, where someone's voice and face are faked to make others believe and trust a misleading video, is on the rise. These deepfakes can be used for social engineering attacks, impersonation, and spreading false information. It's crucial for people to establish security measures that don't rely solely on the information in the deepfake itself. In 2024, deepfake technology, creating realistic yet fake audio and video, is becoming a more significant concern. As the threat of deepfakes grows, organizations need to invest in tools and strategies to detect deepfakes and protect their reputation and data integrity. Raising awareness and providing education are vital in addressing this emerging threat.
AI Hallucination threat: This is a phenomenon wherein LLM-often a generative AI chatbot-provide people with information that is not always right and contributes to the spread of misinformation. AI models can also be vulnerable to adversarial attack, wherein bad actors manipulate the output of an AI model by subtly tweaking the input data. The best way to mitigate the impact of AI hallucinations is to train the AI models on diverse, balanced and well-structured data, to test the system continually, and make sure a human being is validating and reviewing AI outputs.
If cyber attack and defense in 2024 is a game of chess, then AI is the queen – with the ability to create powerful strategic advantages for whoever plays it best.
4. Ransomware attacks. In 2024, ransomware attacks are anticipated to evolve into more sophisticated threats, impacting both individuals and organizations. A strong defense against such attacks lies in having a resilient backup and recovery plan. Consistently backing up data, educating staff about phishing risks, and deploying effective security measures are crucial components of this strategy. The ongoing battle against ransomware remains a paramount focus within the realm of cybersecurity.
5. Regulatory Compliance and Privacy. As organizations increasingly leverage data, there is a growing emphasis on ensuring data privacy and protection. Consequently, regulatory frameworks are constantly evolving. In 2024, organizations will prioritize compliance with rigorous data protection regulations, including acts such as the Data Act and Data Governance Act. The emphasis will be on transparent data practices, the implementation of robust security measures, and the demonstration of accountability in the handling of sensitive information.
6. Less than Zero trust. In 2024, Zero Trust cybersecurity will continue grow as a priority for many organizations amid intensifying cyberthreats and many organizations will continue implementing a cybersecurity strategy based on zero trust principles as they did the previous year. In 2024, expect more widespread adoption of Zero Trust principles, which means that trust is never assumed and there will be more ways to verify users really are who they claim to be, and adding measures to ensure malicious actors won’t get far even if they thwart initial defenses.
7. Explosion of BYOD and mobile devices. In 2024, we can expect a sustained surge in the prevalence of BYOD (Bring Your Own Device) and increased reliance on mobile devices. To keep important company information safe on these devices, organizations will have to use strong Mobile Device Management (MDM) solutions and make sure strict security rules are followed. Balancing the need for employees to be productive with making sure all data is protected will be a big challenge for companies in this changing environment.
8. Cybersecurity skills gap and education. The demand for skilled cybersecurity professionals is higher than ever. There’s a growing gap between the demand and the available talents. According to Forbes, research indicates that a majority (54%) of cyber security professionals believe that the impact of the skills shortage on their organization has worsened over the past two years. In 2024, this IT skills gap will persist, making it challenging for organizations to find qualified experts to manage their cybersecurity needs. Organizations will need to invest in training and development programs to upskill their existing staff and attract new talents. The shortage of cybersecurity experts is a pressing issue that can’t be ignored.
9. Quantum cryptography. As previously noted, the emergence of quantum computing presents a challenge to traditional cryptography and this year we are closer to this threat. That's why in 2024, there will be a substantial uptick in the use of cryptographic algorithms designed to resist quantum attacks. Businesses will prioritize the enhancement of their cryptographic techniques to protect sensitive data from potential threats posed by quantum computing. This dynamic landscape offers a considerable growth opportunity within the realm of security.
10. Platform engineering. This trend holds significance in 2024 as it marks a pivotal evolution in the development of software and applications. In the early stages of organizational growth, a single development team typically handles all responsibilities. However, as the organization expands, it becomes common to have separate security and development teams. In this scenario, cybersecurity plays a crucial role in orchestrating effective collaboration between these two teams to enhance productivity and ensure seamless operations.
In summary, there has been a concerning increase in data breaches up to the present moment. The looming threat of ransomware attacks remains persistent. MFA is now being provided as an option by numerous websites. Additionally, there has been a staggering 400% rise in IoT threats. As we navigate these challenges, it is crucial for organizations to prioritize cybersecurity measures, adapt to evolving threats, and stay proactive in safeguarding sensitive data and systems this year as well.
And, as always, let's wrap up with a few quotes...
“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
Stephane Nappo, Vice President. Global CISO, Groupe SEB“We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.”
Dr. Larry Ponemon, Chairman, Ponemon Institute, at SecureWorld Boston
Top comments (0)