How can organizations prepare to become more cyber-resilient in 2024? The big trends to watch seem to be primarily focused on AI. While the rise of generative AI certainly poses challenges, executives should be careful not to overlook other important trends that will shape the cybersecurity landscape this year.
AI-driven social engineering
Since the advent of commercial large language models (LLMs), many have criticized the various possibilities that LLMs provide to malicious cyber attackers. But that's not all. AI also allows cybercriminals to obtain large amounts of data to launch phishing attacks. The rise of deepfakes, which trick unsuspecting users by impersonating trusted sources, is also a real threat.
At the moment, there appears to be no clear technical solution to ending deepfakes. Instead, most advice focuses on maintaining good cybersecurity practices. Things get even more complicated because AI algorithms are so sophisticated that they evade detection.
AI is changing the social engineering industry, but if 2023 was the year to consider this new threat and catch up with the creativity of threat actors, 2024 will be a year of bigger problems with even more serious consequences. It is expected.
Cyber security AI
Generative AI is a new twist on artificial intelligence that took everyone by surprise in late 2022. Even before that, threat actors were deploying AI to launch new types of attacks. But there is growing recognition that the way to counter these AI-driven attacks is also AI: cybersecurity AI. The rapid evolution of his LLM in 2023 surprised many executives as there was no concrete plan to counteract its negative impact.
Either way, in 2024, organizations have no excuse not to prioritize cybersecurity AI, including attack surface management. Of particular concern is the increased use of commercial AI tools by employees. Policies around acceptable use must be created to prevent data leaks and exposure.
US National Data Privacy Regulation
Companies have complained about the complex patchwork of privacy laws under which the United States operates. Various sectors, such as healthcare and financial services, are regulated by specific laws. Privacy laws, especially those aimed at protecting minor users, are also on the rise.
However, a major challenge remains the lack of federal data privacy regulations that apply to all states. Currently, trying to comply with data privacy regulations in various states is a daunting task for businesses.
This is quite different from the European Union, where 27 countries are governed by a single data privacy law. So far, the largest attempt toward this goal has been the U.S. Data Privacy Protection Act, which was never enacted despite bipartisan support.
More state laws are expected to take effect soon, including Florida, Texas, and Montana. But calls for federal regulation persist. Given the growing threat posed by AI, this year could be a landmark year for U.S. national data privacy law.
ransomware
Over the past few years, the corporate world has been engaged in a fierce battle against one of the most lucrative forms of cyberattack: ransomware. While many thought that the “good guys” had finally won the war, the 2024 Ransomware Threat Landscape Report shows that ransomware attacks will skyrocket towards the end of 2023. It turns out.
Although the policy statement is not legally binding, there was a glimmer of hope in November when 50 members of the International Anti-Ransomware Initiative pledged not to pay ransomware extortion demands.
Nation-state cyber attack
Microsoft detected a Russian state-sponsored attack on its systems just two weeks into January. This is indicative of another trend that has continued over the past few years, highlighting the need to urgently address these types of attacks. State-sponsored attacks are far more dangerous than other attacks because they threaten national security, compromise critical infrastructure, and increase geopolitical tensions through espionage and other nefarious activities.
Major international crises, such as the Russia-Ukraine war and the Israeli-Palestinian conflict, will continue into 2024, with no signs of positive change. Big businesses and governments need a more concerted effort to repel these attacks.
Passwords and Passkeys
Authentication is a major challenge in cybersecurity, and passwords have long solidified their role as the most secure authentication standard, despite their usability challenges. But the corporate world may finally be fully prepared for a more secure, passwordless approach to security. Passkey sign-on technology associated with biometrics or hardware keys eliminates the need for users to remember multiple passwords and provides a high level of security.
There's still a long way to go before passkey sign-on is fully standardized, but with adoption by Google, Apple, Microsoft, X, Amazon, and various password management tools, great strides will be recorded in 2024 (in fact, they're already being recorded) as passkeys become more and more of a global login standard. Passwords aren't going away completely anytime soon, though, so you shouldn't abandon that aspect of security.
mobile security
Cyber-attacks on mobile devices are becoming more frequent as these gadgets become work tools. Google's announcement late last year that Android 14 would enable passkeys was a significant advancement in mobile security. Still, much work remains to be done. For example, according to Kaspersky, adware remains a major challenge, accounting for more than half of the risks on mobile devices. Of course, phishing remains a challenge. These challenges span the entire platform.
According to Zimperium's 2023 Mobile Security Report, 80% of zero-day mobile exploits target iOS devices, and detected critical Android vulnerabilities increased 138% year-over-year. As mobile operating system makers continue to work on improving security in 2024, this is an area to watch.
conclusion
Cybersecurity challenges are never-ending. However, by staying ahead of the curve, organizations can ensure that threat actors are not caught up in a landscape of significant advances. Addressing these trends will help businesses stay on top of their cybersecurity landscape.
Editor's note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect the opinions of Tripwire.
