The Top 24 Security Predictions for 2024 (Part 2)

The Top 24 Security Predictions for 2024 (Part 2)

Where next for cyber in 2024? Here’s part two of your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.

Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 Security Predictions for 2024, I covered the top 15 cyber industry company reports and a summary of industry-wide security predictions.

In part two, we will cover: Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions or more, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these companies’ websites, read their full prediction reports and see the details on each item — often in video format. My goal is to point you in the right direction and encourage you to visit website links for more details.

16)?Delinea — Joe Carson, chief security scientist and advisory CISO at Delinea, offers another excellent list, and I am always impressed with his analysis and expertise. Delinea offers a great list of cybersecurity predictions in this piece: Delinea 2024 Predictions: Cyber in 2024 - AI, Cyber Insurance, Passwordless and Beyond. You can watch a short YouTube video from Joe on each of their predictions:

17) Chuck Brooks, Forbes Compilation — Chuck always delivers excellent content, and his piece in Forbes brings in unique analysis, including in space and quantum computing.

The article is called: “Artificial Intelligence, Quantum Computing, and Space are 3 Tech areas to Watch in 2024.” But first, take a look at this France24 article describing how after 50 years, the U.S. will return to the Moon on Jan. 25: “Takeoff is scheduled for December 24 from Florida aboard the inaugural flight of the new rocket from the ULA industrial group, named Vulcan Centaur. “The probe will then take ‘a few days’ to reach lunar orbit, but will have to wait until January 25 before attempting landing, so that light conditions at the target location are right, Thornton said. “The descent will be carried out autonomously, without human intervention, but will be monitored from the company’s control center.” Now to the prediction highlights from Chuck Brooks of Brooks Consulting International and Georgetown University: “Artificial Intelligence Is on the Cusp of Transforming Civilization: I think that in 2024 and onward there will be Malthusian scientific and technological advancements made possible via artificial intelligence.

These developments will certainly have a significant effect on our way of life, economics, and security. Due to the potential speed of AI's analytical capabilities, operational models in cybersecurity will change. Approaches to risk management will need to preserve business continuity and cyber-resilience. Integrating AI will be a cybersecurity imperative to manage new and increasingly complex threats. “Quantum computing is arriving sooner than we planned: In 2024, we must prepare for the exponential advantages and threats of quantum technology due to its potentially disruptive nature. More investment for R&D from the public and private sectors will be required as a result. For our emerging quantum future, quantum education and workforce development should also be planned for and put into action. “Space attacks: In the coming year, the security risk management of satellites and space will emerge as a top priority among both the public and private sectors. The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure. The emerging frontier of Space will need to be a high security priority for 2024.”

18) ZeroFox — In their report, 2024 Cybersecurity Trends – What’s in Store for 2024, we see the following, with key takeaways offered in their report under each category:

  • Social engineering keeps growing, taking advantage of the most complicated and persistent security weakness in any organization: people.
  • Ransomware and digital extortion still aren’t going anywhere. Ransomware continues to succeed in part because the primary delivery method remains phishing emails, and those will continue to improve as generative AI keeps improving those campaigns.
  • The deep and dark web continues to be critical real estate for cyber criminals. Compromised credentials, personally identifying information (PII), malware, and a plethora of tools and services are all for sale in cyber crime marketplaces.
  • Mis/Dis/Malinformation (MDM) is the existential threat of our times. The expanding ease of access to tools for creating convincing audio and video pushes this threat from the horizon to our doorstep.
  • Artificial intelligence threats are on the rise, as security analysts and threat actors alike adopt new generative AI and similar tools.
  • Cryptocurrency-related threats appear to be on the rebound, given rising cryptocurrency values, including Bitcoin rising 109 percent and Ethereum rising 52 percent so far in 2023. These rises are likely responsible for the 399 percent increase in cryptojacking year over year.
  • Threats to elections, including the 2024 U.S. presidential election, are an emerging trend. Multiple key elections taking place in 2024 are expected to drive an increase in various threat actor campaigns throughout the year.

They also say two areas are over-hyped: “These are topics everyone talks about even though most have no idea why (or if) we should be expending energy on them.

  • Nation-state threats remain scary, but are STILL not likely your top concern.
  • The metaverse continues to have interest beyond its current impact.”

Also see their ZeroFox Resources here, and their full report download here.?

19) Cobalt Labs — Cobalt offers a fascinating report, called Top Cybersecurity Statistics for 2024, featuring “90 cybersecurity statistics to provide a look at what we can expect in 2024 if the trends hold.” The report lists many current 2023 statistics, but at the same time outlines trends and forecasts for more stats in 2024. Here are a few to watch:

  • Worldwide cyber crime costs are estimated to hit $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures (Cybersecurity Ventures).
  • Cyber crime is predicted to cost the world $9.5 trillion in 2024, slightly lower than the projected growth rate (Cybersecurity Ventures).
  • Global cyber crime damage costs are expected to grow by 15 percent per year over the next two years, reaching $10.5 trillion annually by 2025 (Forbes).
  • For 2023, the United States continues to have the highest cost of a data breach at $5.09 million (IBM).
  • 75 percent of security professionals have observed an increase in cyber attacks over the past year (CFO).
  • According to Mordor Intelligence, the cybersecurity market size is estimated at $182.86 billion in 2023 and is expected to reach $314.28 billion by 2028, growing at a CAGR of 11.44 percent during the forecast period (2023-2028).

20) Cyber Ark — The CyberArk blog team offers Cybersecurity Predictions for 2024 and Beyond. Here’s what they say for 2024: “Session hijacking will take on an increasingly prominent attack role. … ’Even more organizations will shift to passwordless access management, from passkeys to MFA, to help thwart attacks. Threat actors will evolve their tactics in lockstep to dupe enterprise and third-party users, steal session cookies and bypass strong authentication mechanisms.

Their creativity will pay dividends; by 2024, session hijacking will account for 40% of all cyberattacks. Continued vigilance in securing, monitoring and responding to user sessions and cookies abuse/compromise is critical – especially with Google’s encouraging promise to wipe out cookies for good, never underestimate innovative attackers who will find another way.” “But 30% of organizations will pay for lax password protections: ‘Traditional credential theft will be less prevalent when passwordless takes hold and is used correctly. Yet, credential theft isn’t going away. Why? Organizations implementing passwordless authentication may require a backup factor, and many companies will fall back on insecure options – passwords. As security teams fight new fires, attackers will take advantage of lax password protections, and 30% of organizations will experience an increase in data breaches linked to credential theft.’ “55% of enterprises will expedite tech consolidation to simplify security: ‘Most organizations’ IT and security environments are already too expansive, complicated and difficult to manage. Teams are rarely skilled in every tool they must cobble together with other ones, forcing them to hire or bring in outside experts. And since each platform focuses on specific things and overlap with others, teams struggle to see – let alone understand – every potential vulnerability and threat in their cloud-centric environments. Missed SLAs, spiraling overheads and dangerous security drift will push 55% of enterprises to accelerate tech consolidation. They’ll aim to simplify operations and maximize existing resources by working with fewer vendors and systems.’” Here’s the CyberArk three-year look:


21) ?Qualys — Via enterprisesecuritytech.com, Qualys offers a solid set of predictions called Qualys 2024 Cybersecurity Forecast: Streamlining, AI Support, and Soft Skill Emphasis. Jonathan Trull, chief security officer at Qualys, writes, “CISOs are increasingly under pressure to quantify cyber risk in financial terms to C-suite and boardroom. “De-risking the business and reducing cyber risk has become a central focus of executive stakeholders, from the CEO to the board of directors. CISOs find themselves in a challenging position – under immense pressure to address critical issues, while working with budget constraints that are tighter than ever. They are tasked with doing more with less. CISOs are being pushed more into the conversation of the financial impact of cyber risk. They need to be able to measure cyber risk in terms of financial risk to the business, communicate that effectively to the C-suite and boardroom, and eliminate the most significant risks expediently. The CISOs that succeed in these areas will be the ones that last in their roles.” Other predictions include:

  • CISOs will go from consolidation to simplification around security
  • Skill issues will force more hands around AI deployments
  • Education and soft skills will get more focus ?

See also this Qualys list from and ITBrief Australia. Also, this YouTube video From Qualys, with IDC included.

22) NortonLifelock — A surprisingly strong list from NortonLifelock’s cybersecurity predictions for 2024. I encourage you to read their commentary on AI and GenAI. Here’s how they start: “As we stand on the brink of 2024, the nature of cyber threats is undergoing a profound transformation: We are now expecting the threat landscape to be filled with frequent, highly individualized attacks in 2024. The advancement of artificial intelligence (AI) will notably enable the development of sophisticated tools. Criminals will use these tools for targeted messaging in victims' languages, enhancing manipulation. “Next year, we anticipate ransomware and scams that are designed to manipulate individuals emotionally. As we navigate this changing landscape, our predictions for the next year offer insights into the challenges ahead, as well as the measures we can adopt to fortify our digital defenses.” Here are some of NortonLifeLock’s non-AI predictions: Digital blackmail will evolve and become more targeted.

  • Ransomware will become more complex and damaging.
  • Evolving attack methods: exploiting VPN and cloud infrastructure.
  • Diversification of extortion methods beyond encryption.

Threat delivery will become more sophisticated on mobile:

  • Instant loans as a lure into blackmail and extortion.
  • Trojanized chat apps with spyware and stealing modules.
  • Shifts in the delivery techniques of mobile threats.

Rising threats in the cryptocurrency sphere:

  • An increased focus on crypto wallets by cyber criminals.
  • Malware as a service will continue to evolve.
  • Vulnerabilities in crypto exchanges and cross-currency transactions.

23) Threatlocker & G2 — Start with this G2 piece: “2024 Trends: Embracing Human-Centric Security in an Automated World.” They lead with: “Security solutions will protect organizations through human behavior, not AI capabilities, in 2024.” Next, “an increasing number of reviewers achieve ROI at a progressively faster rate.” I really like this Threatlocker video featuring Chase Cunningham, known as Dr. Zero Trust, from G2:

https://www.youtube.com/watch?v=6_ao8yFg2Ms&t=1s

They lead with election security against China and Russia for the U.S. Excellent Threatlocker solution resources are here.

24) FTI ConsultingAn excellent set of 10 Global Cybersecurity Predictions for 2024 that has solid references. Here are their items, but see the details at their website:

  • Election Security Making Headlines
  • A Two-Sided Approach to Artificial Intelligence
  • Widespread Adoption of Zero-Trust Architecture
  • Cities Integrating IoT into Critical Infrastructure
  • Increasing Cybersecurity Supply Chain Risks
  • Third Party Scrutiny Taking Priority for Compliance Officers
  • The Start of Significant Fines From Australian Regulator
  • Corporate Responsibility Shifting to Individuals
  • Organizational Transparency Surrounding Cybersecurity
  • Emergence of Incentivized Cybersecurity

BONUS: SIX MORE CYBER TRENDS AND SECURITY PREDICTION REPORTS

25) SolutionsReview.com2024 Cybersecurity Predictions from Industry Experts Here are the beginnings of three of their industry expert predictions: John Stringer, head of product at Next DLP: “In 2024, AI will better inform cybersecurity risk prevention decision-making. Elsewhere, disgruntled employees may lash out at stricter working-from-home policies as insider threats loom. …" Steve Wilson, chief product officer at Exabeam: “Companies are under constant assault and frankly, the cybersecurity sector is failing customers. Businesses, government agencies, healthcare installations and more are in the unfair position of being attacked from the outside by nation state actors, while employees exfiltrate and sell company data from the inside. …” Darren Shou, chief strategy officer at RSA Conference: “While not new for 2024, mental health challenges will continue for many in the cybersecurity industry who are overworked and underappreciated. The stress that cyber employees endure day in and day out to secure vital systems, companies and individuals is only compounded and exacerbated by the skills gap shortage that our industry faces. …”

26) F5 F5 2024 Technology Outlook: A duo of trends is converging and promises to drive significant change in security in 2024:

  • The Convergence of Security and Observability
  • The Rise of AISecOps

But more interesting, perhaps, are the technologies that are enabling observability, security, and AI. These are the technologies that make new capabilities and use cases possible and are driving us toward convergence much faster than would otherwise be possible:

  1. eBPF
  2. APIs
  3. GraphQL
  4. DPUs

27) Barracuda — Cyberthreat predictions for 2024 from Barracuda’s security frontline A very good roundup of top Barracuda experts in a different format with Q&A. Here’s how they begin: “Predicting the future is difficult, but you can anticipate what is likely to happen by looking at how things have evolved over the past year. This year again, Barracuda asked colleagues who work on the security frontline, from XDR and offensive security to international product experts, our own security operations team, and more, about the things they witnessed in 2023 and expect to see in 2024.” Predictions of note:

  • “Attackers are shifting toward small and mid-market businesses as they are aware of the increased digitization and lack of cybersecurity professionals in the market.
  • Attackers will keep exploiting the weakest links within businesses. As always, cybercriminals are interested in the path of least resistance. This means organizations need to make sure they have an overarching strategy ready to deal with all vectors rather than focus on one.
  • I see two trends. The first one is the continuation of the usual threat vectors as attackers know that companies are both understaffed with inexperienced IT teams and grappling with possibly legacy, outdated, or misconfigured solutions. The second one is the natural evolution of technology — as we enhance our security assets with AI-based solutions, we are automatically creating new attack vectors that are crafted based on the quality of results of generative AI itself.”

28) FastCompany — 5 cybersecurity predictions for 2024 — The topics are common, but the explanations are unique and worth reading.

  • Advanced phishing
  • AI-powered scams
  • Increase in supply chain attacks
  • Deployment of malicious browser extensions
  • Changing demographics brings more threats

29) Security Scorecard Predictions for AI and Cybersecurity in 2024 Looking Ahead to the New Year

  • The rise of specialized language models in cybersecurity
  • Threat actors will use AI to get ahead
  • AI governance will dominate legislative agendas

You can also view this video from Security Scorecard and Help Net Security.

30) Bernard Marr in ForbesThe 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now” Here are his top five items:

  • The Cyber Security Skills Crunch
  • Generative AI Adopted on Both Sides of the Battle
  • Next-Level Phishing Attacks
  • Cybersecurity in the Board Room
  • Cyber Resilience — Beyond Cybersecurity

?

For the rest of this article, including the honorable mention reports and awards, please visit the original blog at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-24-security-predictions-for-2024-part-2

?

?

Aashima Sharma

Senior Digital Marketing Specialist- Data Dynamics

7 个月

Thanks for sharing part two of security predictions, Dan! It's absolutely concerning to see the whole "deception as a service" concept and how AI-powered deepfakes and phishing campaigns sound like a major challenge for security teams.?Curious to see what kind of countermeasures the experts recommend.

Charles Grindle, Ph.D. ??

Helping governments Protect People and Defend Data! Executive Advisor, Public Sector, Proofpoint

8 个月

Dan Lohrmann thank you for the insights and I see so far that no one has plagerized! ??

回复
Debbie Reynolds

The Data Diva | Data Privacy & Emerging Technologies Advisor | Technologist | Keynote Speaker | Helping Companies Make Data Privacy and Business Advantage | Advisor | Futurist | #1 Data Privacy Podcast Host | Polymath

8 个月

Dan Lohrmann thank you

回复
Anil Yendluri

IT, Cybersecurity & GRC - Independent Consultant

8 个月

Thank you for sharing this insightful information

回复
Joseph Costantini

SME- Retired (1/31/2024)

8 个月

Nicely done Dan Lohrmann, et al. It is getting very interesting -- increasingly many believe that future attacks may well be directed at individuals as opposed to groups or companies. We have seen the beginnings of this trend with people of fame including movie stars, musicians, and others ... but now, it maybe you who is the next target. This already began a while back with telephone scams; 'Ring, click -Hello, Dan how are you doing today..." Next we may well see that move to digital media but less obvious... I think we must be on guard!

要查看或添加评论,请登录

Dan Lohrmann的更多文章

社区洞察

其他会员也浏览了