By the end of the coming year, the cost of cyber attacks on the global economy is predicted to top $10.5 trillion.
This staggering amount reflects the growing need for cyber security to be treated as a strategic priority on an individual, organizational and governmental level.
As in every other field of business and technological endeavour, artificial intelligence (AI) will have a transformative impact on both attack and defense. Its impact will be felt across every one of the trends covered here.
Recent years have brought an acceleration in the pace of technological advancement in many fields, and cyber threats are no different. As they say, forewarned is forearmed – so read on to find out what my predictions are for the cyber security trends everybody should be on high alert for as we head into 2024.
Generative AI Adopted On Both Sides Of The Battle
As AI increases in sophistication at a frankly alarming rate, we will continue to see more sophisticated and smart AI-powered attacks. This will range from deepfake social engineering attempts to automated malware that intelligently adapts in order to evade detection. At the same time, it will help us detect, evade or neutralize threats thanks to real-time anomaly detection, smart authentication and automated incident response. If cyber attack and defense in 2024 is a game of chess, then AI is the queen – with the ability to create powerful strategic advantages for whoever plays it best.
Next-Level Phishing Attacks
Social engineering attacks involving tricking users into giving attackers access to systems will also increase in sophistication. Generative AI (such as ChatGPT) tools enable more attackers to make smarter, more personalized approaches, and deepfake attacks will become increasingly prevalent. The response to this will largely revolve around organization-wide awareness and education, although AI and zero trust will play a growing role, too.
Cyber Security In The Board Room
In 2024, cybersecurity is a strategic priority that can no longer be siloed in the IT department. Gartner has predicted that by 2026, 70 per cent of boards will include at least one member with expertise in the field. This enables organizations to move beyond reactive defense, meaning that they can act on new business opportunities that come with being prepared.
IoT Cyber Attacks
More devices talking to each other and accessing the internet means more potential “ins” for cyber attackers to take advantage of. With the work-from-home revolution continuing, the risks posed by workers connecting or sharing data over improperly secured devices will continue to be a threat. Often, these devices are designed for ease of use and convenience rather than secure operations, and home consumer IoT devices may be at risk due to weak security protocols and passwords. The fact that industry has generally dragged its feet over the implementation of IoT security standards, despite the fact that the vulnerabilities have been apparent for many years, means it will continue to be a cyber security weak spot – though this is changing (more on this below).
Cyber Resilience – Beyond Cyber Security
Two terms that are often used interchangeably are cyber security and cyber resilience. However, the distinction will become increasingly important during 2024 and beyond. While the focus of cyber security is on preventing attacks, the growing value placed on resilience by many organizations reflects the hard truth that even the best security can’t guarantee 100 per cent protection. Resilience measures are designed to ensure continuity of operations even in the wake of a successful breach. Developing the capability to recover in an agile manner while minimizing data loss and downtime will be a strategic priority in 2024.
Less Than Zero Trust
The fundamental concept of zero trust – always verify – evolves as systems become more complex and security is integrated into business strategy. Zero trust states that there is no perimeter within which network activity can be assumed to be safe. As the threat landscape evolves, this principle extends beyond the corporate network to the ecosystem of remote workers, partnered organizations and IoT devices. In 2024, zero trust moves from being a technical network security model to something adaptive and holistic, enabled by continuous AI-powered real-time authentication and activity monitoring.
Cyber Warfare And State-Sponsored Cyber Attacks
The war in Ukraine, which looks set to enter its third year, has exposed the extent to which states are willing and able to deploy cyber attacks against military and civilian infrastructure in 2024. It’s a safe bet that going forward, wherever military operations take place around the world, they will go hand-in-hand with cyber warfare operations. The most common tactics include phishing attacks designed to gain access to systems for the purposes of disruption and espionage and distributed denial-of-service attacks to disable communications, public utilities, transport and security infrastructure. Outside of warfare, major elections will take place in 2024 in countries including the US, UK and India, and we can expect an increase in cyber attacks aimed at disrupting the democratic process.
Soft Skills Becoming Increasingly Essential For Cyber Security Professionals
Cybersecurity professionals will increasingly be expected to take on more complex workloads during 2024 as the threat landscape grows ever more sophisticated. This doesn’t simply mean in a technical sense – those with responsibility for countering cyber threats will also find themselves tasked with more complex social and cultural aspects of threat mitigation. This will lead to a growing reliance on soft skills such as interpersonal communication, relationship-building and problem-solving.
Cyber Security Regulation
Governments and organizations are becoming increasingly aware of the risks to national security and to economic growth posed by cyber threats. The potential social and political fallout of large-scale data breaches is also a major factor in the emergence of new regulations around cyber security issues. For example, businesses in the UK have until April 2024 to ensure they are compliant with the Product Security and Telecommunications Act, which sets out minimum security requirements that networked products must adhere to (for example, they mustn’t be shipped with a default password). Implementation of the EU’s similar Radio Equipment Directive has been delayed until 2025, but the topic is still likely to be high on the agenda of legislators throughout 2024.