The Top 24 Security Predictions for 2024 (Part 1)
Dan Lohrmann
Cybersecurity Leader | CxO Advisor | Bestselling Author | GT Blogger: 'Lohrmann on Cyber' | Global Keynote Speaker | CISO Mentor
Where next for cyber in 2024? Here’s your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.
Every December, global experts examine trends and international focus areas for the next 12 months and beyond. For 2024, top topics range from upcoming elections to regional wars to space exploration to advances in AI.
And with technology playing a more central role in every area of life, annual cybersecurity prediction reports, cyber industry forecasts and advanced research on cyber threat trends and data breaches are more important than ever before. Indeed, as predicted back in 2016 , the annual growth in the breadth, depth, value and impact of security industry predictions continues unabated.
Naysayers will ask: How accurate are these security predictions? It is an important question to keep considering, especially as we are wrapping up a year in which generative AI (GenAI) stole the show — despite little mention last December. (Before you dig into the 2024 predictions, take a look back at what did make the list for 2023 .)
But answering that question about security prediction accuracy is akin to putting all financial advisers in the same category. Indeed, we have bears and bulls and middle-of-the-road “buy and hold” pragmatists in the cybersecurity industry as well. An appropriate response is generally, “It depends.”
Put simply, new year forecasts are varied, but many companies stand out for their in-depth research, reports, trend analysis and more. Nevertheless, the combined research, data and expert analysis contained in these reports is nothing short of staggering — and very helpful.
While the top cybersecurity industry reports are well-refined, clearly presented documents with video support and more, other forecasts, predictions and trends are buried in YouTube videos, conference overviews and online webcasts that are highly informative, but difficult to find.
Gartner, Forrester, IDC, IBM Security and others have excellent prediction and trend materials that normally cost hundreds or thousands of dollars to buy or to access via a subscription. They are included in my annual analysis only when referenced materials are freely available via link. In fact, I encourage you to read the details at the references provided to learn more.
COMMON THEMES FOR 2024
For 2024, security industry prediction reports highlight common themes: AI will revolutionize everything and everyone — for better and for worse. Here are some specific predictions around AI and GenAI:
CISOs will get more power and a broader role for several years (Gartner). Election cyber attacks globally will be center stage. Specifically:
- More cyber attacks in space, including overall programs, cyber arms race in space including satellites and other next-generation vehicles.
- Ransomware growing and evolving, gaining access and targeted ID management using more sophisticated phishing and social media compromises.
- Use of breached credentials to log in rather than hack in. This data is available for sale on the dark web from many years of data breaches.
- Supply chain attacks will grow and evolve with developers targeted in supply chain attacks via software package managers (Google Cloud).
- Cyber insurance market will continue to grow and evolve. Most reports say prices will stabilize.
- Attacks targeting hybrid and multicloud environments will mature and become more impactful (Google Cloud). There will also be more cloud-native worm attacks (Trend Micro).
- Attackers will look to blockchain for fresh hunting grounds and extortion plans. Also, with the rise of bitcoin and other cryptocurrencies, there will be new crypto wallet attacks.
- Growth in hacktivism, with more hacktivism tied to APTs (Kaspersky).
- More groups in the “hacker for hire” business (Kaspersky). - “Malinformation” will grow dramatically, as trust is hard to gain and keep (Gartner).
- Next-level cyber attacks with a “go big or go home” approach (Fortinet).
- New tech, such as QR Codes and VR headsets, attacked in various ways (Watchguard).
- Zero-trust models will be more widely implemented. - Attacks on global events — for example, the 2024 Summer Olympics in Paris to gain attention will increase.
THE TOP 24 SECURITY PREDICTIONS REPORTS FOR 2024 FROM SECURITY INDUSTRY COMPANIES
Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions or more, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these companies’ websites, read their full prediction reports and see the details on each item — often in video format. My goal is to point you in the right direction for more details and solution-specific research.?
1) Google Cloud/Mandiant — This team never disappoints, and they have climbed into the top position for the first time ever with a global set of forecasts, predictions and global security trends that are simply outstanding. For this year, they offer Cybersecurity Forecast 2024: Insights for Future Planning .
They also outline four broad trends in this helpful infographic .
They also outline four broad trends in this helpful infographic .
Google Cloud organizes their report differently than others with an opening section on AI and nation-state threat actors, including “The Big Four” of China, Russia, North Korea and Iran. Only then do they issue global forecasts in many areas, along with a regional forecast. Here are their top global trends, with more details in their document.
Their themes are described here in this video:
Also, see these related Google Cloud Cybersecurity Forecast 2024 videos:
2) Trend Micro once again offers an excellent report that fought for the top prize with an amazing report entitled Critical Scalability: Trend Micro Security Predictions for 2024 . Trend Micro’s presentation, references, detailed descriptions of each prediction and overall approach to this report sets them apart again, but they have shortened their material, which dropped them slightly into the second slot for 2024.
领英推荐
Here’s how Trend Micros opens: “On the heels of a year marked by technological leaps, 2024 is poised to be a hotbed for new challenges in cybersecurity. In a fluctuating economic and political terrain where nearly everything from bank transactions to kidnapping has gone digital, enterprises seeking a strategic advantage have come to rely on the likes of artificial intelligence and machine learning (AI/ML), the cloud, and Web3 technologies. The headwinds from these innovations, which offer use cases for defenders and malicious actors like, inevitably herald turbulent times ahead.
“Amid the ongoing conflicts in Ukraine 1 and the Middle East 2 weighing heavily on global leaders, the political landscape is set to be a minefield of cyberthreats that can have far-reaching consequences, with parties from all sides seeking to sway public opinion and shape the course of political events. As the EU, US, and Ukraine gear up for their respective upcoming elections, such electoral periods will prove to be fertile ground for politically motivated cyberattacks, carefully crafted disinformation campaigns, and espionage orchestrated through a web of AI-powered tools and social platforms.” Here are their top five themes:
If you don’t want to read Trend Micro’s full report, here is a summary with a paragraph under each topic .
3) WatchGuard again wows with an amazing security prediction report, including interesting videos — and even a new blooper reel that wins the most creative twist for 2024. I also like their historical look and grading of themselves from last year’s predictions .
Their report is entitled WatchGuard’s 2024 Cybersecurity Predictions , and they lead with these top six items (see details at links):
Also, don’t miss WatchGuard’s prediction bloopers .
4) Kaspersky — Kaspersky’s APT predictions always offer an abundance of amazing security and privacy material for the new year. Once again, their forecasts and predictions are harder to find than many of their competitors’. I rank Kaspersky so high on this list due to the huge amount of research and excellent material that is well-thought-out and timely from a global perspective. They also offer many siloed reports on different topics and in different regions around the world.
We start with their Kaspersky’s Advanced Persistent Threats Predictions for 2024 (much more specific detail at every link).
I also like this overseas take on one of their items on AI-Powered Impersonation : “Emerging AI tools can streamline spear-phishing message production, even enabling the mimicry of specific individuals, the report warned. Attackers may devise creative automation methods by gathering online data and feeding it to large language models to craft letters in the style of a person connected to the victim. “The report noted that threat actors will likely broaden their surveillance efforts, targeting consumer devices through vulnerabilities and silent exploit delivery methods, including zero-click attacks through messengers, one-click attacks via SMS or messaging apps and network traffic interception.”
5) Fortinet continues to impress with their Cyberthreat Predictions for 2024: An Annual Perspective from FortiGuard Labs .
Fortinet leads with the evolution of old favorites , but quickly pivots to ”Fresh Threat Trends to Watch for in 2024 and Beyond”: “Next-level playbooks: … Looking ahead, we predict attackers will take a ‘go big or go home’ approach, with adversaries turning their focus to critical industries—such as healthcare, finance, transportation, and utilities—that if hacked, would have a sizeable adverse impact on society and make for a more substantial payday for the attacker. They’ll also expand their playbooks, making their activities more personal, aggressive, and destructive in nature.
“It's a new day for zero days: … We've observed a record number of zero days and new Common Vulnerabilities and Exposures (CVEs) emerge in 2023, and that count is still rising. Given how valuable zero days can be for attackers, we expect to see zero-day brokers—cybercrime groups selling zero days on the dark web to multiple buyers—emerge among the CaaS community.
“Playing the inside game: … We predict that attackers will continue to shift left with their tactics, reconnaissance, and weaponization, with groups beginning to recruit from inside target organizations for initial access purposes.
“Ushering in 'we the people' attacks: … We expect to see attackers take advantage of more geopolitical happenings and event-driven opportunities, such as the 2024 U.S. elections and the Paris 2024 games.
“Narrowing the TTP playing field: Attackers will inevitably continue to expand the collection of tactics, techniques, and procedures (TTPs) they use to compromise their targets.
“Making space for more 5G attacks: … A successful attack against 5G infrastructure could easily disrupt critical industries such as oil and gas, transportation, public safety, finance, and healthcare.”
?
?
For the rest of this security prediction report for 2024 - part 1, along with detailed reports with predictions from the next 10 companies, see the original article at the ‘Lohrmann on Cybersecurity’ blog at Government Technology Magazine:
?
?
?
?
Senior Digital Marketing Specialist- Data Dynamics
6 个月Fantastic insights, Dan! Your predictions offer a balanced view on the exciting yet worrying possibilities of AI advancement. The promise of AI in enhancing security measures and productivity is undeniable, yet the threats posed by advanced cyberattacks and deepfakes cannot be overlooked. As AI technology continues to develop at a breakneck pace, it's imperative to uphold ethical principles and ensure inclusive decision-making processes. Thank you for this thoughtful discussion, which encourages a cautiously optimistic approach. By harnessing the positives of AI and simultaneously tackling its challenges head-on, we're on the path to creating a safer and fairer future.
Attended Mirgonj hat College
9 个月?? 需要我的中国公司和大买家Dally可用无限 ??2014 电子邮件 Gv 可用,无限制 新?? gv 可用 ??2014年邮箱gv可用 ??2010-22 gmail gv 可用 旧??/新 Textnow (TN) 可用 ICloud??帐户可用 ??(2010-14)-(2010-18)(2019-22)-23 旧/新 Gmail 可用 Taliktone 帐户每天可出售 1-2k。 ?? Line 2 账户可供出售。 ?? krispcall 账户可供出售。 ?? Facebook bussessis 帐户可用 ?? LinkedIn 新旧 100+200+500+1000+3000 出售 10 年 LinkedIn 可用 ?? Domain Gv 每天可售 5-7k。 ?? 开放电话可用 ??dialpad 帐户每天可出售 1-2k。 ??长期生意需要真正的买家 付款接受Btc、trx、Usdt,接受付款,必须先付款 ??WhatsApp +8801757422299 ??Skype:.live:live:.cid.52a88d7338b23111 ??微信:wxid_3shqxnhlqqxo22 ??电报:@Gvsellar62
SME- Retired (1/31/2024)
10 个月Thank you Dan Lohrmann; very helpful - Nothing about quantum? That is interesting. "Predicting is difficult, especially when it is about the future." --Niels Bohr (and Yogi Berra). Particularly appropriate today? Have a great year!
Sales Director, SLED East at Abnormal Security
10 个月Particularly agree with your statement: “Use of AI-based cyber defense is a must for enterprises to keep up” It will be AI vs. AI. Here are a couple of examples on the AI defense front: https://youtu.be/2mL9iDr_lUY?si=mLU4xK2baDvfQPOh https://siliconangle.com/2023/11/15/taniums-new-ai-service-aims-streamline-cybersecurity-operations-endpoint-management/
Scariest is voting machine vulnerabilities.