Cyber Security Trends For 2024

Uploaded on 2023-11-30 in Directors Reports

Includes Promoted Content

Cyber Security Trends For 2024

Directors Report: This article is exclusive to premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Cybercrime is predicted to cost the world $8 trillion USD in 2023 and by the end of 2024 the cost of cyber attacks on the global economy is predicted to top $10.5 trillion.

This staggering amount reflects the growing need for cyber security to be treated as a strategic priority on an individual, organisational and governmental level. As in every other field of business and technological endeavour, Artificial Intelligence (AI) will have a transformative impact on both attack and defence.

Recent years have brought an acceleration in the pace of technological advances in many fields, and cyber threats are no different. In the online works, forewarned is forearmed (click here). What are our predictions  for the cyber security trends that everybody should be on high alert for as we head into 202?

Cyber Security Risks, Trends and Predictions For 2024

1. The Rise in the Targeting of Collaboration Tools

With consumers getting wise to scams via social networks, we have seen an increasing prominence in cyber criminals focusing on communications tools. The use of such software increased during the pandemic, and cyber criminals are aware of the amount of sensitive data these tools contain.

Rather than seeking out technical weaknesses in collaboration tools, hackers are exploiting users by impersonating the tools themselves. It can happen on platforms and also in the form of phishing attacks.

2. Known IoT Vulnerabilities Will Be Used to Enhance Impersonations

Deepfakes are becoming increasingly used to imitate voices or tamper with videos. The rapid evolution of artificial intelligence is improving the quality of deep fakery, making these scams harder to spot. The use of AI for malicious purposes will continue to be focused on stealing identities. The technology can be used to sidestep certain algorithms that detect suspicious activity, and spoofing attempts are only going to keep evolving.

Soon, AI will be simulating human activities on voice and video applications to bypass biometric analyses. With IoT devices now heavily embedded into daily life, it seems inevitable that vulnerabilities will be exploited further next year.

3. The Role of Storage Will Increase

As we have observed in the past 12 months, storage solutions have been working hard to improve their defences against ransomware and other cyber attacks. There is a trajectory towards improving enterprise data storage solutions for:

  • Earlier attack detection.
  • Prevention of attacks on stored data.
  • Improved methods of recovering stored data.

This is certain to continue being a prominent feature of cybersecurity in 2024. Increasingly advanced security mechanisms will be deployed at application, network and server levels to strengthen defences against cyberattacks.

4. Changes to Cyber Insurance Contracts Will Gain Pace

There has been an increasing fear of a tidal wave of cyber insurance cancellations, followed by a desperate race to secure new coverage, probably at significantly higher rates. Companies will thus need to demonstrate very strong cybersecurity credentials to obtain coverage, as insurance underwriters raise the threshold of expectations.

But the market is predicted to grow, particularly as the need for such insurance increases and the amount companies have to pay keeps rising.

5. The Targeting of Windows WSL and WSA Emulation Layers

There have been various sightings of malware targeting the WSL layer in major Windows in recent years. This layer is widely used by system administrators and developers, and the arrival of enhanced graphical support under WSP and Android WSA emulation is encouraging more Windows 11 users to activate these system layers.

This is increasingly likely to entice cyber criminals looking to find new outlets for Linux malware and botnets.

6. Exploitation of Weak Supply Chains

The fragility of many company supply chains is becoming common knowledge for the cybersecurity industry and has become a targeted attack vector causing diverse and crippling impacts. Supply chain cyber attacks are on an upward trajectory, necessitating new regulations to help protect networks and solve this increasing problem. A global impetus to collaborate between governments and private sectors is growing as the need to identify and target threat groups increases.

Supply chains offer attackers the opportunity to implement a one-to-many attack, so they are likely to continue pouring resources into it. Expect to see more developments on this front in 2024.

7. The Rapid Rise in IoT Botnet Capabilities

In 2023, we saw a record DDoS attack that peaked at 900.1 gigabits per second and 158.2 million packets per second. This surpassed even the wildest predictions at the start of the year, causing substantial economic pain.

Such attacks are liable to become more prevalent as the capabilities of attackers continue to advance. There is a very real risk of even more devastating attacks like this in 2024.

8. A Rise in ‘Zero Trust’ Approach

We’re already seeing signs of it, the principle of a Zero Trust model is simple, but suppliers need to reach a clearer consensus on how to implement it holistically.

There is no doubt that the Zero Trust approach is gaining momentum, with companies increasingly adapting their security strategies to the principle. The core challenges are:

•    How to implement technology cohesively across IT assets.
•    How to enable remote employees to access networks.

This is a definite trend in cyber security, and 2024 could be the year that clear guidelines are developed to allow more stakeholders to be involved in the search for optimal solutions.

9. The Threat of the So-called ‘Great Resignation’

There is a worrying trend of experienced cyber security professionals leaving the industry. With around 1 in 10 walking away, the problem of extreme stress or burnout is not getting any better. Alarming numbers of these professionals have spoken of thoughts about quitting their job due to stress, so cyber security is not immune to the global trend of people leaving high-stress jobs to pursue a better work-life balance.

Cyber Security Skills Crunch

A shortage of professionals with the skills needed to protect organisations from cyber attacks continues to be a running theme throughout 2024. In fact, the situation appears to be getting worse. Research indicates that a majority (54 percent) of cyber security professionals believe that the impact of the skills shortage on their organisation has worsened over the past two years.

We can expect efforts to rectify this situation to include a continued increase in salaries paid to those with the necessary skills, as well as greater investment in training, development and upskilling programs.

Generative AI Adopted On Both Sides Of The Battle

As AI increases in sophistication at a frankly alarming rate, we will continue to see more sophisticated and smart AI-powered attacks. This will range from deepfake social engineering attempts to automated malware that intelligently adapts in order to evade detection.

At the same time, it will help us detect, evade or neutralise threats thanks to real-time anomaly detection, smart authentication and automated incident response. If cyber attack and defence in 2024 is a game of chess, then AI is the queen, with the ability to create powerful strategic advantages for whoever plays it best.

Next-Level Phishing Attacks

Social engineering attacks involving tricking users into giving attackers access to systems will also increase in sophistication. Generative AI (such as ChatGPT) tools enable more attackers to make smarter, more personalised approaches, and deepfake attacks will become increasingly prevalent.

The response to this will largely revolve around organisation-wide awareness and education, although AI and zero trust will play a growing role, too.

Cyber Security In The Board Room

In 2024, cybersecurity is a strategic priority that can no longer be siloed in the IT department. Gartner has predicted that by 2026, 70 percent of boards will include at least one member with expertise in the field.

This enables organisations to move beyond reactive defence, meaning that they can act on new business opportunities that come with being prepared.

IoT Cyber Attacks

More devices talking to each other and accessing the internet means more potential “ins” for cyber attackers to take advantage of. With the work-from-home revolution continuing, the risks posed by workers connecting or sharing data over improperly secured devices will continue to be a threat.

Often, these devices are designed for ease of use and convenience rather than secure operations, and home consumer IoT devices may be at risk due to weak security protocols and passwords.

The fact that industry has generally dragged its feet over the implementation of IoT security standards, despite the fact that the vulnerabilities have been apparent for many years, means it will continue to be a cyber security weak spot, though this is changing.

Cyber Resilience That Goes Beyond Cyber Security

Two terms that are often used interchangeably are cyber security and cyber resilience. However, the distinction will become increasingly important during 2024 and beyond. While the focus of cyber security is on preventing attacks, the growing value placed on resilience by many organisations reflects the hard truth that even the best security can’t guarantee 100 percent protection.

Resilience measures are designed to ensure continuity of operations even in the wake of a successful breach. Developing the capability to recover in an agile manner while minimising data loss and downtime will be a strategic priority in 2024.

Less Than Zero Trust

The fundamental concept of zero trust, always verify, evolves as systems become more complex and security is integrated into business strategy. Zero trust states that there is no perimeter within which network activity can be assumed to be safe.

As the threat landscape evolves, this principle extends beyond the corporate network to the ecosystem of remote workers, partnered organizations and IoT devices.

In 2024, zero trust moves from being a technical network security model to something adaptive and holistic, enabled by continuous AI-powered real-time authentication and activity monitoring.

Cyber Warfare And State-Sponsored Cyber Attacks

The war in Ukraine, which looks set to enter its third year, has exposed the extent to which states are willing and able to deploy cyber attacks against military and civilian infrastructure in 2024. It seems highly likely that wherever military operations take place around the world, they will include cyber warfare operations.

One of the most pressing challenges is that the Ukrainian government is under near-constant digital attack.

The most common tactics include phishing attacks designed to gain access to systems for the purposes of disruption and espionage and distributed denial-of-service attacks to disable communications, public utilities, transport and security infrastructure.

Outside of warfare, major elections will take place in 2024 in countries including the US, UK and India, and we can expect an increase in cyber attacks aimed at disrupting the democratic process.

Soft Skills Becoming Increasingly Essential For Cyber Security Professionals

Cyber security professionals will increasingly be expected to take on more complex workloads during 2024 as the threat landscape grows ever more sophisticated. This doesn’t simply mean in a technical sense, those with responsibility for countering cyber threats will also find themselves tasked with more complex social and cultural aspects of threat mitigation.

This will lead to a growing reliance on soft skills such as interpersonal communication, relationship-building and problem-solving.

Cyber Security Regulation

Governments and organisations are becoming increasingly aware of the risks to national security and to economic growth posed by cyber threats.

The potential social and political fallout of large-scale data breaches is also a major factor in the emergence of new regulations around cyber security issues.

For example, businesses in the UK have until April 2024 to ensure they are compliant with the Product Security and Telecommunications Act, which sets out minimum security requirements that networked products must adhere to (for example, they mustn’t be shipped with a default password).

Implementation of the EU’s similar Radio Equipment Directive has been delayed until 2025, but the topic is still likely to be high on the agenda of legislators throughout 2024.

Image: Kajetan Sumila

References:

Forbes:     Google:    

Security BriefEsentire:    

Homeland Security

Cybercrime Magazine:    

Newswires:    Eventura

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« President Biden Takes Action On Artificial Intelligence
The Dark Web Encompasses Both Criminal & Legal Activities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

CompliancePoint

CompliancePoint

We design and implement strategies, processes & procedures to mitigate risk, reach compliance goals, protect data assets, and meet industry standards.

Cybellum

Cybellum

Cybellum provides software risk assessment for DevOps and security executives, by detecting vulnerabilities automatically, without source code.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

Ensighten

Ensighten

Ensighten is a leader in Website Security & Privacy Compliance. Protect your website from malicious attacks, monitor & detect vulnerabilities, protect consumer data.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.