Top Cybersecurity Trends For 2024 — From Ransomware to AI

In recent years, businesses have increased their cybersecurity spending and enhanced security measures to stay ahead of cybercriminals.

Whether it is users leaving themselves unprotected through weak passwords or not using a trusted VPN, or companies leaving security gaps at the edge of a network, there are many holes to be exploited out there.

However, threat actors have also improved their techniques, making it a never-ending battle between those aiming to protect their data and those trying to steal it.

Organizations must prepare for the new and recurring cyber threats that aim to bring them to their knees — which is tough in an industry with a dire shortage of cybersecurity experts.

Here are the top nine cybersecurity trends for 2024 from industry experts.

Key Takeaways

  • Organizations must ensure that they prepare for the new and recurring cybersecurity threats that aim to bring them to their knees.
  • Ransomware and malware remain among the most significant threats, while AI will help no-coders plan attacks at scale, and deepfakes will likely lure many more victims to scams.
  • The role of CISOs will continue to grow in importance and will require operators to be comfortable in the boardroom.

Top 9 Cybersecurity Trends in 2024

9. Ransomware Continues to Be the Number One Threat as Gangs Go Global

They’ve come roaring back after a lull in the frequency of ransomware attacks, and they’re matching previous years in frequency, says Richard Halm, cybersecurity attorney at Clark Hill.

Advertisements

“Ransomware will continue to be the number one threat for organizations in 2024, and these ransomware groups will continue to become more sophisticated in both their attack techniques and targeting,” he says.

Despite repeated federal efforts, the only event that has managed to slow the pace of ransomware attacks was the start of the Russia/Ukraine war.

“As illustrated by the MOVEit attack, ransom groups, such as Clop, are growing more sophisticated in their targeting,” Halm says.

Malicious actors are explicitly hunting third-party tools and software providers with vulnerabilities that they can then leverage to compromise several targets efficiently and simultaneously.

He adds:

“Other groups, such as Scattered Spider, are pushing the bounds of what the cybersecurity community thought was possible with social of engineering – they are using social engineering techniques to gain unfettered access to entire organizations.”

Until last year, ransomware gangs consisted of (almost) exclusively Eastern European or Russian individuals, Halm says.

“This year, that trend has been shifting slightly,” he says. “The highly successful Scattered Spider group is believed to consist of individuals from the United States and the United Kingdom.”

And the LAPSUS$ group, known for its attacks on Microsoft, Nvidia, Samsung, Uber, Rockstar Games, and Okta, is believed to consist of individuals in the United Kingdom and South America, according to Halm.

“This broadening of these criminal gangs opens new avenues of attack,” he says. “For example, one of the reasons Scattered Spider’s social engineering attacks were so successful is that its members are believed to be individuals from Western societies.”

This gives them an understanding of the social norms that a ransomware gang comprised of Russians wouldn’t have, making their social engineering attempts more effective.

“Given the financial windfall from successful ransomware attacks, expect to see a more diverse group of ransomware gangs emerge in 2024,” Halm says.

8. Shift in the Dynamic Between CISOs and CIOs

At many companies, the CISOs and the CIOs are not 100% in alignment.

“The CISO’s team creates security policy, and the CIO’s team enforces it,” says Arthur Lozinski, CEO and co-founder at Oomnitza, a provider of enterprise technology management solutions. “One is responsible for sharing information in an organization, while the other controls access to it.”

They also tend to have conflicting budgetary needs. As they both come under the same division and one reports to the other, the CISO’s budget is a line item of the CIO’s budget even though they have inherently different needs, he says.

All too often, security is considered independent or siloed into the broader organization rather than a core part and embedded in every IT or business process development, Lozinski says. The results of all this misalignment are project delays and budget overruns.

“But in technology-first companies and especially in cloud-first companies, we predict process automation projects will play an increasingly important role in helping CIOs and CISOs align by providing a clean slate that can include security by design into these new and improved processes,” he says.

Since the cloud is driving many of these automation projects, we see it as a critical frontier for fostering better CIO/CISO alignment and collaboration, he adds.

“If they cannot see eye to eye, watch out to see how that plays out in 2025,” he says.

7. The Impact of AI/GenAI on Cybersecurity

One of the cybersecurity future trends revolves around the effect artificial intelligence (AI) and generative AI (GenAI) will have on the industry.

With AI and GenAI becoming accessible to everyone at low cost, there will be more and more attacks on the cloud that GenAI enables,  says Chen Burshan, CEO of Skyhawk Security.

“This will impact how offensive security is being done to fit the changing landscape of risk and will impact categories such as CTEM [continuous threat exposure management], BAS [breach and attack simulation], pen testing, etc.,” he says. “While this change may take more than a year to fully show itself, 2024 will mark the beginning of this change.”

In addition, malicious actors will continue to up their game when manipulating users through social engineering in attempts to breach computer security, says Brandon Leiker, principal solutions architect and security officer at 11:11 Systems, a managed infrastructure solutions provider.

“GenAI enables these bad actors to carry out more intelligent and personalized phishing campaigns against their unwitting victims,” he says.

“And deepfake technology is continuing to advance, making it increasingly more difficult to discern whether something, such as an image or video, is real.”

Cybersecurity attorney Halm agrees.

“Threat actors will be able to use AI to efficiently mass produce precisely targeted phishing emails using data scrapped from LinkedIn or other social media sites that lack the grammatical and spelling mistakes current phishing emails contain,” he says.

In addition, in the last year, the AI boom has taken over multiple industries, with companies rushing to incorporate this new technology into their offerings, says Ron Reiter, a former member of Israeli Defense Forces Unit 8200 and current chief technology officer and co-founder of Sentra, a cloud data security company.

“Cybersecurity is no exception,” he says. “As companies look to harness this innovative technology, they must ensure they aren’t buying into marketing hype and unrealistic promises. Kicking the tires with real proofs of concept will be an important step, and deploying technical solutions will be absolutely critical.”

Nevertheless, the good news is that the same tools available to potential attackers will also be in the hands of defenders, says Nima Baiati, executive director and general manager of commercial cybersecurity solutions at technology company Lenovo.

“This means an increasing number of cybersecurity activities can be automated and, therefore, more efficient,” he says. “AI is used for better risk analysis, threat detection, and automating alerts and responses.”

6. Increased Use of Info Stealer Malware to Carry Out Attacks

One of the other trends in cybersecurity that are gaining greater prominence is cybercriminals’ increasing use of malware to carry out attacks, such as authentication bypass and session hijacking, says Trevor Hilligoss, senior director of security research, SpyCloud, a provider of security software.

“Specifically, info stealer malware siphons high-quality data from infected browsers, including authentication data, such as usernames, passwords, and session cookies, as well as personal information, such as credit card numbers and banking details,” he says.

Malware operators leverage this data in various ways, and many sell it on the darknet for financial gain, Hilligoss says. Criminals who buy the exposed data use it to impersonate legitimate users and gain access to corporate networks, allowing them to carry out sophisticated cyberattacks without raising red flags.

One popular attack method is session hijacking or cookie hijacking.

“Using an active malware-stolen cookie and an anti-detect browser, criminals can bypass robust authentication mechanisms, including multifactor authentication and passkeys, by posing as legitimate users,” Hilligoss explains.

“Criminals who hijack sessions have access to all the information and permissions of the legitimate user, giving them the freedom to steal additional data or launch attacks, such as ransomware without detection.”

Looking to the future of cybersecurity, companies will need to implement new cyber defenses to combat info stealer malware, he adds. Organizations should seek comprehensive malware remediation strategies to neutralize the stolen data before it’s used for other cyber incidents.

“Session cookies, passwords, and APIs can remain active for weeks or months after they were initially stolen, leaving organizations vulnerable to follow-up or repeat attacks using the same data,” according to Hilligoss. “A holistic post-infection remediation plan that includes monitoring the dark web for malware-stolen data allows enterprises to invalidate any compromised sessions and patch vulnerabilities before criminals use the information to cause harm.”

5. Compliance and Regulations Will Shake Up the Cybersphere

Compliance and regulations will also shape the future of cybersecurity, at least for the first three to six months of 2024, says Crystal Morin, cybersecurity strategist at cloud security company Sysdig.

“In 2023, [the White House] rolled out cybersecurity and AI executive orders and the Security and Exchange Commission disclosure rules,” she says. “With the disclosure rules taking effect at the end of 2023 and the AI executive order released at the end of 2023, security compliance and security disclosures will be [one of the biggest trends].”

The cybersecurity sector is reaching a pivotal maturity stage with intensified compliance and regulation in the United States, says Thomas Segura, a cybersecurity expert at GitGuardian, a provider of a code security platform for developers.

“The SEC now requires public companies to report cybersecurity incidents within four days,” he says.

In a notable case, SolarWinds is facing SEC charges for downplaying cybersecurity risks, emphasizing the growing focus on corporate cybersecurity responsibility.

“And President Joe Biden’s 2023 strategy emphasizes market-driven security enhancements,” he says. “Predictably, this will lead to more accurately priced cyber risks, elevating liabilities and compliance demands across the software industry.”

In addition, the SEC charges against the SolarWinds CISO will change that role in 2024, according to Thomas Kinsella, co-founder and chief customer officer at Tines, a security workflow automation company.

The SEC’s decision means more cybersecurity issues will escalate to boardroom issues as CISOs force the entire company to accept the risk rather than shouldering it alone.

“Salaries, performance bonuses, and professional reputations are no longer the only things at stake,” Kinsella says, “Security leaders now know their personal liberty is potentially on the line. Expect CISOs, knowing they might have to take the fall for security failings, to demand more budget, headcount, tooling, and a louder voice in the C-suite.”

4. Small and Midsize Businesses Will Continue to Implement Emerging Tech

Three major cybersecurity trends are currently affecting small and midsize businesses (SMBs), according to Mike Caralis, vice president of business markets at Verizon Business.

First, the top motive for cyberattacks against SMBs is financial gain. He says that Verizon’s 2023 data breach investigations report (DBIR) showed that 95% of breaches were financially driven.

“Secondly, attackers are starting to go after people, and they’re using their mobile devices to get access to sensitive data,” Caralis says. “The DBIR also showed that small businesses have been hit hard, with a 15% increase in mobile phishing attacks.”

Lastly, he adds that SMBs’ failure to implement new systems or technologies, inadequate cybersecurity training for staff, and not upgrading security services make them vulnerable to cybersecurity breaches.

So, what is the future of cybersecurity for SMBs?

“For SMBs, the future of cybersecurity means they will continue implementing emerging tech, such as AI,” Caralis says. “They’ll do so to reap the benefits of saving time and resources for fraud management, supply chain operations, and order processing.”

And more SMBs will invest in bandwidth upgrades with their internet connections, he says. With that, businesses will have an increased need to keep software, including operating systems and applications, up to date with the latest security patches to address known vulnerabilities, which will be an essential element.

“Finally, the ways business owners and their employees work will continue to evolve as they embrace technology,” Caralis says. “For as long as remote work continues, SMBs will need to rely on technology with proper cybersecurity measures to address the challenges of collaboration and labor issues.”

3. Quantum Computing Will Change the Cybersecurity Game

By now, organizations are likely familiar with the concept of quantum computing, which leverages the principles of quantum mechanics to tackle problems that traditional computers find impossible, says Steve Tcherchian, CISO of XYPRO, a cybersecurity solutions company.

However, its implications as a cybersecurity threat and how it may compromise computer security in the future might still be hazy for most companies.

“A significant concern revolves around the potential problem quantum computing poses to conventional encryption methods,” he says.

“Many current encryption techniques hinge on the complexity of factoring large prime numbers – a task that quantum computers markedly simplify.”

But if quantum computers become widely accessible, there’s a looming risk that they will break the encryption safeguarding critical information, such as financial transactions or governmental communications, Tcherchian says.

“To counter this threat, researchers are actively crafting quantum-resistant cryptographic methods,” he explains.

“These post-quantum cryptography techniques aim to provide a quantum-comparable level of security, akin to traditional encryption methods against classical computers. However, the extensive adoption of post-quantum cryptography demands time and resources, leaving a considerable security void until it becomes commonplace.”

2. Collaboration Between DevOps and DevSecOps Increases

In 2024, cybersecurity professionals should brace for a series of transformative trends within the application programming interface (API) market, says Joni Klippert, CEO and founder of application security company StackHawk

“With a growing emphasis on pre-production testing and security integration, these experts will need to adapt to address vulnerabilities at the earliest stages of development,” she says

Additionally, the increasing reliance on automation will present both opportunities and challenges.

“On one hand, it promises to expedite code-writing and shipping processes,” Klippert says. “But on the other, it may lead to a deluge of untested APIs, demanding swift and efficient security assessments.”

Furthermore, the evolving dynamics of DevOps and DevSecOps will require cybersecurity professionals to forge closer collaboration with software engineers.

Understanding the intricacies of code creation, deployment, and testing will be crucial in pursuing faster and more secure software development, Klippert says.

“As compliance regulations tighten, cybersecurity experts will need to provide clear, effective cybersecurity plans and demonstrate substantial progress in their implementation from the executive level down to the boardroom, assuming greater responsibility and accountability,” she adds.

1. CISOs Will Develop/Refine Their Soft Skills

Cyberattacks and cyber threats are now a more significant concern to executive leadership teams and boards of directors, as it’s clear that they can negatively impact a company’s stock price and overall performance, says Jonathan Trull, chief security officer at Qualys, a provider of information security and compliance cloud solutions.

“This has added more responsibility to CISOs who not only need to ensure their businesses are protected from the latest and most sophisticated cyberattacks, but they also need to be able to measure and communicate organizational risk and financial risk to executive stakeholders accurately and effectively.”

Historically, many CISOs could handle their businesses in the corners of their organizations, he says.

“However, as things have evolved, they are now front and center, needing to figure out how to communicate their findings in a language everyone can grasp,” Trull says. “In 2024, I expect more CISOs to develop and refine their soft skills to better communicate financial and organizational risks to CEOs and boards of directors.”

The Bottom Line

As the new year approaches, cybersecurity will continue to be a crucial issue for organizations because of the ever-increasing threat of cyberattacks.

As such, companies must prepare to meet these threats head-on and ensure that their sensitive corporate information is protected from cybercriminals.

FAQs

What are the top three trends in cybersecurity?

What are the trends for cyber attacks in 2024?

What is the next big thing in cybersecurity?

Advertisements

Related Reading

Related Terms

Advertisements
Linda Rosencrance

Linda Rosencrance is a freelance writer and editor based in the Boston area. She has more than 30 years of experience as an investigative reporter working for several newspapers in the Boston metro area. Linda has been writing about information technology since 1999. Her articles have appeared in MSDynamicsworld.com, TechTarget, TechBeacon, IoT World Today, Computerworld, CIO magazine, and many other publications. Rosencrance was the editor of a technology news website and managed and edited a blog focused on data analytics. She also writes white papers, casestudies, ebooks, and blog posts for many corporate clients.