H2 2024 Predictions Scorecard

As 2024 concludes, the year's predictions have shaped the present and set the stage for the future, emphasizing the importance of prioritizing proven predictions and understanding them as potential realities, not mere probabilities.

As the year draws to a close, I am revisiting the nine predictions I made at the start of the year. In the July edition, I assessed their accuracy and found that all nine were correct based on evidence and events from the first half of 2024. Now, I am reviewing events from the second half of the year to determine if these predictions continued to be accurate, posing substantial business risks, disrupting social life, and impacting national economies.?

In early December, PIH Health suffered a ransomware attack that disrupted communication systems across its hospitals in Los Angeles and Whittier. Around the same time, the Brain Cipher ransomware group allegedly stole 1 TB of data from Deloitte UK, following a prior hack of the giant accounting firm by IntelBroker in September.

In November, Chinese hackers targeted telecom companies in the U.S. and other countries, affecting at least eight major firms, including Verizon, AT&T, and T-Mobile. They gained access to private texts and phone conversations of millions of Americans, including senior government officials and prominent political figures.

Major global cyber incidents included a ransomware attack on Blue Yonder, affecting clients like Starbucks and UK grocery chains Morrisons and Sainsbury's. Uganda's Central Bank reported unauthorized transfers of about 62 billion Ugandan shillings (around $16.8 million), with insider involvement suspected. Additionally, the cities of Hoboken and Columbus, and the Port of Seattle faced ransomware attacks disrupting municipal operations and public services.

Besides cyber threats, businesses face numerous challenges. Geopolitical tensions, especially in the Middle East and the Russia-Ukraine war, continue to disrupt global supply chains. Rising interest rates and slowing economic growth have forced companies to tighten budgets and focus on cost efficiency. Protectionist policies have further complicated international trade, prompting businesses to reevaluate their strategies.?

Ransomware gangs continue to wreak havoc worldwide, targeting sectors like telecoms, healthcare, automotive, government, and entertainment, and demanding substantial ransoms.

The Scorecard

As the year unfolds, my predictions continue to occur. After extensive research and analysis, I am thrilled to present the H2 2024 Predictions Scorecard.

Ransomware Gangs Joint Venture:

Ransomware gangs continue to wreak havoc worldwide, targeting sectors like telecoms, healthcare, automotive, government, and entertainment, and demanding substantial ransoms. In July, there were 60 publicly disclosed attacks, a 58% increase from 2023, and August saw a record 63 attacks, with 30% targeting the healthcare sector. In September, the ShinyHunters hacking group breached AT&T’s systems, stealing millions of customer call records.

Ransom payments have surged, and attack complexity has increased due to new ransomware strains, advanced techniques, and the growth of Ransomware-as-a-Service (RaaS). RansomHub RaaS was behind attacks on Stillwater Mining, Kawasaki Motors, and Rite Aid, while its affiliate, CosmicBeetle, disrupted Europe and Asia. Established gangs like Medusa and Cloak offer lucrative profit-sharing schemes, with Medusa providing up to 90% and Cloak offering 85%, without requiring an initial payment to join as an affiliate.

Increased Government Regulation:

Governments are enacting regulations to control the export of emerging technologies and tighten cybersecurity and data protection. In October, the U.S. Department of the Treasury issued final regulations targeting AI, semiconductors, and quantum computing investments involving China due to national security concerns. Similarly in October, China published comprehensive export controls to regulate dual-use items and foreign-produced items incorporating Chinese-origin technology.

The U.S. Department of Justice issued a notice of proposed rulemaking (NPRM) to restrict or prohibit the bulk transfer of certain sensitive data to individuals or entities associated with six “countries of concern.” The European Union's Network and Information Security (NIS2) Directive and the Cyber Resilience Act (CRA) went into effect, both aimed at strengthening cybersecurity resilience for critical infrastructure and a wide range of everyday hardware and software products across the EU.

AI to Accelerate Business Risk:

AI’s rapid expanded adoption has heightened business risks in data privacy, security, ethical and legal areas. A recent Deloitte report reveals that over 60% of S&P 500 companies view AI as a significant risk multiplier. These risks, spanning cybersecurity, regulatory, intellectual property, ethical, and reputational concerns, highlight the growing complexity and challenges AI poses to risk management for large corporations.

Dependence on AI and the introduction of groundbreaking features continue to introduce risks. A California federal court allowed a job applicant to proceed with a discrimination lawsuit against Workday’s AI-based hiring tool after over 100 employers rejected him, alleging bias against his race, age, and disability status. The BBC criticized Apple for a false headline generated by Apple Intelligence, while Microsoft's Recall feature raised concerns by capturing sensitive data despite its "Filter sensitive information" setting.

Supply Chain Disruptions:

One of the most significant supply chain disruptions in the second half of 2024 was the CrowdStrike outage, considered one of the largest IT outages in history. This incident affected over 8.5 million systems globally and cost Fortune 500 companies more than $5.4 billion. Other notable events included a targeted hardware attack in the Middle East and a massive supply chain attack on websites using Polyfill.io.

Other non-IT supply chain disruptions occurred. Hurricane Helene hit the Gulf Coast, causing catastrophic flooding that shut down major ports across the South for weeks, leading to nationwide delays. A prolonged dockworkers' strike at major East Coast ports paralyzed container traffic. Surging fuel prices in the third quarter, driven by geopolitical instability, significantly impacted supply chain logistics.

Global Adoption of Deglobalization:

Deglobalization trends intensified due to policies and geopolitical shifts. Governments introduced new trade restrictions and tariffs, particularly in response to rising geopolitical tensions and national security concerns. For instance, the U.S. imposed additional tariffs on imports from certain countries to protect domestic industries and reduce dependency on foreign supply chains.?

China boosted domestic production and reduced reliance on foreign technology by heavily investing in its semiconductor industry. Similarly, India increased tariffs on certain imports and promoted its "Make in India" initiative to encourage local manufacturing and reduce dependency on foreign goods. These measures reflect a broader trend towards economic self-sufficiency and reduced global interdependence.

Explosion of Influence Operations:

Foreign influence significantly impacted local politics worldwide. Russia, China, and Iran intensified efforts to sway public opinion and disrupt the electoral process in the U.S. through disinformation campaigns and cyberattacks. In Europe, Russian influence was notable, with allegations of election interference and support for far-right politicians. China expanded its influence operations beyond the Asia-Pacific region, targeting elections in Europe to deepen political divisions.?

Influencers, with their large followings, can unwittingly amplify messages, share specific content, or spread misinformation, significantly impacting their audience's views. The EU requested TikTok to provide more information regarding Romanian intelligence files suggesting Moscow coordinated influencers to promote presidential candidate Calin Georgescu, who unexpectedly became the front-runner. Declassified files indicate a pro-Russia campaign used Telegram to recruit thousands of TikTok users to support Georgescu.

Cybersecurity AI - The War of Smart Machines:

AI remains pivotal in both cyberattacks and defense strategies. Integrated across sectors, AI introduces new cyber threats like deepfake fraud, sophisticated phishing, and disinformation. Conversely, AI enhances cybersecurity with innovations in real-time threat detection and AI-driven countermeasures. Mantis, an experimental counter-offensive system, combats malicious AI probes using deceptive techniques by emulating targeted services and sending back prompt-injection attacks upon detecting automated attackers.

AI-Engineered Social Unrest:

AI has significantly amplified social unrest globally. AI-powered social media bots targeted specific communities with inflammatory content, often controlled by foreign adversaries and local extremists to exploit social tensions and provoke conflicts. During the U.S. presidential race, AI-generated deepfakes and fake images spread disinformation and manipulated public opinion. Furthermore, AI created and disseminated false narratives, further polarizing societies and undermining democratic processes.

The United Kingdom experienced riots following a tragic stabbing in Southport. AI played a significant role in escalating the unrest by rapidly disseminating misinformation and amplifying extremist narratives. AI-generated images circulated on social media, falsely linking the attack to religious and ethnic minorities. AI-driven algorithms further exacerbated the situation by promoting emotionally charged content, leading to widespread false claims about the attacker's identity and motives. These narratives fueled anti-immigration sentiments and protests targeting mosques and hotels housing asylum seekers.

Man-Machine Workforce:

AI continues to redefine the workforce. While AI displaces human workers, and Artisan's provocative billboard campaign with slogans like "Stop Hiring Humans" highlights this shift, labor shortages remain high. However, more workers are turning to AI to boost their careers. Robotics adoption has increased across industries such as food and beverage, building and construction, and manufacturing. Companies like Tesla and Agibot are testing humanoid robots to further integrate machines into the workforce.

Moving Towards What is Next

As 2024 concludes, the year's predictions have shaped the present and set the stage for the future. With many sources now forecasting 2025, it is crucial to focus on two key aspects: prioritizing predictors and models with proven track records to concentrate on critical insights, and understanding that predictions are potential realities, not mere probabilities. While not every prediction will materialize, failing to take proactive steps to mitigate potential threats would be a serious oversight.

These predictions provide organizations with insights into potential risk areas, helping them prioritize and deploy suitable safeguards. Continuous review of security measures and risk controls is crucial for reducing cyber risks and other business threats. By focusing on relevant predictions, organizations can enhance their defenses against potential threats, ensuring long-term sustainability and profitability. As the threat environment evolves, businesses must remain vigilant and proactive in their approach to cybersecurity and other risks.

With many sources now forecasting 2025, it is crucial to focus on two key aspects: prioritizing predictors and models with proven track records to concentrate on critical insights, and understanding that predictions are potential realities, not mere probabilities.