15 Cybersecurity Predictions For 2024 And Beyond
Regarding cybersecurity, 2023 has shown no signs of weakening attacks; quite the contrary. But what does 2024 have in store for us? BeyondTrust has already played the prediction game. Its report highlights the challenges and innovations that will shape the cybercrime and cybersecurity landscape in the year to come.
It took time, but cybersecurity has become standardized as a priority in all IT departments, company management committees, and administrations. This priority still needs to become the absolute urgency of all organizations and for the necessary budgets to be effectively allocated. There is little chance that 2024 will significantly accelerate this area.
However, as the end of the year approaches, major market analysis firms and cybersecurity publishers are starting to deliver their forecasts and sometimes even predictions.
One of the reports received recently caught our attention. While we wait for us to aggregate and summarize all the trends in our end-of-year papers, we have chosen to share today the vision of BeyondTrust, which seems to cover the themes of the moment quite broadly.
Thus, it is one of the first cybersecurity players to engage in the art of 2024 divination and to identify 15 key trends that, according to its experts, will dominate the cybersecurity field in 2024 and beyond. They reflect both the evolution of cyber threats and the impact of new technologies on the risks businesses and public organizations face.
Table of Contents
Prediction #1: Cybercriminals’ takeover of Generative AI
Malicious actors will increasingly integrate generative AI, leveraging it to enhance their attack capability.
They will increasingly use AI that is accessible to all, as well as open source AI that is diverted for their own needs to improve their attacks by email and Deepfakes.
Specialized generative AIs will become a crucial tool, making it easier to discover vulnerabilities and evade detection.
Prediction #2: The emergence of new AI threat vectors
AI won’t just improve existing attacks. It will also generate new vectors based on the results of generative AI. The generation of false content will challenge the line between reality and deception. This development raises new concerns about the ability of tools and IT to distinguish fact from fiction.
Prediction #3: Vulnerabilities born from AI programming
The developer profession is experiencing a profound change. More than 70% of developers already use AI to help them generate most of their code. Very soon, AI will be able to produce entire applications on its own. The increase in this “AI-assisted” programming will ironically lead to an increase in security vulnerabilities due to errors and inappropriate configurations in AI-generated code.
Prediction #4: The Decline of Dedicated Applications
The advent of generative AI could make specialized applications obsolete, favoring user interfaces based on voice commands and focused on specific results. A reality that will lead cyberattackers to change their approaches. And the fewer different applications there are, the more a flaw in one application becomes a general flaw.
Prediction #5: The replacement of VOIP and landline telephony
Fixed telephony and VOIP are giving way to unified communications services, but this transition could expose new vulnerabilities. They expose companies to new forms of hacking and attacks based on the digitalization of means of communication.
Prediction #6: The evolution of subscription practices
Consumer packaged goods are increasingly moving toward subscription models, with increased risk to data security due to potential gaps in these systems and in electronic payment systems intended to replace cash.
Prediction #7: Increased risks with the widespread use of USB-C
While convenient, standardizing on USB-C will open up new opportunities for cyberattacks by making it easier for hackers. Having only one connection type simplifies the task of threat actors and increases the risk of attacks.
Prediction #8: Ransomware exploit maps
According to BeyondTrust, ransomware attacks will increasingly shift toward selling exploitable data about targeted organizations rather than extortion. In other words, ransomware will be used increasingly to strengthen Dark Web markets. With the idea that thanks to ransomware, cybercriminals will increasingly map the vulnerabilities of organizations and sell them in packs with the vulnerabilities identified, the exploits applicable, the compromised identities, the privileges obtained, and the defects in the hygiene of the targeted. Within passing, there is probable use of AI to automate and optimize these mapping processes (let’s not forget that security tools will be enriched in 2023 with conversational AI to simplify such mapping work on the defense side precisely). These ransomware exploit mapping practices will increase the risk and impact of cyberattacks for organizations.
Prediction #9: Towards standardization of Cyber insurance policies
According to BeyondTrust, cyber insurance policies should move towards more standardization. They will be increasingly standardized and shared with different insurers to avoid each having its own requirements and conditions. Beyond Trust states, “the industry will likely adopt a master contract model with standard policies.” Check it out next year.
Prediction #10: The Decline of Malware
Long announced but never appeared, the end of the era of traditional malware is approaching. According to BeyondTrust, malware is declining, which is expected to be more significant in 2024. It will give way to more identity compromises and more advanced attack tools. In other words, corporate cybersecurity must focus even more on identifying compromised identities and detecting suspicious, malicious, or atypical behavior.
Prediction #11: The AI supply chain in the crosshairs
States will use AI supply chains to introduce vulnerabilities, targeting training data, MLOps chains, and AI programming support services.
Prediction #12: New Threats to Identity Authentication Chains
Identity verification services have become essential in response to identity theft. However, they are not infallible, and they could become favorite targets for cybercriminals.
Prediction #13: AI Governance and Compliance
AI regulations are slowly coming into place, and they focus on ethical standards and privacy protection. In this regard, it is not a cybersecurity subject. What worries BeyondTrust more are the regional variations in these regulations. Not only will these variations complicate the implementation of a single and universal governance of AI, but they can generate inequalities and technical, operational, and legal challenges synonymous with risks of sanctions, litigation, reputation, and trust, which can indirectly affect organizations’ cyber resilience.
Prediction #14: The return of vintage, a risk for homes
Vintage electronic devices, reinvented with modern connectivity, are making a comeback. Retro-gaming consoles, the return of vinyl, the return of cassettes, the return of instant photography, the return of a Hifi with disparate elements (but now connected). The 80s are back! But in a connected version. This opens up new vulnerabilities, mainly in homes.
Prediction #15: The end of physical remote controls, another not only family risk
BeyondTrust sees physical remote controls for our electronic devices soon replaced by mobile apps and voice commands. We already see this with televisions and home automation devices controlled by smartphones, Alexa, or OK Google. Although reducing electronic waste, this announced the end of remote controls opens the way to new security challenges similar to those posed by IoT. Remote controls can be found everywhere, even in businesses.
Here are 15 predictions that illustrate the growing complexity of the cybersecurity landscape and put into perspective specific challenges and risks only sometimes well anticipated by CIOs and CISOs. They highlight the importance of increased vigilance and adoption of adaptive security strategies to navigate an increasingly digitalized and interconnected world.
Also Read : Public Sector: When Will The Next Cyberattack Take Place?