How can an organization prepare to be cyber resilient in 2024? The big trends to watch seem to focus primarily on AI. While the rise of generative AI does pose challenges, leaders must be careful not to miss out on other crucial trends that will shape the cybersecurity landscape this year.
AI-powered social engineering
Since the advent of commercial Large Language Models (LLM), many have criticized the many opportunities they offer malicious cyber actors. But that’s not all. AI also allows cybercriminals to obtain large amounts of data to launch phishing attacks. The rise of deep fakes, which deceive unwitting users by posing as reliable sources, also poses a real threat.
Currently, there does not appear to be a definitive technological answer to this problem. put an end to deepfakes. Instead, most advice focuses on maintaining good cybersecurity practices. AI algorithms are so sophisticated that they evade detection, making things much more complicated.
AI is changing the social engineering industry, but if 2023 was the year of reckoning with this new threat and catching up with the creativity of threat actors, 2024 looks set to create bigger problems with more serious consequences.
Cybersecurity AI
Generative AI gave a new twist to artificial intelligence and surprised everyone at the end of 2022. Even before that, malicious actors had started deploying AI to launch new types of attacks. However, we are starting to realize that the way to combat these AI-based attacks is also through AI. Cybersecurity AI. The rapid evolution of LLMs in 2023 surprised many executives, as there was no concrete plan to counteract the negative consequences.
Regardless, in 2024, organizations have no excuse not to prioritize AI in cybersecurity, including for attack surface management. Of particular concern is the growing use of AI business tools by employees. To prevent data leaks and exfiltration, policies regarding acceptable use must be created.
US National Data Privacy Regulations
Companies complain about the complex patchwork of privacy laws under which the United States operates. Different sectors, such as healthcare and financial services, are governed by specific laws. Privacy laws, particularly aimed at protecting underage users, are also on the rise.
However, the major challenge remains the lack of federal data privacy regulations that apply in every state. As it stands, trying to comply with all the different states’ data privacy regulations is exhausting for a business.
This is completely different from the European Union, where 27 countries are governed by a single data privacy law. So far, the biggest attempt to achieve this goal is US privacy and data protection lawand despite bipartisan support, it was never implemented.
Other state laws – including Florida, Texas and Montana – will take effect soon. However, the demand for federal regulation persists. Given the growing threat posed by AI, this year could finally be a watershed year for America’s national data privacy law.
Ransomware
In recent years, the business world has faced a fierce battle against ransomware, a particularly lucrative form of cyberattack. While many thought the “good guys” were finally winning the war, it turned out that according to the Ransomware Threat Landscape Report 2024ransomware attacks increased towards the end of 2023.
Although the political declaration is not legally binding, a glimmer of hope appeared in November when 50 members of the International Counter Ransomware Initiative has pledged not to pay ransomware extortion demands.
State-sponsored cyberattacks
We were barely two weeks into January when Microsoft detected Russian state-sponsored attack against its systems. This illustrates another trend that has persisted over recent years and highlights the need to urgently combat attacks of this nature. State-sponsored attacks are far more dangerous than other attacks because they threaten national security, compromise critical infrastructure, and exacerbate geopolitical tensions through espionage and other sinister activities.
Major international crises, including the Russo-Ukrainian war and the Israeli-Palestinian conflict, will persist into 2024, with no bright signs of any positive change. Big businesses and governments need more concerted efforts to fend off these attacks.
Passwords and access keys
Authentication is a major challenge in cybersecurity, and over the years, passwords, although a convenience issue, have cemented their role as the most secure authentication standard. However, the corporate world may finally be more than ready to adopt a more secure, passwordless approach to security. By password connection technology linked to biometrics or hardware keys, users no longer need to memorize multiple passwords while being assured of a high level of security.
Although there is still a long way to go before password login is completely standardized, its adoption by Google, Apple, Microsoft, X, Amazon, and various password management tools means huge progress will be recorded – and are, in fact. , already recorded – in 2024, when passwords will increasingly become the standard for global login. However, passwords won’t disappear completely anytime soon. Safety in this area should therefore not be abandoned.
Mobile security
Cyberattacks on mobile devices have become more common as these gadgets have become work tools. Google’s announcement late last year that Android 14 will enable passwords was a significant development in mobile security. However, there is still much to do. For example, according to Kaspersky, adware remains a major challenge, accounting for more than half of mobile device risks. Of course, phishing also remains a challenge. These challenges concern all platforms.
According to Zimperium Mobile Security Report for 2023, 80% of zero-day mobile exploits targeted iOS devices, while critical Android vulnerabilities detected saw a 138% year-over-year increase. Mobile operating system manufacturers continue their commitment to more security in 2024and this is an area to watch.
Conclusion
The cybersecurity challenges are endless. However, by staying ahead of the game, organizations can ensure they don’t catch up in a game where threat actors are making significant strides. By addressing these trends, businesses can ensure they stay on top of the cybersecurity landscape.
Editor’s Note: The opinions expressed in this guest authored article are solely those of the contributor and do not necessarily reflect those of Tripwire.
