The Top 24 Security Predictions for 2024 (Part 2)
Dan Lohrmann
Cybersecurity Leader | CxO Advisor | Bestselling Author | GT Blogger: 'Lohrmann on Cyber' | Global Keynote Speaker | CISO Mentor
Where next for cyber in 2024? Here’s part two of your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.
Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 Security Predictions for 2024, I covered the top 15 cyber industry company reports and a summary of industry-wide security predictions.
In part two, we will cover: Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions or more, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these companies’ websites, read their full prediction reports and see the details on each item — often in video format. My goal is to point you in the right direction and encourage you to visit website links for more details.
16)?Delinea — Joe Carson, chief security scientist and advisory CISO at Delinea, offers another excellent list, and I am always impressed with his analysis and expertise. Delinea offers a great list of cybersecurity predictions in this piece: Delinea 2024 Predictions: Cyber in 2024 - AI, Cyber Insurance, Passwordless and Beyond. You can watch a short YouTube video from Joe on each of their predictions:
17) Chuck Brooks, Forbes Compilation — Chuck always delivers excellent content, and his piece in Forbes brings in unique analysis, including in space and quantum computing.
The article is called: “Artificial Intelligence, Quantum Computing, and Space are 3 Tech areas to Watch in 2024.” But first, take a look at this France24 article describing how after 50 years, the U.S. will return to the Moon on Jan. 25: “Takeoff is scheduled for December 24 from Florida aboard the inaugural flight of the new rocket from the ULA industrial group, named Vulcan Centaur. “The probe will then take ‘a few days’ to reach lunar orbit, but will have to wait until January 25 before attempting landing, so that light conditions at the target location are right, Thornton said. “The descent will be carried out autonomously, without human intervention, but will be monitored from the company’s control center.” Now to the prediction highlights from Chuck Brooks of Brooks Consulting International and Georgetown University: “Artificial Intelligence Is on the Cusp of Transforming Civilization: I think that in 2024 and onward there will be Malthusian scientific and technological advancements made possible via artificial intelligence.
These developments will certainly have a significant effect on our way of life, economics, and security. Due to the potential speed of AI's analytical capabilities, operational models in cybersecurity will change. Approaches to risk management will need to preserve business continuity and cyber-resilience. Integrating AI will be a cybersecurity imperative to manage new and increasingly complex threats. “Quantum computing is arriving sooner than we planned: In 2024, we must prepare for the exponential advantages and threats of quantum technology due to its potentially disruptive nature. More investment for R&D from the public and private sectors will be required as a result. For our emerging quantum future, quantum education and workforce development should also be planned for and put into action. “Space attacks: In the coming year, the security risk management of satellites and space will emerge as a top priority among both the public and private sectors. The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure. The emerging frontier of Space will need to be a high security priority for 2024.”
18) ZeroFox — In their report, 2024 Cybersecurity Trends – What’s in Store for 2024, we see the following, with key takeaways offered in their report under each category:
They also say two areas are over-hyped: “These are topics everyone talks about even though most have no idea why (or if) we should be expending energy on them.
Also see their ZeroFox Resources here, and their full report download here.?
19) Cobalt Labs — Cobalt offers a fascinating report, called Top Cybersecurity Statistics for 2024, featuring “90 cybersecurity statistics to provide a look at what we can expect in 2024 if the trends hold.” The report lists many current 2023 statistics, but at the same time outlines trends and forecasts for more stats in 2024. Here are a few to watch:
20) Cyber Ark — The CyberArk blog team offers Cybersecurity Predictions for 2024 and Beyond. Here’s what they say for 2024: “Session hijacking will take on an increasingly prominent attack role. … ’Even more organizations will shift to passwordless access management, from passkeys to MFA, to help thwart attacks. Threat actors will evolve their tactics in lockstep to dupe enterprise and third-party users, steal session cookies and bypass strong authentication mechanisms.
Their creativity will pay dividends; by 2024, session hijacking will account for 40% of all cyberattacks. Continued vigilance in securing, monitoring and responding to user sessions and cookies abuse/compromise is critical – especially with Google’s encouraging promise to wipe out cookies for good, never underestimate innovative attackers who will find another way.” “But 30% of organizations will pay for lax password protections: ‘Traditional credential theft will be less prevalent when passwordless takes hold and is used correctly. Yet, credential theft isn’t going away. Why? Organizations implementing passwordless authentication may require a backup factor, and many companies will fall back on insecure options – passwords. As security teams fight new fires, attackers will take advantage of lax password protections, and 30% of organizations will experience an increase in data breaches linked to credential theft.’ “55% of enterprises will expedite tech consolidation to simplify security: ‘Most organizations’ IT and security environments are already too expansive, complicated and difficult to manage. Teams are rarely skilled in every tool they must cobble together with other ones, forcing them to hire or bring in outside experts. And since each platform focuses on specific things and overlap with others, teams struggle to see – let alone understand – every potential vulnerability and threat in their cloud-centric environments. Missed SLAs, spiraling overheads and dangerous security drift will push 55% of enterprises to accelerate tech consolidation. They’ll aim to simplify operations and maximize existing resources by working with fewer vendors and systems.’” Here’s the CyberArk three-year look:
21) ?Qualys — Via enterprisesecuritytech.com, Qualys offers a solid set of predictions called Qualys 2024 Cybersecurity Forecast: Streamlining, AI Support, and Soft Skill Emphasis. Jonathan Trull, chief security officer at Qualys, writes, “CISOs are increasingly under pressure to quantify cyber risk in financial terms to C-suite and boardroom. “De-risking the business and reducing cyber risk has become a central focus of executive stakeholders, from the CEO to the board of directors. CISOs find themselves in a challenging position – under immense pressure to address critical issues, while working with budget constraints that are tighter than ever. They are tasked with doing more with less. CISOs are being pushed more into the conversation of the financial impact of cyber risk. They need to be able to measure cyber risk in terms of financial risk to the business, communicate that effectively to the C-suite and boardroom, and eliminate the most significant risks expediently. The CISOs that succeed in these areas will be the ones that last in their roles.” Other predictions include:
See also this Qualys list from and ITBrief Australia. Also, this YouTube video From Qualys, with IDC included.
22) NortonLifelock — A surprisingly strong list from NortonLifelock’s cybersecurity predictions for 2024. I encourage you to read their commentary on AI and GenAI. Here’s how they start: “As we stand on the brink of 2024, the nature of cyber threats is undergoing a profound transformation: We are now expecting the threat landscape to be filled with frequent, highly individualized attacks in 2024. The advancement of artificial intelligence (AI) will notably enable the development of sophisticated tools. Criminals will use these tools for targeted messaging in victims' languages, enhancing manipulation. “Next year, we anticipate ransomware and scams that are designed to manipulate individuals emotionally. As we navigate this changing landscape, our predictions for the next year offer insights into the challenges ahead, as well as the measures we can adopt to fortify our digital defenses.” Here are some of NortonLifeLock’s non-AI predictions: Digital blackmail will evolve and become more targeted.
Threat delivery will become more sophisticated on mobile:
领英推荐
Rising threats in the cryptocurrency sphere:
23) Threatlocker & G2 — Start with this G2 piece: “2024 Trends: Embracing Human-Centric Security in an Automated World.” They lead with: “Security solutions will protect organizations through human behavior, not AI capabilities, in 2024.” Next, “an increasing number of reviewers achieve ROI at a progressively faster rate.” I really like this Threatlocker video featuring Chase Cunningham, known as Dr. Zero Trust, from G2:
They lead with election security against China and Russia for the U.S. Excellent Threatlocker solution resources are here.
24) FTI Consulting — An excellent set of 10 Global Cybersecurity Predictions for 2024 that has solid references. Here are their items, but see the details at their website:
BONUS: SIX MORE CYBER TRENDS AND SECURITY PREDICTION REPORTS
25) SolutionsReview.com — 2024 Cybersecurity Predictions from Industry Experts Here are the beginnings of three of their industry expert predictions: John Stringer, head of product at Next DLP: “In 2024, AI will better inform cybersecurity risk prevention decision-making. Elsewhere, disgruntled employees may lash out at stricter working-from-home policies as insider threats loom. …" Steve Wilson, chief product officer at Exabeam: “Companies are under constant assault and frankly, the cybersecurity sector is failing customers. Businesses, government agencies, healthcare installations and more are in the unfair position of being attacked from the outside by nation state actors, while employees exfiltrate and sell company data from the inside. …” Darren Shou, chief strategy officer at RSA Conference: “While not new for 2024, mental health challenges will continue for many in the cybersecurity industry who are overworked and underappreciated. The stress that cyber employees endure day in and day out to secure vital systems, companies and individuals is only compounded and exacerbated by the skills gap shortage that our industry faces. …”
26) F5 — F5 2024 Technology Outlook: A duo of trends is converging and promises to drive significant change in security in 2024:
But more interesting, perhaps, are the technologies that are enabling observability, security, and AI. These are the technologies that make new capabilities and use cases possible and are driving us toward convergence much faster than would otherwise be possible:
27) Barracuda — Cyberthreat predictions for 2024 from Barracuda’s security frontline A very good roundup of top Barracuda experts in a different format with Q&A. Here’s how they begin: “Predicting the future is difficult, but you can anticipate what is likely to happen by looking at how things have evolved over the past year. This year again, Barracuda asked colleagues who work on the security frontline, from XDR and offensive security to international product experts, our own security operations team, and more, about the things they witnessed in 2023 and expect to see in 2024.” Predictions of note:
28) FastCompany — 5 cybersecurity predictions for 2024 — The topics are common, but the explanations are unique and worth reading.
29) Security Scorecard — Predictions for AI and Cybersecurity in 2024 Looking Ahead to the New Year
You can also view this video from Security Scorecard and Help Net Security.
30) Bernard Marr in Forbes — “The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now” Here are his top five items:
?
For the rest of this article, including the honorable mention reports and awards, please visit the original blog at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-24-security-predictions-for-2024-part-2
?
?
Senior Digital Marketing Specialist- Data Dynamics
7 个月Thanks for sharing part two of security predictions, Dan! It's absolutely concerning to see the whole "deception as a service" concept and how AI-powered deepfakes and phishing campaigns sound like a major challenge for security teams.?Curious to see what kind of countermeasures the experts recommend.
Helping governments Protect People and Defend Data! Executive Advisor, Public Sector, Proofpoint
8 个月Dan Lohrmann thank you for the insights and I see so far that no one has plagerized! ??
The Data Diva | Data Privacy & Emerging Technologies Advisor | Technologist | Keynote Speaker | Helping Companies Make Data Privacy and Business Advantage | Advisor | Futurist | #1 Data Privacy Podcast Host | Polymath
8 个月Dan Lohrmann thank you
IT, Cybersecurity & GRC - Independent Consultant
8 个月Thank you for sharing this insightful information
SME- Retired (1/31/2024)
8 个月Nicely done Dan Lohrmann, et al. It is getting very interesting -- increasingly many believe that future attacks may well be directed at individuals as opposed to groups or companies. We have seen the beginnings of this trend with people of fame including movie stars, musicians, and others ... but now, it maybe you who is the next target. This already began a while back with telephone scams; 'Ring, click -Hello, Dan how are you doing today..." Next we may well see that move to digital media but less obvious... I think we must be on guard!