What emerging trends do you anticipate for the year ahead and what underlying factors are driving these expectations?

What emerging trends do you anticipate for the year ahead and what underlying factors are driving these expectations?

In the ever-evolving realm of cybersecurity, foresight is key to staying ahead of emerging threats and safeguarding our digital future. As we approach the dawn of a new year, we turn to preeminent voices in the field to peer into the crystal ball of technology. From the rise of sophisticated cyberthreats to the transformative impact of emerging technologies, we speak to those at the forefront of defending our digital landscapes.

Given the sharpening complexity of cyberthreats, our digital and physical infrastructure faces mounting challenges. In the past year alone, we’ve seen cybercriminals refine their arsenal with sophisticated tools aimed squarely at evading defences and causing disruption. This isn’t an underground effort but a professional marketplace, teeming with state-backed operatives, criminal collectives and rogue activists.

As the UK’s critical infrastructure stands on high alert, cybersecurity firm, Bridewell, spotlights the critical trends and emerging dangers cyber teams must watch out for in 2024.

Its report, Cyber Security: What to Expect in 2024, is informed by insights collected through continuous monitoring from its 24/7 Security Operations Centre (SOC) and input from its dedicated consultants and cyber experts. A snapshot of the challenges on the horizon for next year and in the full report are: 

2024 will see RaaS level up the cyber world: The growth of Ransomware-as-a-Service (RaaS) will catapult large-scale criminal gangs to enterprise status and level up the lower-skilled crime groups. Ransomware operators with the skills to write software for use by affiliate groups have identified a gap in the criminal market. This is accelerating the professionalisation of cybercrime. Large-scale ransomware groups will achieve the size and habits of major enterprises, adopting departmental specialisms such as R&D and offering defined career structures. The only thing they won’t do in 2024 is pay taxes.

The rise of malware that thinks for itself: Forget Terminator, Skynet, or HAL 9000 on the Discovery One spacecraft, AI threats are real and all around us. AI will lower the barrier to entry for criminals but also help with detection in a way no human can, democratising security. AI will enable more sophisticated attack methods such as polymorphic malware, which mutates with every infection, making detection a difficult task. The arms race around AI will become a distinct feature of the next 12 months, as organisations and criminals compete to take advantage of the technology.

Cyber strikes to the supply chain: Supply chain attacks – a constant source of alarm for several years – will continue to pose serious problems in 2024. The reason is not just that criminals have become very expert in moving through suppliers’ systems to their ultimate target. Supply chains are, and will continue to be, very difficult to secure end-to-end. As concerns mount, more companies will turn to specialists to conduct assessments of supply chain partners to judge where and how each supplier poses a risk.

An explosion of threats against energy companies: The energy sector faces heightened risk because it’s a bargaining chip for cybercriminals focused on politically motivated attacks. It is effectively a weapon of war and an area of major governmental concern, given its critical role in all economies and the sensitivity to price rises among consumers. The International Energy Agency has warned that energy systems are at ‘unprecedented threat’ from cyberattacks, particularly in the renewables segment of the market. Green energy technologies will become hotspots for cyberthreats, so the sector must brace for a turbulent year.

Big year for cyber in politics? Cyberattacks often correspond with major political events, and 2024 will see a UK general election. Preparation will be key as Russia, North Korea, Iran and activist hacking groups all carry their own motivations. Following ‘the biggest data breach in UK history’ at the Electoral Commission, the government will certainly step-up security to prevent threat actors from entering networks or disrupting proceedings during 2024.

John Fokker, Head of Threat Intelligence, Trellix

John Fokker, Head of Threat Intelligence, Trellix

Looking back over the past year, 2023 has been both uncertain and innovative. Organisations are becoming increasingly digitalised and employee gaps have become more prominent. We have become more connected than ever with the use of Edge devices and IoT keeping us online. However, this has led to a growth in employees using personal devices to access work applications and data, offering more access pathways for hackers to potentially get hold of confidential and sensitive data.

Additionally, we’ve also seen a significant evolution in next generation technology, especially AI. The use of Generative AI and other smart technology has disrupted the tech space, leading to a market that has become more diverse and accessible than ever. Although, this has been a double-edged sword, lowering the barrier for entry for impressionable cybercriminals, leveraging AI tools for more indiscriminate and wide-reaching attacks.

Insider compromise and Edge vulnerabilities

Insider threats have increased by 47% over the last two years, incurring a totals loss of US$15.38 million for the containment of these incidents. In fact, our research has identified that 45% of business compromises arise due to employee error, and almost two-fifths (39%) due to malicious insider threats.

There has been an increased need for organisations to look introspectively and work to plug internal vulnerabilities and protect internal systems. However, the increase in digitalised processes and connected devices in recent years has resulted in a significant shift within the threat landscape – especially when considering the often-overlooked realm of the Edge.

Businesses have never been more connected, and components like firewalls, routers and gateways offer a greater challenge to security teams than physical Edge device hardware. With implementation largely still being in its infancy, the Edge represents a new frontier for businesses and APT groups alike, and as a result, will be harder to navigate in 2024.

AI and accessibility, but in the wrong direction?   

2023 saw a shift into fifth gear for Generative AI and Machine Learning (ML) capabilities. Progress and innovation have been so dynamic and fast that we’ve seen the introduction of new legislation and regulation to discuss the possibilities and risks of the tech. While AI has certainly improved opportunities within the security industry, it can also have negative effects that we’ll need to be mindful of in 2024.

For instance, Generative AI has drastically eased the pathways for young individuals to enter the cybercriminal world. Whilst output can be rudimentary, open-source tools plug the skills gaps needed for code generation simplifying threat activity. At the same time, security professionals have needed to adapt to accommodate these tools and protect systems from more diverse threats.

We can also expect to see the use of Generative AI and innovative media generation continue to simplify and heighten the sophistication of social engineering initiatives. Threat actors are now able to enhance their phishing and vishing activity, creating convincing emails and realistic phone and video media to trick employees at all levels.  

Overall, in the year ahead, businesses will need to adapt and fortify their systems both with and from improved technology in the right way. Having greater scrutiny over the integration of Edge devices and making use of AI and ML to reinforce existing and legacy security infrastructure will be vital to protect them from unknown elements.

Dan Schiappa, Chief Product Officer, Arctic Wolf

Dan Schiappa, Chief Product Officer, Arctic Wolf

Most organisations have adopted some form of Generative AI, chatbot or Machine Learning-based tool into their environment this year, or plan to in the near future. While Generative AI promises to streamline work and improve efficiency in 2024, it will also present new challenges for IT and security teams.

Putting the ‘breaks’ on the AI race

Firstly, the old Silicon Valley adage ‘move fast and break things’ is all too relevant when it comes to AI adoption this year. Over 1-in-4 US dollars of start-up investment funding has gone to AI-related ventures in the US, while the UK is leading AI investment streams in Europe. The trend is unlikely to slow down, as EY reports 74% of UK CEOs are set to ramp up GenAI applications to avoid being left behind by competitors. However, the AI surge has serious implications if security is not embedded at the first opportunity.

The biggest concern when it comes to AI implementation is vulnerable code. 2024 will see cybersecurity AI budgets swell as teams learn more about the technology’s defence benefits and their own AI code’s vulnerabilities. With AI-powered coding tools often trained on public sources of code, security is an afterthought at best. Savvy companies should be focusing on patching up endpoints generated by these open-source products. They should also be conducting thorough reviews and testing while implementing clear company directives on how to use AI safely before AI models are upgraded or added to the network.  

Keeping up with AI-powered RaaS

As AI security plans develop, firms will also need to prepare themselves to combat new AI-powered attacks, particularly ones based around the Ransomware-as-a-Service (RaaS) model. 2023 saw RaaS explode in popularity, with ransomware incidents increasing by 46% during the first half of 2023, compared to the second half of 2022.

The RaaS business model has enabled threat actors to monetise intrusions and scale their businesses with specialised services, charging premiums to bypass specific security controls. There’s no reason to think this won’t continue – and expand – into 2024 with the help of new or improved AI tools. To mitigate the impact of a breach, leaders must understand what normal network flow and user behaviour looks like, making it easier to identify anomalies which could indicate potential intrusions.

2024 security resolutions

AI is set to revolutionise how both defenders and attackers work next year. However, it is crucial organisations don’t fall into the trap of prioritising speed over precision in their AI adoption, as this approach will result in more risks than benefits and the blame will fall squarely on executives’ shoulders. Instead, fully assess where AI can add value, and be aware of what sensitive information it could access. This will mean companies can reap the advantages of this powerful technology, while protecting themselves from any potential accidents.

Patrick Joyce, Global Resident Chief Information Security Officer, Proofpoint

Patrick Joyce, Global Resident Chief Information Security Officer, Proofpoint

In the ever-evolving landscape of cybersecurity, defenders find themselves navigating yet another challenging year. Threat actors persistently refine their tactics, techniques and procedures (TTPs), showcasing adaptability and the rapid iteration of novel and complex attack chains. At the heart of this evolution lies a crucial shift: threat actors now prioritise identity over technology. While the specifics of TTPs and the targeted technology may change, one constant remains: humans and their identities are the most targeted links in the attack chain. Looking ahead to 2024, the trend suggests that threats will persistently revolve around humans, compelling defenders to take a different approach to breaking the attack chain.

Cyber heists: Casinos are just the tip of the iceberg

Cybercriminals are increasingly targeting digital supply chain vendors, with a heightened focus on security and identity providers. Aggressive social engineering tactics, including phishing campaigns, are becoming more prevalent. The Scattered Spider group, responsible for ransomware attacks on Las Vegas casinos, showcases the sophistication of these tactics. The forecast for 2024 includes the replication and widespread adoption of such aggressive social engineering tactics, broadening the scope of initial compromise attempts beyond the traditional Edge device and file transfer appliances.

Generative AI: The double-edged sword

The explosive growth of Generative AI tools like ChatGPT, FraudGPT and WormGPT bring both promise and peril, but the sky is not falling as far as cybersecurity is concerned. While Large Language Models (LLMs) took the stage, the fear of misuse prompted the US President to issue an executive order in October 2023. On the flip side, more vendors will start injecting AI and LLMs into their products and processes to boost their security offerings. Across the globe, privacy watchdogs and customers alike will demand responsible AI policies from technology companies, which means we’ll start seeing responsibility statements being published. Expect both spectacular failures and more policies to emerge.

Mobile device phishing: The rise of omni-channel tactics take centre stage

A notable trend for 2023 was the dramatic increase in mobile device phishing and we expect this threat to rise even more in 2024. Threat actors are strategically redirecting victims to mobile interactions, exploiting the vulnerabilities inherent in mobile platforms. Conversational abuse, including conversational smishing, has experienced exponential growth. Multi-touch campaigns aim to lure users away from desktops to mobile devices, utilising tactics like QR codes and fraudulent voice calls. This not only makes phishing attacks more effective on mobile devices but also complicates detection for corporate security teams.

Open-source and GenAI: Levelling the ground for malware developers

Malware developers are leveraging open-source tools and GenAI, making advanced programming techniques accessible to a broader audience. As a result, malware capable of evading sandboxes and endpoint detection and response (EDR) tools is becoming more widespread. This democratization lowers the barrier to entry for less skilled developers, contributing to the proliferation of sophisticated malware families.

Identity-centric breaches: The achilles heel

Identity-based attacks will dominate breaches, exploiting vulnerabilities rooted in human behaviour and obscured by limited visibility. The conventional belief in cyberattackers relying on common vulnerabilities and exposures (CVEs) is losing relevance. The new truth: identity is the new vulnerability. Organisations must shift their focus from primarily fortifying infrastructure to securing stored credentials, session cookies, access keys and addressing misconfigurations, especially when it comes to privileged accounts (very much now including their IDPs). The human link in the attack chain demands swift and innovative defences.

Richard Starnes, CISO, Six Degrees

Richard Starnes, CISO, Six Degrees

Increased adoption of AI

As Artificial Intelligence continues to evolve, its use in cybersecurity and the wider IT estate will become more prevalent. AI will be employed increasingly for threat detection and response, enabling organisations to identify and mitigate cyberthreats more efficiently. This will also help address the shortfall in the levels of cybersecurity talent currently available. On the flipside, threat actors will increase their use of AI technologies to deliver more effective payloads in greater volume.

Rise in state-sponsored cyberattacks

We can expect a significant rise in state-sponsored and organised crime cyberattacks, particularly focusing on critical infrastructure and key industries. This will continue to lead to the exploitation of smaller companies further down the supply chain.

Rise in government regulation of the supply chain

Governments will continue to place emphasis on securing the supply chain with light touch frameworks, such as NCSC Cyber Essentials (UK) and NIST Small Business Cybersecurity Corner (US). Small companies will begin to be required to attest to at least compliance with one of these frameworks. This forms part of a wider effort on the part of national governments and organisations such as the EU, who are legislating to close a range of gaps in cybersecurity protection for businesses and individuals alike.

Greater emphasis on cloud security

With the continued migration to cloud services, we will see a greater emphasis on cloud security. Organisations will invest more in securing cloud environments, addressing vulnerabilities related to data storage and ensuring compliance with evolving regulations. This will also increase the premium on cloud security skills and put further pressure on organisations that find it difficult to recruit qualified and experienced security personnel. In this context, more organisations will choose to outsource cloud security to specialist third-party service providers.

Enhanced focus on insider threats

Insider threats will become a more pressing concern in 2024 as the economy contracts. Organisations will adopt more rigorous strategies to monitor and mitigate risks posed by employees and other insiders, including enhanced access controls and behaviour analysis to detect potential malicious activities. Organisations that fail to address the issues posed by insider threats will put themselves at greater risk of everything from operational disruption and financial instability to loss of IP or reputational damage.

Ghousuddin Syed, Vice President of Technology and Infrastructure, ISN

Ghousuddin Syed, Vice President of Technology and Infrastructure, ISN

How can businesses and the contractors they work with best protect against AI-driven cybercrime?

Cybercriminals and the professionals who defend organisations from them are consistently in conflict due to their opposing goals. The majority of attacks professionals see are not very complex or persistent. With AI now becoming commonplace in a cybercriminal’s arsenal, relatively inexperienced criminals leverage the power of AI to make their attacks much more complex and difficult to detect. But this doesn’t stop the professionals from leveraging AI defensively to help combat this influx of AI-driven cybercrime. In 2023, we’ve seen many cybersecurity solution providers enhance their tools with AI to increase threat detection and prevention capabilities. Businesses and contractors that constantly reassess risk through evaluation of the threat landscape and leverage the right security tools will be prepared for the adaptive nature of cybercrime. Common concerns we hear are about visibility into the operations and security posture of the contractors they work with.

Aside from AI-driven attacks, what other methods will be popular among cybercriminals in 2024?

AI-driven cyberattacks will be very prevalent in 2024, but looking into the past will give us insight into what else we can expect throughout 2024. One of the highest quality and publicly available resources regarding cyberattack statistics is Verizon’s Data Breach Investigations Report. The 2023 edition found that using stolen credentials, ransomware and phishing were some of the most popular attack vectors, but that’s of no surprise to anyone who has followed data breach specifics in the past. We are likely to see more of this in 2024 just as we have in the past several years. To prepare businesses and the contractors they work with for these 2024 threats, a good strategy is prioritising ahead of time where to allocate cybersecurity resources by determining what risks are most likely to occur and placing those in a risk register that outlines effective risk mitigation procedures.

Knowing critical infrastructure companies will be a big target for hackers, how can companies in this space best protect themselves? 

The best strategy for critical infrastructure is the same as for any organisation. That is to internally prioritise cybersecurity efforts across the business and choose a framework of best practices on which to base cybersecurity initiatives. Common frameworks to choose from are ISO 27001, NIST Cybersecurity Framework and COBIT. These are excellent starting points and as the organisation grows more mature in its cybersecurity posture, it can add additional controls on top of this foundation. The additional layers can give an organisation what we call a defence in depth strategy that has no single points of failure and provides valuable redundancy. Cybersecurity is a shared responsibility among all members of an organisation and the more it can instil foundational cybersecurity best practices into an organisation’s business processes, the more resilient the business becomes to attackers.

Browse our latest issue

Intelligent CISO

View Magazine Archive