As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends. We each need to consider how these trends may affect our organizations and allocate our budgets and resources accordingly:
- AI will turbo-charge cybersecurity and cyberthreats: Artificial intelligence (AI) will boost both attackers and defenders while causing governance issues and learning pains. Read more.
- Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. Read more.
- Attack surfaces will explode: Cyberdefense complexity will compound as API, cloud, edge, and OT resources add to the list of assets to defend. Read more.
- Government actions will increase: Expect more government regulations, state-sponsored cyberattacks, and increased documentation required to protect CISOs. Read more.
- 2023 cybersecurity issues will continue: Weak IT fundamentals, poor cybersecurity awareness, and ransomware will still cause problems and make headlines. Read more.
- Bottom line: Prepare now based on risk. Read more.
AI Will Turbo-Charge Cybersecurity & Cyberthreats
For better or worse, artificial intelligence (AI) is here and accelerating. Various forms of AI, such as machine learning (ML) and large language models (LLM), already dominated headlines throughout 2023 and will continue to present both overhyped possibilities and realized potential in 2024. Industry experts see that AI will require governance action, cause learning pains, and will be used to both improve and attack cybersecurity.
Regardless of our positive, negative, or neutral attitude towards AI, all organizations will need to develop an official stance, develop policies, and police those policies. Without guidelines, organizations risk unfettered use of AI, risks of data leaks, and no recourse for unethical AI use within the organization.
Sharad Varshney, CEO of OvalEdge, puts AI use in a familiar framework and notes that ”the same issue that faces generative AI-based innovations is the same for everything else: all roads in anything IT-related start and end with data- the most critical component of every system.”
“Organizations faced similar security visibility and control challenges with SaaS apps like Box or Dropbox,” adds Kunal Agarwal, Founder and CEO, dope.security. “Organizations will look to understand what apps employees are using, evaluate whether they should be paid for by the company (to control), accept the risk, or block the app… the company can choose to educate (through a warning page) or block the app entirely.”
“AI-related innovations will create new possibilities we’re not even considering at the moment,” cautions Manny Rivelo, CEO of Forcepoint. “Moving forward, organizations of all sizes will need to create and expand corporate AI policies that govern how employees can interact safely with AI. And AI security policies will need to extend beyond commercial AI tools to also cover internally-developed GPTs and LLMs”
Security teams shy away from formal rules, but sometimes it just has to be done. For more on governance and policies, check out our article on IT security policies, including their importance and benefits, plus tips to create or improve your own policy. Also consider learning about the top governance, risk, and compliance tools to identify the best one for you.
AI Use Danger
As with any emerging technology, many organizations should expect errors and growing pains as teams learn the nuances of applying the technology. Yet these dangers can be offset through training to minimize issues.
Phil Nash, Developer Advocate of Sonar, cautions that “successes from using AI tools to write code will lead to overconfidence in the results, and ultimately a breach will be blamed on the AI itself.”
“Before companies can effectively and safely use generative AI tools, employees must be educated on utilizing best practices: writing prompts that achieve desired outcomes, keeping data security and privacy in mind when inputting data, identifying the quality and security of AI, verifying AI output, and more,” elaborates Arti Raman, CEO Portal26.
Many vendors began marketing AI-enhanced products years ago, and experts see continuing development of AI as an advantage for improved cybersecurity.
Aiden Technologies CEO Josh Aaron Predicts that AI will “enhance the effectiveness of software patch management among security professionals [by] leveraging AI for risk assessment and prioritization in patch management [and] a move towards systems that not only detect vulnerabilities but also autonomously determine the best ways to remediate them [by] employing machine learning algorithms.”
Similarly, Mike Anderson, CIO & CDO of Netskope, sees more general benefits. “In the coming year, I think we will see generative AI be used to analyze a company’s existing policies, regulatory requirements, and threat landscape to generate tailored security policies. I also think we will also see generative AI used to continuously monitor a company’s network and systems for policy violations and automatically respond to issues.”
Eric George, Director, Solution Engineering – Digital Risk & Email Protection at Fortra, notes that “Organizations will continue to migrate to cloud-based email solutions. While these solutions (such as [Microsoft365]) offer a level of protection and capabilities (antivirus, anti-spam, archiving, etc.), an additional layer of protection is also required to combat more advanced attacks that leverage brand and individual impersonation. To fill this gap, organizations will look to integrated cloud email (ICE) security solutions that leverage data science (AI/ML) and organizational specific intelligence (indicators).”
Despite the advancements in using AI to improve security, cybercriminals also have access to AI and LLMs. Expect cybercriminals to embrace the power of AI to enhance their threat capabilities.
Melissa Bishoping, Director and Endpoint Security Research Specialist for Tanium, notes that “It’s possible that better models and malicious use cases emerge that allow threat actors to scale their operations faster with fewer individuals contributing.”
Shivajee Samdarshi, Chief Product Officer at Venafi sees the possibility of AI itself becoming the source of the attack. “In 2024, AI poisoning attacks will become the new software supply chain attacks. Such attacks will be characterized by threat actors targeting the ingress and egress data pipelines to manipulate data and poison AI models and the outputs they produce.”
In addition to enabling cyberattacks, AI will also be used to create more believable disinformation to attack both governments and businesses. Andy Patel, Researcher, WithSecure expects that “AI will be used to create disinformation and influence operations in the runup to the high-profile elections of 2024. This will include synthetic written, spoken, and potentially even image or video content. Disinformation is going to be incredibly effective now that social networks have scaled back or completely removed their moderation and verification efforts. Social media will become even more of a cesspool of AI and human-created garbage.”
Cybercrime Will Go to the Next Level
While cybercriminals have always shown strong adaptability and opportunism, experts expect that attackers will develop further in capabilities and strategies throughout 2024. Some attacks will be aided by technology, while others will be more strategic in nature as companies strengthen cyberdefense against older attacks.
Improved Attacker Skills
In addition to the use of AI, we should expect cybercriminals to incorporate their access to dark web information to make attacks much more believable and widespread.
“Witness the ascent of hyper-personalized phishing attacks, leveraging advanced AI to craft deceptive attempts, posing severe threats to data, finances, and reputation,” declares Andrew Hural, the Director of Managed Detection and Response for UnderDefense.
“While AI is still in the early stages of precisely answering questions, it has reached a sophisticated level in generating text in multiple languages, surpassing the well-known limitations of existing translators,” explains Alessandro Di Pinto, Director of Security Research, for Nozomi Networks. “The emergence of AI as a tool for crafting convincing text circumvents [grammar errors], significantly enhancing the likelihood of success in such attacks.”
“The use of deepfake techniques in fraudulent activities… will elevate the sophistication of phishing fraud, making it increasingly challenging for users to distinguish between legitimate services and scams.” continues Ricardo Villadiego, founder & CEO of Lumu.
“By training such models with PII data that is readily available on dark web marketplaces, attack lures that are much more personal and enterprise specific can be created at scale. In addition to being more believable, detection evasion tactics ensure that the attacks only present themselves to the intended target and otherwise “play dead” for detection processes. This combined increase in plausibility and deliverability increases the attacker ROI as well as the damages incurred,” concludes Eric George, Director, Solution Engineering – Digital Risk & Email Protection at Fortra.
Cybercrime Shifts Left
As development and operations (DevOps) uses automation to transition to development, security and operations (DevSecOps) attackers find themselves with less human error to exploit. Recent successes with poisoned open-source libraries and other development channels to deliver malware will continue to influence attacks deeper into the development supply chain for both traditional and new technologies.
Mario Duarte, VP of Security at Snowflake, sees that “attackers are now looking for ways in through developer environments, because that’s where human mistakes can still be discovered and exploited, and we’ll unfortunately see this escalate as suspicious actors become increasingly mature in the coming year. It’s harder for security teams to defend against such attacks, and it’s even more challenging to create baselines for acceptable development activity than for an automated, well-managed production environment.”
Christine Bejerasco, CISO of WithSecure, expands that “in the physical dimension, poisoning the well could impact communities in the area. In the digital dimension, one player can poison the ocean… the user may not notice the changes that poisoned AI models provide, as opposed to compromised open-source code which has tools to identify poisoned code.”
Javed Hasan, CEO and co-founder of Lineaje, concludes with the most blunt warning of all: “the best time to compromise AI is when it is being built.”
Shifting Strategies in Response to Shifting Security
As cybersecurity teams eliminate vulnerabilities and add security to block current attacks, cybercriminals will adjust to attack easier targets or change tactics.
Ricardo Villadiego, founder & CEO of Lumu, expects “a significant shift towards adopting models based on passwordless architectures like Google Passkeys as the dominant authentication method to combat phishing and scam campaigns. However, this disruptive change from traditional models will prompt a change in the focus of phishing campaigns to bypass these new architectures. In response, adversaries will increasingly target obtaining complex variables from the device’s environment, which they will use to bypass new authentication methods.”
Joe Payne, President & CEO at Code42 expects biometrics to trigger a shift to insider threats. “As organizations quickly adopt technologies like Okta Fastpass which uses biometrics for authentication instead of passwords, … we expect an increase in two areas: breaches caused by social engineering (already on the rise), and breaches caused by Insiders (already over 40% of all breaches). Insiders who have legitimate access to source code, sales forecasts and contacts, and HR data continue to take data from organizations when they depart for competitors or start their own companies. As we reduce the ability of hackers to access our data using weak passwords, the focus on solving the insider problem will become more pronounced.”
Attack Surfaces Will Explode
Even as AI turbocharges attack and defense and cybercriminals expand their capabilities, the attack surface cybersecurity teams need to defend will grow at a rapid pace – well beyond standard network security. New and formerly overlooked technologies and connections will become targeted by specialized cybercriminals seeking poorly defended API, cloud, edge, and OT resources.
Application programming interfaces (APIs) provide automated and regularly trusted connections between applications and resources. Andy Grolnick, CEO of Graylog, cautions that “In 2023, ransomware is still the dominant threat in the minds of security teams. However, 2024 will be the year that API security preparedness and threats gain momentum. Security APIs are a challenge because they are:
- simple to navigate and an easy attack
- dark, hidden and hard to track unlike movements on the Web
- internal responsibility is not always clear and CISOs haven’t largely set strategies and ownership.”
The continuing rise in cloud adoption will also expand the attack surface and increase interest for cybercriminals to attack cloud resources. Organizations will need to consider specialized cloud security tools and implement cloud security best practices.
Neeraj Singh, Senior Security Researcher of WithSecure sees “an increase in activities that introduce new technologies and processes that haven’t been thoroughly secured. Cloud services, with their new interfaces, APIs, and communication channels, offer additional targets for attackers, thereby expanding the potential attack surface.”
“Third-party risk will evolve as a big data-security-related challenge in the coming year as organizations of all sizes continue their transition to the cloud,” expands Mike Scott, CISO at Immuta “It’s clear teams can’t accomplish the same amount of work at scale with on-prem solutions as they can in the cloud, but with this transition comes a pressing need to understand the risks of integrating with a third party [cloud provider] and [to] monitor that third party on a ongoing basis.”
Chen Burshan, CEO of Skyhawk Security, even envisions a “rise in cloud-native security incidents that have no perimeter and multiple attack vectors – This is going to shift the market perception because enterprises will realize that no matter how thoroughly they secure the perimeter, threat actors will get in. Cloud Security Posture Management and Cloud Native Application Protection will not prevent a breach, and it will not detect a threat in real time. This will increase the maturity of current security practices and accelerate the adoption of solutions like Cloud Investigation and Response Automation and Cloud Native Threat Detection and Response.”
Even as attackers pursue API and cloud attacks, more organizations push out computing to edge resources beyond any network controls. While many envision attacks on smart cars and surveillance cameras, servers exposed to the demilitarized zone (DMZ), such as MoveIT servers, also provide tantalizing edge targets.
Stephen Robinson, Senior Threat Intelligence Analyst of WithSecure sees “the recent MoveIT compromise by the ransomware group Cl0p will begin to inspire more mass exploitation campaigns targeting edge data transfer servers in a similar vein. MoveIT was typically used for reliable transfer of large volumes of important files between organizations.
“Cl0p exploited MoveIT servers to gain access to and exfiltrate these important, valuable files. For a ransomware group, access to large volumes of valuable data is the end goal, they had no need to go further into the network than the exposed, vulnerable MoveIT servers. I expect to see more copycat attacks where the value is the exploited server itself, not the access it provides to the rest of the network.
Operational technology (OT) used to be unconnected and safely ignored by cybersecurity teams. However, the rise of connected industrial motors, sensors, and industrial control systems (ICS) now provides a tempting target with less mature security.
Edgard Capdevielle, CEO Nozomi Networks, declares, “we’re at risk of the next Colonial Pipeline. Cyber attacks against critical infrastructure are too easy – we’re still vulnerable and unprotected. If this isn’t more widely spoken about or prioritized, there will be another attack on critical operational technology systems within the country, targeting an industry such as oil, energy, hospitals, or airports.”
The ransomware attack on Colonial Pipeline exposed overlooked OT security and the potential disruption to US infrastructure from a single failure. This even subsequently led to an executive order and guidance on ransomware in 2021.
Government Actions Will Increase
As technology progresses at a rapid pace and cybercrime strikes out at an ever-expanding landscape of opportunities, governments will attempt to regulate, influence, and exert control over the cybersphere.
Decades of use and abuse of computer systems led to early regulation, such as Europe’s General Data Protection Regulation (GDPR) adopted in 2016 and California’s Consumer Privacy Act (CCPA) passed in 2018. This year will see the first enforcement of two new laws in the European Union: the Cyber Resilience Act (CRA) and The Network and Information Systems Directive (NIS2).
While the EU leads in regulation, the US will also exert regulatory influence. “In the next year, we expect a regulatory surge that CISOs must prepare for – which could include continued AI regulation, new post-quantum guidance, and, in late 2024, new legislation is expected around Know Your Customer (KYC) guidelines,” cautions Jordan Avnaim, CISO at Entrust. “Businesses should consider each of these a call to action to improve not only their own cybersecurity strategies, but also to consider the impact of new technologies, like AI, on their organization and their customers… In the U.S. alone, at least five more state privacy laws will go into effect in 2024, including those in Washington, Oregon, Texas, Florida, and Montana. CISOs and leaders will need trusted advisors, sound support, and secure solutions to successfully and safely forge ahead.”
Matthew Corwin, Managing Director of Guidepost Solutions, adds that “security teams must navigate new breach reporting landscapes shaped by the SEC’s four business day rule for material cybersecurity incidents, state PII breach notification laws, and other regulatory requirements. These regulations underscore a shift towards rapid, transparent incident disclosure, emphasizing the need for advanced detection, streamlined reporting processes, and comprehensive incident response strategies.”
The incoming rules have yet to be tested and well understood, but the well-established GDPR and similar regulations can provide a basic understanding of the methods needed for basic compliance requirements.
Even as regulations will be launched to influence corporate behavior, other governments will sponsor cyberattacks to push their influence.
Stephen Helm, Product Marketing Director at Nisos, warns that “as geopolitical waters become more turbulent, and with the US election season fast approaching, China, Russia, and Iran promise to redouble their efforts to sow confusion and discord across the globe as they further their own goals of expanded influence. The use of sockpuppets, comment spamming, and bots to amplify narratives will continue to evolve to be more difficult to detect, thanks to AI and other tools.”
“Influence operations in Latin America in 2022-2023 demonstrate this evolution. The China News Service used to hijack permissions to invasively access and potentially take over subscribers’ Twitter, Sina Weibo, and Weixin accounts to push pro-Beijing content. Worse still, companies offering election manipulation services that leverage fake social media accounts, AI, and other digital assets now operate as legitimate businesses in some parts of the world.”
Over the past two years attacks by Russia, China, Iran, and North Korea exploited vulnerabilities and created enormous challenges for public and private organizations of all sizes. Reading up on past attacks can provide hints for tactics and the speed at which nation-sponsored attacks can occur.
Increased Need for Regulatory Documentation
In addition to regulations and direct government actions, experts expect more enforcement from the US Security and Exchange Commission (SEC) and other agencies on recently passed legislation or rules. To defend themselves and their teams, cybersecurity teams need to improve documentation.
Nicole Sundin, CPO of Axio, foresees that “CISOs will need a system of record to protect themselves from the fallout of breaches. It’s no secret that the SEC is now holding CISOs accountable for the risks organizations take on. Currently, CISOs … make difficult choices, and act as they see necessary—but these may or may not be documented.”
Matt Wiseman, Senior Product Manager of Opswat, extends the warning to documenting third parties and the software bill of materials (SBOM) since “greater requests for SBOMs and more demand to understand tools at a deeper level will lead to increased requirements from regulatory organizations or government agencies. Given the growing concern for threats from vendors, third-parties, or nation-states, all software will be more thoroughly vetted before being deployed in critical areas.”
2023 Cybersecurity Issues Will Continue
Some 2024 predictions simply acknowledge the continuing trends that started well before this year. The trends of weak security foundations, poor cybersecurity awareness, and ongoing ransomware attacks will remain a major focus until these trends can be mitigated.
Weak Security Foundations
Even as vendors and technologies race ahead to tackle next year’s threats, many organizations lag in basic cybersecurity fundamentals such as asset management, identity, access management, defense in depth, and cybersecurity awareness and training.
“Some of the foundational requirements for securing an organization will continue to challenge InfoSec leaders – primarily, establishing comprehensive visibility into all assets and tight control over who can access them and with what level of privileges,” acknowledges Vinay Anand, Chief Product Officer of NetSPI.
Yaron Kassner, Co-founder and CTO of Silverfort, adds that “compromised identities will remain a favored weapon for cybercriminals. Countless organizations struggle to modernize their access systems amidst legacy constraints and a tangled web of identity providers.”
“We are beginning to see a shift in cybersecurity investment strategies that better reflect the current threat landscape,” points out Roman Arutyunov, Co-Founder and SVP Products at Xage Security. “Companies are recognizing that threat hunting and responding to endless detections and false positives uses too much of their precious security resources and they’re growing tired of chasing needles in a haystack. They are now turning their attention to reducing the attack surface by proactively protecting their assets.”
Poor Cybersecurity Awareness
Just as sexual harassment and anti-bias training continues to be a human resources priority, basic cybersecurity training must also become a regular fixture in the professional landscape.
Frank Gartland, chief product and technology officer from Skillable, reminds us that “Eight-in-ten cyber-attacks occur due to human error, so providing people with regular cybersecurity training can make a significant difference to your cyber resilience.”
Nick Carroll, Cyber Incident Response Manager at Raytheon, notes an even broader need for a security culture. “Without a solid security culture at the foundation, security tools, such as expensive firewalls or endpoint detection and response (EDR), will ultimately become ineffective down the line. If organizations haven’t already, they must begin to build cybersecurity awareness among employees and third-party partners, while also determining the best path for how to integrate security into the organization’s culture and operations.”
Continued Ransomware Attacks
Ransomware began dominating headlines during the pandemic and has only continued to be a problem. Desperate organizations, against the advice of law enforcement, continue to pay ransoms and fuel interest for cybercriminals.
Raffaele Mautone, CEO and Founder of Judy Security, anticipates trouble for even small and medium sized businesses (SMBs). “Ransomware attacks will continue to diversify their targets, expanding beyond large enterprises to encompass small and medium-sized businesses, municipalities, and healthcare institutions. This trend will lead to a surge in attacks on SMBs, who may be more vulnerable due to limited cybersecurity resources.”
Kev Breen, Director of Cyber Threat Research at Immersive Labs, recommends preparing for the worst. “We should expect to see ransomware groups leveraging new techniques in Endpoint Detection & Response (EDR) evasion, quickly weaponizing zero days and as well as new patched vulnerabilities, making it easy for them to bypass common defense strategies. As a result, security teams can’t rely on an old security playbook. Companies should not worry about how they can detect everything, and instead just assume at some point it will go badly [and] have plans in place to best respond.”
Ransomware requires access to endpoints to strike. While advanced attackers will seek novel evasion tactics, we can’t make their job easy by deploying sloppy cyberdefense. Consider implementing strong endpoint protection (antivirus, EDR, or XDR) as one of many layers of defense against ransomware and other attacks.
Bottom Line: Prepare Now Based on Risk
Predictions by experts deliver value only if acted upon. While none of these major trends for 2024 can be guaranteed, all of them are possible, and the continuing headaches already plague many organizations today.
Each organization must analyze each trend’s specific risk to the organization and its most valuable assets. The completed analysis will naturally define the trends most likely to cause issues and the ones most urgent to address. For resources to help manage these recognized risks, read our article on the best tools for risk management.
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.