2023 has indeed been a roller-coaster of a year, marked by transformative events that have left an indelible impact on the global landscape. The realm of artificial intelligence has witnessed unprecedented growth and influence, with OpenAI at the forefront of cutting-edge innovations.
However, amidst these technological strides, the year has also been characterized by heightened geopolitical tensions, further underscoring the complexities of our interconnected world.
As cyber threats continue to evolve, with both new and familiar adversaries testing the resilience of cybersecurity measures. Join us in this blog post as we forecast the trends that will shape the cybersecurity landscape in 2024.
An Overview of the Current State of Cybersecurity
In 2024, the cybersecurity landscape remains turbulent, with increasing attacks and persistent workforce challenges. The figures below, sourced from ISACA's State of Cybersecurity 2024 report, provide a snapshot of the current trends.
Enterprises are facing heightened threats, with 55% reporting more cyberattacks this year—an increase from 48% in 2023. Despite this, organizational confidence in their ability to detect and respond to threats remains steady, with 72% expressing at least some confidence. However, economic pressures are straining cybersecurity budgets, with only 36% of organizations considering their budgets appropriately funded, marking a five-percentage-point drop from last year.
The cybersecurity workforce remains understaffed, though slightly improving, with 38% of organizations reporting appropriate staffing—up two percentage points from 2023. Yet, stress levels among security professionals are at an all-time high, with 66% citing significantly greater job-related stress than five years ago due to the increasingly complex threat environment.
The primary threat actors remain cybercriminals (28%), hackers (20%), and nation-state actors (13%), while social engineering (19%) continues to be the most common attack method. Concerns over business reputation (79%), data breaches (69%), and supply chain disruptions (55%) persist as top enterprise fears.
What does 2024 hold for cybersecurity’s future? Keep reading for expert insights and predictions.
Top Trends to Watch in 2024 Cybersecurity
Rising Threats
Ransomware, phishing attacks, APTs, misconfigurations, and supply-chain attacks continue to pose significant risks to organizations in 2024. Social engineering remains the most common attack method, responsible for 19% of reported incidents, while ransomware and denial-of-service attacks each account for 10%. Cybercriminals are also increasingly targeting unpatched systems (11%) and exploiting third-party vulnerabilities (10%). Additionally, organizations are seeing a rise in AI-powered cyberattacks, deepfakes, and cryptojacking, with the evolving threat landscape making it harder than ever to defend against sophisticated attacks. As cybercriminals refine their tactics, businesses must remain vigilant and strengthen their security postures to mitigate these growing threats.
Source: ISACA
Evolving Ransomware
Ransomware attacks have been a persistent threat for years, but by 2025, they are expected to become even more sophisticated. Attackers are increasingly using double extortion tactics, where they not only encrypt the victim’s data but also threaten to release it publicly unless a ransom is paid. It is common for cybercriminals to target critical infrastructure, such as hospitals or power grids, causing widespread disruption. The average ransom demanded by attackers has risen significantly.
Geopolitics and Cyber Warfare
Geopolitical tensions are increasingly playing out in cyberspace, with nation-states using cyberattacks to achieve political, economic, or military objectives. By 2025, we can expect to see more state-sponsored attacks targeting critical infrastructure, elections, and private sector organisations. For example, nation states have launched cyberattacks on a rival country’s power grids, causing widespread blackouts and economic disruption.
API Attacks
As organisations increasingly rely on APIs (Application Programming Interfaces) to connect services and share data, they also become a prime target for cyberattacks. API attacks can take many forms, including injection attacks, broken authentication, and data exposure. For example, an attacker could exploit a vulnerability in an API to gain unauthorised access to sensitive customer data, such as credit card information or personal identifiers.
Improving Identity and Access Management
When it comes to cybersecurity, one of the most important things you can do is to ensure that only authorized users have access to sensitive data and systems. This process is known as identity and access management (IAM), and it's something that every organization needs to get right. Insufficient access control mechanisms, such as a lack of Multifactor Authentication (MFA) for SaaS solutions are one of the primary reasons why so many cloud breaches occur. In 2025, passwordless authentication could gain traction as a way to mitigate the risk of password-related breaches. Passwordless authentication uses biometrics, tokens, and other methods to replace passwords with a more secure alternative.
Balancing Privacy with Regulation
Another big challenge for enterprises will be how to find the right balance between privacy and regulation. On one hand, customers are demanding more control over their personal data. And on the other hand, there is a growing number of regulations around the collection of personal data by enterprises. Striking the right balance between these two competing interests is going to be a challenge for businesses in the coming year.
Increased Focus on Automation and Orchestration
The volume and complexity of cyber threats are only going to increase and companies simply can't keep up with manual processes. Security automation won't be a 'nice to have' in 2025; it will be a 'must have'. At this point, automated solutions are the only way to save resources and time and be resilient against automated cyber-attacks.
Solutions with SOAR capabilities like automation and orchestration will be an essential part of an organization's security toolkit in 2024. SOAR technology is designed to address the challenges security teams face - from the volume of alerts to the shortage of skilled resources, and work overload. Next-generation SOAR solutions are built for flexibility, efficiency, and ease of use, and they integrate effortlessly with existing systems.
Emerging Tech - AI and Machine Learning
Today, AI and machine learning are increasingly used to deliver better security solutions. By incorporating AI and ML into existing security and business processes, enterprises can create real-time and proactive security solutions. These solutions can analyze data such as logs, transactions, and real-time user behavior to create personalized security policies and detect suspicious activities.
However, AI and ML are not just limited to enhancing security solutions. Hackers are getting more and more adept at these technologies, improving their techniques to gain access to sensitive data. So, it will be a challenge to ensure that algorithms work in favor of cybersecurity and not against it. Deepfakes, AI-generated content that convincingly mimics real human actions, pose new challenges for cybersecurity. Moreover, GenAI can also be used to develop AI-based social engineering attacks that could possibly circumvent existing defenses.
In addition, machine learning and AI can be used to add layers to authentication solutions and detect fraudulent activities. An IBM study found that the use of AI and automation cut breach lifecycles by 108 days and saved an average of $US1.76 million in breach costs. Even organizations with a partially deployed AI and automation program outperformed those that didn't have one at all.
Generative AI
Generative AI, while revolutionary for content creation, automation, and coding, poses significant cybersecurity risks. Malicious actors can leverage AI to generate convincing phishing emails, deepfake videos, and evasive malware.
Threat Vectors and Examples:
- Phishing Attacks: AI-generated phishing emails are becoming increasingly sophisticated, mimicking the writing style and tone of legitimate communications. In 2024, several major corporations reported breaches originating from AI-crafted emails that fooled employees into making fraudulent payments.
- Deepfake Technology: Deepfake videos and audio are being weaponised for social engineering attacks. For example, attackers have impersonated CEOs in deepfake video calls, instructing employees to transfer funds to fraudulent accounts.
- Malware Creation: AI can assist in crafting polymorphic malware that changes its code structure to evade traditional antivirus solutions.
- AI Agent Exploitation (Agentware): The rise of AI agents capable of autonomous decision-making adds another layer of risk. These agents could be hijacked to carry out unauthorised tasks, such as scraping sensitive data or launching denial-of-service (DoS) attacks.
- Malicious Scripts: A particularly troubling aspect is how generative AI lowers the entry barrier for novice attackers, often referred to as "script kiddies." Previously, creating custom malware or finding software vulnerabilities required significant technical expertise. Now, with the help of AI tools, these inexperienced individuals can easily generate malicious code or automate exploit discovery with minimal knowledge.
- Prompt injection attacks: In these attacks, a user manipulates the input prompt given to an AI model, such as an organisation's chat bot, causing it to generate harmful or unintended outputs. Examples include:
- Data Exfiltration: If an AI-powered chatbot is restricted from sharing sensitive company data, a prompt injection might trick it into disclosing that information by embedding commands within user input.
- Harmful Output: LLM Jailbreaks are methods used by attackers to manipulate large language models to output harmful or embarrassing content. For example in the UK a disgruntled user of DPD Couriers poisoned the company's support chatbot and forced it to recite an embarrassing poem to other customers about how the companies service was not living up to their promises.
- Social Engineering: In AI-driven customer service agents, a prompt injection could lead the bot to provide instructions that compromise customer accounts, such as resetting passwords improperly or accessing sensitive customer data.
Cloud Security and Its Importance
Most organizations today rely on the cloud for storing data, hosting applications, delivering services to customers, and various other IT needs. Almost half of all data breaches happen in the cloud. As businesses move more of their workloads to the cloud, the risk of a data breach is only going to increase. Did you know that 82% of data breaches involved data stored in the cloud?
Human errors are the biggest contributing factor (55%) to data breaches in the cloud, followed by the exploitation of vulnerabilities (21%). However, just vulnerability management and awareness training are not enough to protect your cloud environment from being breached.
By 2025, as more organisations migrate to the cloud, the risk of large-scale breaches will increase. For example, a misconfigured cloud storage bucket could expose sensitive customer data to the public internet, leading to reputational damage and regulatory fines.
In current and newer cloud attacks, it's not just about patching vulnerabilities but also about understanding what could happen inside your cloud environment once a vulnerability is exploited. To understand this, enterprises need to focus on gaining visibility and control over their cloud environments and understand the impact of vulnerabilities in the cloud. Prioritizing vulnerabilities based on their severity and impact is essential to ensure that your organization's cloud environment is secure.
Third-Party Risks
As organizations increasingly rely on external partners and vendors, the potential for cyber threats extends beyond internal controls. Cyber adversaries often exploit vulnerabilities in the supply chain to gain unauthorized access. Some of the biggest data breaches in the last few years have been a result of third-party vendor attacks - SolarWinds, Uber, and Okta are just a few of the well-known examples.
By 2025, the increasing reliance on digital technologies in supply chain management will create new opportunities for attackers. A cyberattack on a single supplier could have a ripple effect, disrupting the entire supply chain. For instance, an attack on a logistics company’s systems could delay shipments, leading to production halts and financial losses for manufacturers.
Supply chain attacks also include attackers that exploit vulnerabilities in the software supply chain to distribute ransomware. A notable example is the compromise of the Python Package Index (PyPI), where malicious packages were uploaded to infiltrate developers' systems, highlighting the need for rigorous scrutiny of software dependencies.
Join Black Hat Founder Jeff Moss and Black Hat Asia Review Board members Ty Miller, Threat Intelligence's Managing Director, Sudhanshu Chauhan, and Asuka Nakajima for an insightful conversation on the most pressing issues facing the InfoSec community:
Preventing Insider Threats
Here are some steps you can follow to prevent insider threats:
Threat Detection
Detecting and identifying potential insider threats requires the right mix of people, and tools. People such as employees, friends, peers, family, and casual observers are often the best judge of suspicious or inappropriate behaviors, as they have more insight into an individual's behaviors, stressors, and emotions. This individual insight can be augmented by monitoring tools that keep an eye on your network at all times and detect anomalous behavior.
Regular Risk Assessments
In addition to monitoring tools, it is essential to regularly assess the risks associated with potential insider threats. This helps to identify vulnerabilities, potential threats, and areas of improvement. Regular risk assessments can help identify and address areas of concern, such as access control policies, authentication protocols, user access privileges, and employee training programs.
Least Privilege and Separation of Duties
One of the best defenses against insider threats is the implementation of least privilege and separation of duties. Least privilege means that individuals are only granted the access to resources that are needed to perform their job, while separation of duties requires that no single user is able to access all parts of a system or process. This limits the potential damage an insider could cause and helps ensure that any malicious activity is caught sooner. Additionally, organizations should regularly review user access and ensure that people only have access to systems they need to perform their job.
User Education and Training
User education and training can help organizations prevent insider threats by teaching users about the risks and consequences of their actions. It is important to equip users with the knowledge and resources to recognize and report suspicious activities, as well as to understand the importance of data security.
Some more tips on reducing the risk of insider threats:
If you keep looking at your employees as the problem, it can set a tone that the IT team is the enemy. Rather, look at your employees as your biggest asset and potentially also your greatest defense. Instead of viewing employees as a threat, focus on harnessing the untapped security potential of your workforce. Switching to a more positive and collaborative approach can create a safer environment for your employees and ultimately create a more secure organization.
To further avoid the risk of insider threats, consider developing policies that don't leave employees in a financially strained position in your organization as they are the ones most likely to have malicious intent. Additionally, review your vendors and contractors regularly to ensure that they are compliant with your company's security policies and industry standards.
Closing Thoughts - How Can Enterprises Prepare for the Future?
As we look ahead into 2025 and beyond, the question is no longer how to prepare for the future but rather, how can enterprises leverage future trends to ensure they are secure while driving innovation and growth.
While we may see new, bigger, and better threats, companies will still struggle to protect their data from current, persisent threats such as sophisticated malware, ransomware, and phishing campaigns. The key is to understand the risks to your enterprise as they are today, and what the impacts could be in the future.
How Can Threat Intelligence Help?
Evolve is an enterprise-grade cybersecurity solutions provider that offers a unique combination of highly specialized expertise and security technologies to address today's biggest cybersecurity challenges. Evolve specializes in creating customized security solutions tailored to your specific security needs and business goals. And most importantly, Evolve solutions are continuously updated so that you can secure your enterprise for the long run. To learn more about our offerings,
schedule a demo with one of our experts today.
Share
