Expert Cybersecurity Predictions for 2024: What Does the Next Year Hold?

KEY TAKEAWAYS

Experts provide their 2024 cybersecurity predictions for insights on SaaS vulnerabilities, AI's dual role, and the strategic evolution of CISOs in the face of IoT expansion and IT-OT convergence.

As we prepare to embark on a journey into 2024, the cybersecurity landscape presents a kaleidoscope of emerging predictions shaping the future of digital security.

In this article, we explore the insights of leading experts, ranging from seasoned industry veterans to pioneers in cybersecurity technology.

With a focus on integrating artificial intelligence (AI) in cybersecurity, the expansion of the Internet of Things (IoT), and the convergence of IT and OT (operational technology), we explore the dimensions of cybersecurity as it stands on the brink of significant transformation in 2024.

Key Takeaways

  • The rapid adoption of SaaS applications creates significant security blind spots, demanding urgent attention from organizations.
  • Cybercriminals increasingly use psychological tactics, leveraging the anxiety caused by mandatory cyberattack disclosures to sow chaos and confusion.
  • While AI and ML enhance efficiency, they also open doors for cybercriminals to exploit vulnerabilities on a larger scale.
  • The role of CISOs is becoming more crucial, equating their responsibility for cybersecurity with that of other top executives in organizations.
  • CISOs need a documented system of record demonstrating their duty of care to protect themselves from the fallout of breaches.
  • The blending of IT and OT environments presents new cybersecurity challenges, increasing the surface area for potential threats.

SaaS Breaches and Psychological Operations Will Take Center Stage

Ariel Parnes, retired Colonel of the Israel Defense Forces’ 8200 Cyber Unit and COO at Mitiga, believes that SaaS breaches will take center stage in 2024. He believes the rapid adoption of numerous SaaS apps, sometimes with no visibility or control by the organization (“Shadow SaaS”), has created blind spots in many environments.

The lack of visibility and control, coupled with these apps’ access to sensitive data, makes them attractive targets for cyber adversaries. Organizations must address these risks urgently, as SaaS applications are fast becoming the Achilles heel in cybersecurity.

As the digital landscape evolves, Parnes also predicts that 2024 will witness a significant uptick in cyber criminals’ adoption of psychological operations.

Advertisements

The new SEC regulations, which mandate quicker disclosure of cyberattacks, will inadvertently fuel this trend. Criminals, recognizing the heightened anxiety these disclosures cause, will increasingly leverage psychological tactics to amplify chaos, exert pressure, and sow confusion.

Parnes paints a bleak picture where attackers might threaten data releases, spread misinformation, or employ other manipulative strategies to exploit organizational vulnerabilities.

With the stakes higher than ever, organizations must improve readiness, both technologically (by having the appropriate tools to create the situational awareness needed during a crisis and remove the inherent fog of war) as well as psychologically (by training leaders and employees to deal with this new type of warfare).

The days of generic phishing attempts are gone; the future lies in hyper-personalized attacks that resonate deeply with individual targets.

Finally, Parnes shared how advanced AI will drive sophisticated social engineering in 2024. Criminals equipped with these cutting-edge AI capabilities will harness vast amounts of open-source intelligence (OSINT) to craft highly tailored and effective campaigns.

Balancing Act: AI in Cybersecurity Will Play Both Offence and Defence

While AI and machine learning enable us to do what we do faster and more efficiently, bad actors will similarly benefit from the ability to identify and exploit more vulnerabilities and weaknesses at a grander scale. Jeff Reich, Executive Director at the Identity Defined Security Alliance (IDSA), also predicts that consumers will continue to fall victim to data breaches and identity theft next year.

The 5-decade industry veteran predicts continued complications with identities and identity management. He highlights the inconvenient truth that the number of identities and credentials used by every individual and those no longer used or abandoned grows daily.

This management challenge will only grow as we progress through 2024. Tools will help only after the proper management and processes are established.

On a positive note, security leaders will start using AI to conduct routine and repetitive tasks and functions within security. Success will come to those who learn the finesse of what tasks need to be escalated out of the AI space and, most importantly, why and how those tasks benefit the organization.

Election Security in the Age of AI

Ed Skoudis, President of SANS Technology Institute and faculty at IANS Research, warns business leaders to be vigilant around the inevitable rise of malicious AI-generated content.

With the backdrop of an election year, nefarious individuals will create fake content, including deep fakes and an overwhelming volume of misleading textual and photographic information. This onslaught aims to confuse and manipulate voters. The repercussions may include rumors, innuendo, and potentially spear-phishing and other targeted attacks against political parties and candidates.

Another trend is the susceptibility of AI systems to hacking. In 2023, we witnessed user data leakage within AI chat systems. Skoudis predicts we’ll see a rise in deliberate attacks targeting these systems, mainly through their application programming interfaces (APIs).

These APIs – which empower AI systems with various capabilities – have not yet received the required cybersecurity scrutiny. Expect attackers to exploit API vulnerabilities to access and steal user information within the AI systems.

The Boardroom’s New Guardian: The Elevated Role of CISOs

When asked for his cybersecurity predictions, Scott Kannry, CEO and Co-Founder at Axio, believes that CISOs will assume an elevated position in the boardroom in 2024 – whether they like it or not. He believes that we witnessed a tectonic shift in the role of the CISO this year, highlighted by the SEC’s cyber rules and the latest SEC actions against SolarWinds.

READ MORE:

SolarWinds warned that the SEC’s actions will damage the cybersecurity profession. The reality is that cybersecurity will take its place in an organization’s fiduciary responsibilities in 2024, making the individual ultimately responsible for cybersecurity on the same plane as CFOs, CEOs, and the other directors and officers of the organization.

If cyber leaders want to take on this responsibility (and burden), they will have to be reasonably informed of the cyber risks the organization faces and be able to communicate those risks to investors. If they don’t take responsibility, the organization will be forced to appoint someone to bear this burden.

This role will become responsible for understanding cyber risks and developing strategy, working closely with the technical leader to execute that strategy. In this scenario, a Business Information Security Officer (BISO) becomes the responsible party, while the CISO serves as the technical leader.

Organizations will finally understand, without question, that cyber is a key organizational risk, mainly when laid out in financial terms. Executive teams and board members will need to understand the types of cyber events that can happen to the organization and the economic impact of these events. This understanding is critical to meeting the SEC’s expectations and communicating effectively with investors.

As we venture into 2024, the cybersecurity landscape is not just about defence mechanisms but also strategic foresight and accountability. Kannry underscores a pivotal shift in how security leaders and organizations are expected to approach cyber risks, emphasizing the importance of informed decision-making and transparency in their cybersecurity strategies.

Security leaders and organizations demonstrating a well-informed understanding of the risk and showing a reasonable and defensible decision-making trail have fulfilled their fiduciary responsibilities, even if a significant cyber event occurs.

Those who can’t demonstrate this understanding or choose to obscure an adverse cyber event or how they prepared for it will see more investigations and significant fines from the SEC and other entities.

The CISO’s New Shield: Systems of Record in the Age of Breaches

Nicole Sundin, CPO at Axio, also believes that the spotlight will be placed on CISOs in 2024 and that they will need a system of record to protect themselves from the fallout of breaches.

She advises that with CISOs being elevated to the boardroom to discuss these risks, they will need a system of record to protect themselves and demonstrate duty of care.

Currently, CISOs make difficult choices and act as they see necessary—but these may or may not be documented. By having a source of truth or a system of record, CISOs can better protect themselves. Otherwise, we will continue to see high-profile incidents where a CISO who doesn’t have this in place takes the fall.

ChatGPT and other AI models might have overtaken the technology world in 2023. But Sundin warns that while business leaders were keen to adopt these technologies to augment the workforce, these technologies assume a lot of risk for the organization.

CISOs are pressured to approve and support adopting emergent technology but are often the “no” to these advances. These “no’s” come with good reason but are not understood due to the sociotechnical gap. In 2024, CISOs must convey risk and reasoning in language the rest of the business understands.

Securing the IoT Frontier

As we explore our cybersecurity predictions, we anticipate several key developments that will shape how we protect and manage data in 2024.

We’ll likely see more advanced forms of encryption to protect data in transit, increased use of AI for threat detection, and a push for standardized security protocols across devices. There may be more regulatory requirements for IoT security to ensure consumer protection.

As IoT devices proliferate, Jan Miller, CTO of OPSWAT, believes that security is becoming an increasing concern.

There is undoubtedly a critical need for robust network security, user education, and specialized teams to address the unique risks the expanding IoT ecosystem poses.

Businesses must focus on securing their networks, educating users on security best practices, and possibly employing dedicated security teams to manage IoT-related risks. IoT expansion will create a larger attack surface as many manufacturers prioritize functionality and cost-efficacy over security.

The Convergence of IT and OT in Cybersecurity

Bryson Bort, CEO and Founder at SCYTHE and faculty at IANS Research, shares his concerns about the increasing convergence of OT and IT environments. This convergence extends beyond industrial and business operations and into our daily lives.

We often don’t realize that we interact with OT components in the workplace, from electricity and water to elevators and security cameras.

Bort warns that the boundary between IT and OT is becoming less distinct as the invisible aspects of the Internet of Things (IoT) blend into our environments. This expanded overlap presents defensive and offensive opportunities and challenges in cybersecurity.

The surface area for potential cybersecurity threats is increasing, even for those who may not have initially recognized their engagement with OT. As these domains continue to merge, collaborative efforts to secure this growing attack surface are critical.

Ethics, Privacy, and Cybersecurity

Larry Whiteside JR, CISO at RegScale, expects countries to begin collaborating on setting standards for the responsible development and deployment of AI technologies, focusing on ethics, privacy, and security. This international cooperation will help mitigate the risks associated with AI, such as algorithmic bias, data integrity, and autonomous cyberattacks.

On a global level, the interconnected nature of our digital world has made international cooperation on cybersecurity a pressing concern. The need for unified regulations has become even more apparent with the rise of AI and its increasing integration into various sectors.

Whiteside also predicts that the growing convergence of AI and cybersecurity will likely drive regulations that ensure AI-driven security measures. The need for unified regulations has become even more apparent with robustness and transparency. These regulations will place a premium on ethical AI practices and protection.

READ MORE:

Cybersecurity Predictions: The Bottom Line

As we close this comprehensive exploration of 2024’s cybersecurity predictions, it’s evident that the landscape is rapidly evolving, marked by significant challenges and opportunities.

From the heightened role of CISOs in the boardroom to the intricate dance of AI and cybersecurity, the insights from industry experts paint a picture of a future where vigilance, innovation, and strategic foresight are paramount.

The convergence of IT and OT, the proliferation of IoT devices, and the international push for ethical AI regulation underscore a common theme: the need for robust, informed, and proactive approaches to cybersecurity.

As we step into this future, these insights serve as a guiding light, illuminating the path for businesses, leaders, and individuals navigating digital security’s complex and ever-changing realm.

FAQs

What is the future of cybersecurity?

What will cybersecurity look like in 5 years?

What is the prediction for cybersecurity in 2024?

Advertisements

Related Reading

Related Terms

Advertisements
Neil C. Hughes

Neil is a freelance tech journalist with 20 years of experience in IT. He’s the host of the popular Tech Talks Daily Podcast, picking up a LinkedIn Top Voice for his influential insights in tech. Apart from Techopedia, his work can be found on INC, TNW, TechHQ, and Cybernews. Neil's favorite things in life range from wandering the tech conference show floors from Arizona to Armenia to enjoying a 5-day digital detox at Glastonbury Festival and supporting Derby County.  He believes technology works best when it brings people together.