Navigating the Cybersecurity Landscape in 2024: Key Trends and Threats

AI-Driven Social Engineering

Since the emergence of commercial Large Language Models (LLMs), the cybersecurity community has been abuzz with the possibilities these technologies offer to malicious cyber actors. Beyond facilitating sophisticated phishing attacks, AI enables the creation of deepfakes that can convincingly impersonate trusted sources. This represents a substantial threat, as these deepfakes can be used to manipulate and deceive individuals and organizations.

Currently, there is no definitive technological solution to counteract deepfakes. The prevailing advice emphasizes the importance of maintaining robust cybersecurity practices. The sophistication of AI algorithms allows them to evade detection, complicating efforts to defend against these threats.

AI is reshaping the landscape of social engineering. If 2023 was a year of recognizing this new threat and beginning to counteract it, 2024 promises to bring even greater challenges with more severe consequences.

Cybersecurity AI

Generative AI revolutionized artificial intelligence, taking many by surprise in late 2022. Even before this, threat actors had begun leveraging AI to launch novel attacks. The realization is now dawning that combating AI-driven attacks requires the use of AI itself — enter Cybersecurity AI. The rapid evolution of LLMs in 2023 left many executives unprepared, with no concrete plans to mitigate the adverse effects.

In 2024, organizations have no excuse for neglecting cybersecurity AI, especially for managing their attack surfaces. A significant area of concern is the increasing use of commercial AI tools by employees, which could lead to data leakage and exfiltration. Therefore, it is crucial to establish policies governing the acceptable use of AI tools.

National US Data Privacy Regulation

Corporations have long been frustrated by the complex patchwork of privacy laws in the United States. Different sectors, such as healthcare and financial services, are governed by specific regulations, and new privacy laws, particularly those aimed at protecting underage users, are constantly emerging.

The primary challenge, however, remains the absence of a federal data privacy regulation that applies nationwide. Adhering to the diverse privacy regulations of each state is exhausting for corporations. This contrasts sharply with the European Union, where 27 countries operate under a single data privacy law. The American Data Privacy and Protection Act represented a significant step toward a unified approach, but despite bipartisan support, it was never enacted.

In 2024, more state laws — notably in Florida, Texas, and Montana — are coming into effect. However, the call for a federal regulation persists. Given the increasing threat posed by AI, this year may finally see the establishment of a national data privacy law in the US.

Ransomware

In recent years, ransomware has emerged as a particularly lucrative form of cyber attack. While there was a period when it seemed the “good guys” were gaining the upper hand, the 2024 Ransomware Threat Landscape report revealed a surge in ransomware attacks towards the end of 2023.

There was a glimmer of hope in November when 50 members of the International Counter Ransomware Initiative pledged not to pay ransomware extortion demands. Although this policy declaration is not legally binding, it represents a significant step toward addressing this pervasive threat.

State-Sponsored Cyber Attacks

Barely two weeks into January, Microsoft detected a Russian state-sponsored attack against its systems, highlighting a persistent trend over the past few years. State-sponsored attacks are particularly dangerous because they threaten national security, compromise critical infrastructure, and escalate geopolitical tensions through espionage and other malicious activities.

Major international crises, such as the Russian-Ukraine war and the Israel-Palestine conflict, continue into 2024 with no signs of resolution. This underscores the need for concerted efforts by large corporations and governments to repel state-sponsored cyber attacks.

Passwords and Passkeys

Authentication has always been a significant challenge in cybersecurity. Despite the convenience issues posed by passwords, they have remained the most secure authentication standard. However, the corporate world may finally be ready to embrace a more secure, passwordless approach through passkey sign-on technology. This technology, tied to biometrics or hardware keys, eliminates the need for users to remember multiple passwords while ensuring a high level of security.

Although full adoption of passkey sign-on is still some time away, its implementation by major companies like Google, Apple, Microsoft, X, and Amazon, as well as various password management tools, signifies substantial progress. In 2024, significant strides are expected as passkeys become increasingly recognized as the global login standard. Nonetheless, passwords will not disappear entirely, so security measures in this area should not be abandoned.

Mobile Security

As mobile devices become integral work tools, cyber attacks targeting them have become more frequent. Google’s announcement at the end of last year that Android 14 will support passkeys was a significant development in mobile security. However, there is still much work to be done. According to Kaspersky, adware remains a major challenge, accounting for over half of mobile device risks. Phishing continues to be a significant issue as well.

According to Zimperium’s mobile security report for 2023, 80% of zero-day mobile exploits targeted iOS devices, while critical Android vulnerabilities saw a 138% year-over-year increase. Mobile operating system makers are committed to enhancing security in 2024, making this an area to watch closely.

Conclusion

The challenges in cybersecurity are ever-evolving. However, by staying ahead of the curve, organizations can avoid playing catch-up in a game where threat actors are continually advancing. By addressing these trends and threats, businesses can ensure they remain at the forefront of the cybersecurity landscape in 2024.