On an annual basis, I evaluate the forecasts of the cybersecurity sector for the upcoming year and present rankings, synopses, patterns, accolades, and more. As we draw closer to the midway point of 2024, and approximately six months since I unveiled The Top 24 Security Predictions for 2024 (Part 1), it is prudent to conduct a follow-up and assess the current situation.
During June, the Gartner Security & Risk Management Summit typically reveals some fresh forecasts and trends while several prominent companies also issue groundbreaking reports and predictions. This blog will delve into a selection of these.
Before delving deeper, let’s revisit the predominant themes from my 2024 report in mid-December 2023:
KEY THEMES FOR 2024
The cybersecurity industry prediction reports for 2024 underscore key concepts.
- The era of artificial intelligence (AI) will bring about revolutionary changes, both advantageous and detrimental. Here are a few specific AI and Generative AI (GenAI) forecasts:
- A surge in cyber attacks, with malicious actors utilizing GenAI tools to pinpoint vulnerabilities in critical sectors.
- The introduction of more AI threat actors, AI threat vectors, and AI code assistants leading to additional vulnerabilities (BeyondTrust).
- Employing AI-based cyber defense will become imperative for enterprises to remain competitive.
- BYOAI (Bring Your Own AI) strategies will be adopted by 60% of entities due to the lag in enterprise solutions (Forrester).
- Shadow AI will expand alongside governance challenges.
- The swift and widespread adoption of GenAI tools will be fueled by productivity gains.
- Increased regulations, laws, policies, data privacy, and ethics guidelines on the appropriate usage of AI.
- An increase in sophisticated deepfakes and business email compromise (BEC) instances using GenAI for attacks.
- Heightened occurrences of voice and video impersonations, featuring specific accents, and targeted executive account takeovers through social media and personal accounts.
- Proliferation of various attacks targeting LLMs.
- CISOs will witness an augmentation in authority and an expanded role over the next few years (Gartner).
- Global election-related cyber attacks will take center stage. Specifically:
- Dissemination of misinformation concerning elections on social media platforms.
- Cyber attacks on voting machines and virtual platforms.
- Compromises on data related to voter lists, individuals, procedures, and technology.
- Heightened cyber attacks in the realm of space, encompassing broader programs, a cyber arms race in space involving satellites and other advanced vehicles.
- Ransomware is evolving and expanding, infiltrating and targeting ID management through sophisticated phishing tactics and social media breaches.
- Instances of accessing systems using breached credentials instead of hacking. This data is procurable on the dark web due to numerous data breaches over the years.
- An upsurge in supply chain attacks, evolving to target developers through software package managers (Google Cloud).
- The cyber insurance market will persist in expanding and evolving, with most reports suggesting that prices will stabilize.
- Attacks focusing on hybrid and multicloud environments will mature and grow in impact (Google Cloud). Additionally, there will be more instances of cloud-native worm attacks (Trend Micro).
- Hackers will turn to blockchain for new hunting territories and extortion strategies. The surge in bitcoin and other cryptocurrencies will lead to fresh crypto wallet breaches.
- An uptick in hacktivism, with more instances tying hacktivism to APTs (Kaspersky).
- An increase in groups involved in the “hacker for hire” sector (Kaspersky).
- Misinformation dissemination will experience significant growth, as establishing and maintaining trust remains a challenge (Gartner).
- Upsurge in next-level cyber attacks employing a “go big or go home” mentality (Fortinet).
- New technologies like QR codes and VR headsets will be targeted in various ways (Watchguard).
- Wider implementation of zero-trust models.
- Rise in attacks on global events — such as the 2024 Summer Olympics in Paris — to garner attention.
SPOT ON!
Unquestionably, we have witnessed several significant data breaches and ransomware attacks in 2024, aligning with many predictions:
Wired:Ransomware Is ‘More Brutal’ Than Ever in 2024
CyberNews: Mother of all breaches reveals 26 billion records: what we know so far
TechCrunch: United Healthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack
CBS News: What customers should know about AT&T’s massive data breach
Reuters: US lawmakers grill Microsoft president over China ties, hacks
Axios: About 165 orgs may have been affected in Snowflake incident
We have observed a surge in hacktivism during the first half of 2024, as evidenced by these articles:
The Hacker News: A New Age of Hacktivism
TechTarget: Recorded Future observes ‘concerning’ hacktivism shift
Forbes: Hacktivism On The Rise: Protecting Critical Infrastructure Is Top Priority
MorningStar: 2024 Intel 471 Cyber Threat Report Reveals Emerging Hacktivist and Adversary Strategies in the Cyber Underground
Furthermore, worldwide cyber attacks targeting elections are intensifying:
The Register: Russian hacktivists vow mass attacks against EU elections
EuroNews: Dutch cyberattacks latest in EU election campaign marred by disruption violence
The newest developments in the EU election campaign have been overshadowed by disturbances and turmoil
Politico: Taiwan hit with cyberattacks prior to election
Missouri Independent: Federal warnings issued to state election officials before November
Moving forward as anticipated are trends in zero-trust adoption:
The Stack: FBI unveils Zero Trust adoption plans with an $8 billion IT budget
GovCon Wire: DOD aims to expedite Zero Trust Adoption Deadline
Dark Reading: Zero Trust adoption gaining momentum in the Gulf Region
Another accurately predicted top story for 2024 involves cyber attacks in space:
Politico: Authorities brace for a new era of cyber threats targeting satellites
The Conversation: Challenges in cybersecurity for satellites amid growing threats to space-based infrastructure
Forbes: The Growing Global Concern of Cyber-Securing Space Systems
NOT SO MUCH (AT LEAST NOT YET)
The expectation of growth in cyber insurance is facing obstacles, with numerous state and local governments opting for self-insurance due to expenses. However, the market is evolving:
Risk & Insurance: U.S. Cyber Insurance Market to Experience Tightening in 2024
SC Media from RSAC 2024: Key cyber insurance trends, pitfalls, and guidance
Munich RE: 2024 Cyber Insurance Risks and Trends
Incidents of supply chain attacks have been relatively restrained this year so far, with some notable cases, such as this article: Sisense Breach Highlights Increase in Significant Supply Chain Attacks. The Change Healthcare cyber assault affecting nationwide prescriptions could also be viewed as a distinct type of supply chain problem.
There are several other domains we could delve into within this category. Nonetheless, it might be premature to draw conclusions regarding 2024 trends and cyber attacks. Some areas, like the USA elections, Paris Olympics, and other forthcoming events, will become clearer in the latter part of 2024.
GARTNER SECURITY AND RISK MANAGEMENT SUMMIT 2024
Numerous new perspectives were introduced at the most recent Gartner Security and Risk Management Summit in National Harbor, Md. Here are a few noteworthy discussions that can be watched on YouTube.
Three notable forecasts from this presentation:
- 58 percent of board directors anticipate increasing their risk tolerance between 2024 and 2025.
- 58 percent prioritize digital technology initiatives among their top-five business objectives in the next two years.
- 93 percent of project managers sense pressure to expedite delivery.
Overall, this discussion elaborates on the drive for greater decentralized control in risk management across business sectors.
Two other recent discussions:
OTHER MIDYEAR FORECASTS OF NOTE
I’d like to emphasize a few other intriguing reports for your perusal. Firstly, we have this LinkedIn post by Anil Yendluri. I appreciate his infographic and his key insights:
- The worldwide end-user spending on cloud services is forecasted to reach $700 billion by 2024.
- By 2025, there will be 3.5 million unfilled cybersecurity positions globally.
- The global zero-trust cybersecurity market is projected to hit $133 billion by 2032.
- Ransomware attacks will incur victims costs of $265 billion by 2031.
Also from Yendluri:
- Cyber Resilience Will Take Center Stage in 2024
- Assaults on Cloud Services
- Escalating IT Skills Gap and Rising Demand for Soft Skills
- Surge in IoT (Internet of Things) DevicesUsing 5G Connectivity
- Artificial Intelligence and Machine Learning
- Secure Cybersecurity Measures
- Global State-Backed Conflict
- Evolving Deceptive Tactics
- Enhanced Verification Processes
- Ever-Adapting Malware
- Mobile Security
- Smart Vehicles
- Increase in Internal Security Risks
- Transition from Cybersecurity to Cyber Resilience
Secondly, I am grateful for Corey Munson for sharing this article on LinkedIn from Tech Brew which highlights the looming threat of bank fraud due to GenAI cyber assaults. The article titled Banks could lose billions to AI scammers, Deloitte predicts includes this statement:
“The consultancy predicts that generative AI could enable losses from fraud to reach $40 billion in 2027 — up from $12.3 billion in 2023 — a compound annual growth rate of 32 percent.”
What’s striking about these projections (or you may prefer “forecasts” or “trends”), is the advantage the malevolent entities are poised to gain over the righteous. The notion here is that losses are expected to skyrocket, which counters the narrative propagated by many cyber firms claiming that AI and GenAI will decrease losses.
Lastly, Helen Yu shared an informative infographic on LinkedIn outlining Gartner’s top-nine cybersecurity trends in mid-2024. For more details, you can visit her post.
FINAL THOUGHTS
During my research for this blog, I stumbled upon a YouTube video by Conquest Cyber from a Gartner Security and Risk Management Summit two years ago. It captured my attention as I appeared in several clips, including the thumbnail.
My message? In our interconnected world dominated by “live streaming,” one cannot predict where they may appear at events.
Lastly, I found an intriguing post on CNBC titled Microsoft employees’ cybersecurity contributions will impact their compensation. The key takeaways are:
- For senior Microsoft executives, 33% of their bonuses’ “individual performance” segment in the upcoming fiscal year will be linked to an evaluation of their cybersecurity efforts, as per Brad Smith, the company’s president, prior to a U.S. House committee hearing.
- Employees will discuss their cybersecurity contributions with their managers in bi-annual reviews that influence their overall compensation.
The fundamental message: In mid-2024, everyone is prioritizing cybersecurity, and their remuneration hinges on successful resilience initiatives. Indeed, a step forward in my opinion.
About Author
