As 2023 wraps up and 2024 kicks off, it’s time to look at the cybersecurity trends and predictions analysts and industry thought leaders have top of mind, as reported by TechTarget.
The past year saw a continued barrage of ransomware attacks, with many evolving into double and triple extortion efforts. AI and machine learning also took center stage with the unveiling of generative AI — as did attackers’ potential to use them maliciously.
1. Increase of zero-day vulnerabilities in extortion attacks: attackers could more often use zero-day vulnerabilities — a situation in which vulnerabilities are disclosed but not patched — to target multiple organizations.
2. Generative AI impacts email security: while attackers already use generative AI to improve phishing emails and reduce the likelihood of spelling and grammar mistakes, they will further integrate generative AI into their social engineering campaigns by using large language models to impersonate high-level decision-makers and publicly visible executives.
3. Widespread adoption of passwordless: biometrics makes sense as the common authentication option since people have used fingerprint and facial scanning on consumer devices for years. It can also stand up to attack and fraud better than SMS or email one-time passcodes or other methods.
4. CSOs, CISOs and CEOs work more closely together on budget constraints: continued economic uncertainty has led to tightened budgets. In 2024, CEOs will likely be working more closely with CSOs and CISOs to determine where to best spend budget security-wise.
5. Identity verification to see wider adoption: expect to see more organizations embrace identity verification in 2024 to ensure employees, partners and customers are who they say they are during account onboarding, especially as AI improves.
6. Increased adoption of proactive security tools and technology: proactive security tools and technology better detect vulnerabilities and security gaps, and organizations can learn where to best spend their budget for their specific use cases.
7. More regulations for connected and embedded devices: we could see more regulatory scrutiny, especially as the threat of AI grows and malicious actors look for additional attack vectors. How organizations will handle increased regulations remains to be seen.
8. Third-party security struggles continue: breaching a third party, such as a vendor or partner organization, can net attackers more lucrative outcomes. Third parties have their own security strategies and infrastructure, which might not stack up to those of their customers, opening further vectors for attackers.
9. Vendors could affect cyber insurance policies: cyber insurance carriers are tweaking underwriting procedures and certain vendors could be identified as red flags and affecting an organization’s ability to get a policy in 2024.