Cybersecurity can often feel like a game of cat and mouse where cyber attackers and defenders engage in a chase, with one party trying to outsmart the other. Just like in previous years, 2024 is set to test practitioners’ skills as the frequency of cyber threats continues to surge leaving no room for complacency. Here are my predictions for 2024.
In 2024, several trends are expected to shape the landscape of digital transformation. These include the adoption of hyper automation and artificial intelligence (AI)-driven decision making, where organisations will increasingly use automation technologies and artificial intelligence to streamline processes and enhance efficiency. The focus will also be on building digital ecosystems and platforms that bring together stakeholders for seamless experiences. Cloud-native technologies like containerisation and serverless computing will continue to gain traction, enabling scalability and cost-effectiveness in managing digital infrastructure.
AI and machine learning will play a significant role in driving innovation and optimising processes across industries. The proliferation of IoT devices and sensors will accelerate, allowing organisations to collect and leverage data for improved operational efficiency and real-time monitoring. As a result, data privacy and security will remain critical concerns, leading organisations to implement robust measures and compliance frameworks to protect sensitive information and maintain trust in digital interactions.
Types of Cyberattacks
Cyberattacks and compliance failures will continue to rise but at faster rates than we’ve seen before. Generative AI (GenAI) will be used dominantly by attackers to scope attacks, analyse attack strategies, thereby improving their speed, scale, and success. It’s likely we’ll continue to witness a significant shift in the motivation behind prominent cyberattacks, as data sources indicate a resurgence in activities such as information theft, covert communication monitoring, and content manipulation from state sponsored attackers and cybercriminals.
Phishing attacks, still the most common form of attack (with 9 out of 10 data breach attempts originating from them) will become next level. Cybercriminals will employ advanced techniques using AI, particularly GenAI and machine translation models to develop content that accurately imitates the language, tone, and format of legitimate emails and texts thereby tricking more individuals into divulging sensitive information or installing malicious software. Expect to see business compromise email attacks, which have been skyrocketing this year, to surge.
Deepfakes will become more prevalent as the technology advances and becomes more accessible in terms of cost. This rise in deepfakes will lead to increased incidents of fraud, the spread of disinformation, and the creation of critical political commentary, especially in countries where elections are due.
Ransomware attacks will become even more sophisticated and intense in 2024, with more originating via unmanaged or bring-your-own devices, and human operated ransomware attacks. In 2023 they rose significantly, with ransom demands becoming more personal, (e.g. calling executives directly and using personal rather than company information to blackmail), smaller to medium sized organisations (fewer than 500 employees) being targeted, and more incidents happening in less developed countries. This will continue in 2024 with attackers exploiting vulnerabilities in commonly used corporate software, critical national infrastructure, and OT environments. Many attackers will shift their approach from double to triple extortion activities after ransomware attacks. Additionally, expect to see more disclosures to regulators from hacking groups, like the one by ALPHV/BlackCat to the SEC in November 2023.
Data poisoning will gain popularity in 2024. This is where attackers maliciously manipulate training data used in machine learning models, with the aim of causing the model to make incorrect or biased predictions. Although few large-scale attacks have been reported, it’s becoming a concern as many organisations lack the skills to detect such a sophisticated attack.
SEO poisoning, also known as black-hat SEO, is a growing threat and will continue to scale in 2024. It’s where attackers work search engine rankings or paid social media content by employing deceptive techniques such as keyword stuffing, hidden text, link farms, or other unethical practices to drive traffic to their websites and gain undeserved visibility in search engine results. This technique compromises the integrity and relevancy of search engine results, deceiving unsuspecting users.
Software supply chain attacks will continue to rise in 2024. Despite the sophistication needed to deploy them, they still provide a solid return on investment for cybercriminals. Detecting them can be challenging, as past software validations don’t guarantee security in the present.
IOT attacks aren’t showing any signs of slowing. As IoT continues to expand, cybercriminals will exploit vulnerabilities in IoT devices to carry out attacks. Compromising connected devices can lead to significant privacy breaches and disruptions.
State-sponsored attacks will increase in 2024 as geopolitical tensions rise and state-sponsored actors, hacktivist groups, and criminal organisations exploit vulnerabilities during conflicts. Critical infrastructure, such as energy grids and transportation systems, will be targeted, posing risks to national security and economic stability. Geopolitical tensions also foster information warfare and cyber espionage, compromising the security of governments, businesses, and individuals. Governments will likely weaponize cyber capabilities to gain geopolitical advantage and misinformation campaigns will be rife. Businesses operating in or supporting conflict regions face heightened cyberattack risks, leading to financial losses and reputational damage. Vigilance and enhanced cybersecurity measures, such as robust defences and proactive incident response, are crucial for governments, organisations, and individuals to mitigate these risks.
Bad Bots (fake account creation, account takeovers, scraping, account management, and in-product abuse, etc.) which already account for 73% of Internet traffic will surge. Prepare for volumes of Bad Bot operators being driven by the growth of Crime as a Service (CaaS) and improved performance due to Gen-AI.
Zero Trust, the ‘never trust always verify’ approach will continue to be embraced in 2024, however significant changes are expected. In the USA the accelerated adoption will be driven by President Biden’s Executive Order, leading to prioritisation and fast-tracking of initiatives across federal agencies and potentially other sectors. To counter advancing cyber threats, organisations will implement more sophisticated security measures like multi-factor authentication, micro-segmentation, and continuous monitoring. AI and automation will play a vital role in managing the complexity of zero trust architectures, enabling real-time incident response through AI-powered analytics and machine learning. Balancing security and user experience, innovations in IAM solutions will provide seamless and frictionless authentication experiences. Collaboration and interoperability between different systems and vendors will be crucial, along with continuous improvement and refinement of zero trust strategies through regular assessments and adaptability to emerging threats.
Continuous Threat Exposure Management (CTEM) is a proactive approach to cybersecurity that involves continuously monitoring an organisation’s IT infrastructure, networks, applications, and systems to identify vulnerabilities and potential security risks. It integrates continuous monitoring, threat intelligence, risk assessment, incident response, and collaboration to effectively manage and mitigate cyber threats. By adopting CTEM, organisations can stay ahead of emerging threats, minimise vulnerabilities, and respond swiftly to security incidents, enhancing their overall cybersecurity posture. In fact, Gartner predicts that by 2026, organisations who prioritise their security investments based on a CTEM programme will realise a two-thirds reduction in breaches.
Adaptive human protection refers to an approach that focuses on people, their behaviours, decision-making, and interactions with technology. It aims to influence their behaviour positively while providing continuous monitoring and protection against potential cyber threats. This approach recognises that employees play a crucial role in maintaining strong cybersecurity defences, that cyber threats are constantly evolving, and rigid security measures may not provide sufficient protection in dynamic environments, and it’s an approach thatwill grow in 2024. Growth will be driven by awareness and education, with organisations recognising the importance of educating employees about cybersecurity best practices and empowering them to make security-conscious decisions.
AI can be categorised into several different forms, each with its own characteristics and capabilities. From narrow ai, generative ai, machine learning, deep learning to natural language processing, reinforcement learning and computer vision etc, we’re going to see it used everywhere. Why? Because the democratisation of access to AI has highlighted the need for AI trust, risk, and security management. AI will not only power attacks in 2024 but defence, and more companies will be leaning on behavioural analysis technologies, real-time anomaly detection, smart authentication and automated incident response powered by AI to bolster their defence strategies.
Security by Compliance will increasingly drive action. More organisations will recognise the need to align their security practices with industry regulations and standards to mitigate the risk of data breaches, cyber attacks, and penalties such as fines.
Regulation and Guidance
There are two types of regulation. The first is by rule making. The second is by enforcement. In 2024, regulation will increase, especially by enforcement as regulators drive a new era of transparency and collaboration in response to escalating cyber threats.
Some key developments include the adoption of three new rules by the Securities and Exchange Commission (SEC) requiring companies to disclose material cybersecurity incidents, the proposed rule by the Biden Administration to harmonise cyber regulations, and NIST Cybersecurity Framework which is undergoing a major update (NIST CSF 2.0) and is due for release in early 2024. This update will incorporate the latest NIST guidance and practices related to cybersecurity supply chain risk management and other evolving methodologies and requirements in awareness and training programs.
In the UK, the Product Security and Telecommunications Act, which focuses on ensuring the security of Internet-connectable products and products capable of connecting to such devices is coming into force on 29 April. This will make the UK the first country in the world to introduce these types of protections.
In the EU, the NIS2 Directive, which is the EU-wide legislation on cybersecurity, is set to be enforced with effect from October 18, 2024. The European Cyber Resilience Act (CRA) which is concerned withcybersecurity obligations for a range of digital products sold in Europe will make its way onto the EU’s statute books following formal approval. Implementation will be phased with the vulnerability reporting obligations in late 2025 and the remaining obligations in early 2027.
Then there’s the implementation and enforcement of The Digital Operational Resilience Act (DORA), a regulatory framework aimed at enhancing the digital operational resilience of the EUs financial sector. Whilst the EU’s Radio Equipment Directive, has been postponed until 2025, it’s expected to remain a significant topic for legislators in 2024.
As these regulations scale, expect to see more legal cases and fines on companies and CISOs particularly from the SEC, like the SolarWinds and CISCO, Tim Brown, case. This shift will promote transparency and accountability, eliminating any potential cover-ups or oversight. It emphasises the need for CISOs to provide comprehensive and accurate reports, ensuring that no important details are overlooked. No longer will CISOs be questioning whether they can afford to walk away if the culture isn’t right for them? Instead, they’ll be questioning can they afford not to.
In 2024, the cyber insurance landscape is expected to undergo significant changes. Increased demand for coverage, stricter requirements imposed by insurers, evolving coverage offerings, collaboration with insurtech and cybersecurity experts, and the influence of legal and regulatory factors are key trends that will shape the industry. Organisations should stay informed, consult with insurance providers, and ensure they have adequate coverage in place to address evolving cyber risks.
2024 will see a growing demand for cybersecurity savvy boards. Despite further hiring freezes layoffs and training initiatives, the shortage of skilled cybersecurity professionals will persist and likely worsen. As a result, AI will be used more and more to augment people skills and capabilities for organisations and for collective defence. More cybersecurity practitioners will fall “out of love” with their jobs with many considering acareer change due to frustration with organisational negligence, and the overwhelming stress associated with their current roles.
Gender diversity efforts in cybersecurity will continue to wane as organisations cut budgets and roles committed to corporate DEI initiatives. While cybersecurity leaders acknowledge the advantages of promoting gender diversity, the overwhelming workload often hinders their ability to prioritise efforts towards women in the field. Increasingly, diversity initiatives will be seen by them as a “nice to have” rather than a priority. That said, efforts by government, award companies, and not for profit efforts will continue, despite burnout and stress having emerged as significant concerns across the industry, diverting attention from gender-related issues.
The buying landscape has changed significantly since the pandemic. Remote working has become more prevalent, leading to fewer in-person sales meetings. Buyers now prefer remote contact with salespeople and there’s been a shift towards digital natives in the buying process. The number of buyer interactions required for decision-making have increased, with an average of 17-19 meetings required to complete the process. Buying groups now typically consist of 6-10 decision-makers, each armed with their own set of 4-5 acquired information that needs to be reconciled with the rest of the group. This dynamic will be further complicated by the increasing number of options available to buyers as new technologies and vendors emerge. These changes highlight the evolving nature of the buying process and the need for adaptation in the sales and marketing strategies of businesses in 2024.
Despite these challenges, the market experienced solid growth in 2023 with Canalys reporting a 12.5% climb in the first quarter outpacing the overall tech market, and then again in the second quarter with a year-over-year increase of 11.6%. This upward trajectory will continue in 2024 with the market surpassing this year’s projected growth as cybersecurity becomes a strategic priority across various industries, moving beyond the confines of the IT department.
Just like last year, companies will continue to seek single-vendor cybersecurity solutions that will unify products and services, consolidate vendors, and provide significant operational efficiencies and risk reduction.
Cloud Security, Network Security, Endpoint Security, Identity and Access Management (IAM) and Threat Management solutions will be in high demand, especially with the rise in remote work and cloud-based services. Data privacy and protection will be major concerns, leading to an increased need for cybersecurity solutions that safeguard sensitive information and enable secure data sharing. Additionally, Managed Security Services will gain traction, allowing organisations to outsource security operations, threat monitoring, and incident response functions to enhance overall security posture.
Now I want to hear from you…
Drop me a message and tell me where you see the market going next year? What am I missing?