NEW YORK—What are the key cybersecurity trends to watch in 2024? One company is offering some predictions.
In conjunction with a new report from CyberEd.io, Information Security Media Group said it polled some of the industry's leading cybersecurity and privacy experts about top trends to watch this year.
Those trends include:
Cybercriminals Will Use Advanced Ransomware Tactics, AI and Deepfakes to Enhance Their Targeting Capabilities
“The introduction of generative AI tools will help cybercriminals ultra-convincing emails and telephone calls for evading detection of social engineering campaigns,” the organization said.
AI is expected to make less-skilled ransomware-as-a-service actors more effective, Information Security Media Group added.
"One of the things that we talk about a lot is the potential for generative AI to be used, particularly for reconnaissance and for gathering information about a particular target," said Allie Mellen, principal analyst at Forrester.
Enterprises Will Embrace Human Risk Management and Monitor Employee Behavior and Their Interaction With Security Products
According to Security Media Group, human risk management is aimed at helping organizations identify employees with the most dangerous risk scores so they can create more targeted security mitigation programs.
"I think we've really gotten to the point that it's not about do I trust my employees? It's about identifying that anomalous behavior that's taking place in your systems and your networks," said Grant Schneider, a former U.S. federal CISO and senior director for cybersecurity services at Venable LLP.
Hackers Will Target Remote Work Infrastructure, Exploiting Vulnerabilities in VPNs, Cloud Services and RDPs
“The attack surface expanded dramatically with the move to remote working, and it shows no signs of shrinking,” Security Media Group stated. “Bad actors will exploit vulnerabilities including unpatched software and VPNs to access to sensitive corporate networks and data - often stored in the cloud.”
Added Tom Kellerman, SVP-cyber-strategy at Contrast Security, "You're seeing much more cloud jacking. In general, everyone presumes that cloud providers have their act together, when many times they don't.”
Cyberattacks Against Third-Party Suppliers and Software Vendors Will Intensify
According to Information Security Media Group, “Threat actors compromised hundreds of organizations with attacks on third-party software and hardware providers, they will be looking for new gateways in 2024. Third-party cybersecurity audits of partners will become a top priority for many organizations, Information Security Media Group.”
"It's very difficult for companies to manage the security of their service providers and their supply chain - and easy for the attackers to get in," added Michael Gorelik, CTO at Morphisec.
Defenses Must be Shored up to Defend Against Cyberattacks on Critical Infrastructure
“Attacks against critical infrastructure are motivated by both geopolitical conflicts and financial motives, but the potential to cause widespread disruption and harm in an election year is high,” the organization stated.
Smaller organizations such as local hospitals and water treatment plants are the most vulnerable, Information Security Media Group added.
"At the municipal level, it's even worse than at the larger scale utility because they just don't have the staff or money to do it. But I think that's where the biggest investment should be this year - really looking at how you shore up these industries," said Jenny Hedderman, risk counsel at the Massachusetts Office of the Comptroller.
IoT Devices Will Be Easy Targets for Hackers Looking to Create Large-Scale Botnets and Gain Access to Networks
According to Information Security Media Group, “The explosion of connected IoT devices continues and poor security features are making them more attractive targets for hackers, Information Security.”
"2023 was the year of I think one of the biggest DDoS attacks ever and involved leveraging these devices,” stated Joe Sullivan, CEO of Ukraine Friends and a former CSO at Uber. “And now that you know that the attackers have figured out how to successfully use them, I don't think they're going to stop until we figure out how to mitigate it.”
Attacks on Mobile Devices Will Rise, Exploiting Vulnerabilities in Mobile Operating Systems, Apps and Mobile-Centric Technologies
Businesses and government agencies increasingly rely on mobile devices, but vulnerabilities in operating systems, apps and emerging 5G networks make them prime targets for nation-station actors bent on espionage and a growing number of cybercriminal groups, Information Security Media Group said.
“NSO group, for example, have very advanced toolkits for compromising phones, establishing persistence and using them in a variety of ways to essentially get access to anything they want to get access to,” advised Martin Roesch, CEO of Netography. “So, as usual, your best defense other than using the features that are built into the devices to make them more resistant to attack are less likely to be compromised, at least make the attacker take longer to do it.”
Cybercriminals Will Combine Stolen to Establish More Complete Identities for Identity Theft and Financial Fraud
The wealth of stolen data on the dark web and more targeted spear-phishing attacks will help cybercriminals develop complete dossiers on individuals and establish full identities that can commit fraud without detection. Generative AI will likely to play a role, Information Security Media Group said.
"I do think that we'll start to see more contextualized attacks that kind of piece together people's information more effectively to make them way more targeted," Mellen said. "Particularly for high profile targets - potentially for others as well - although it will take a lot of automation to make that work at scale."
Cyberwarfare Activities Including Espionage, Sabotage and Influence Campaigns Will Increase
The blurred lines between nation-state actors and cybercriminals will lead to complex cyber conflicts with global implications in 2024. Geopolitical tensions related to wars in Israel and Ukraine could lead to more disruptive attacks, Information Security Media Group said.
"I think that we're going to see a shift from espionage to sabotage this year," Kellerman said. "You'll see more destructive attacks. You're also seeing this technological transfer per se between Russia and China and rogue nation states to empower them."
Organizations Will Start Preparing for Post-Quantum Cryptography to Secure Communications for the Future
Future innovations in quantum computers have the potential to break many of the cryptographic algorithms currently in use. Will 2024 be the year that public and private-sector organizations start preparing for post-quantum cryptography world, Information Security Media Group said.
"If we take the advances in AI and the massive investments that are happening and assume that artificial intelligence is going to get better at math, we're going to have AI and quantum meet in the middle - and we better be ready for it," Sullivan said.
The Best Way to Start a New Year. With Something Free.
The biggest, best and freshest news reporting in credit unions remains free! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more. So stop paying those bank-fee-like subscription prices from other so-called “news” publications!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?