Buckle Up: It’s Time for 2024 Security Predictions

(3rdtimeluckystudio/Shutterstock)

It doesn’t take a prophet to know that computer security will be in the news in 2024, and probably not in a good way. What we don’t know are the particulars of how cybercriminals will be trying to penetrate defenses and steal valuable data in 2024. That’s where our crack team of experts comes in.

Democratization of AI will be a double-edged sword for cybersecurity, predicts Atticus Tysen, the SVP and CISO at Intuit.

“While the democratization of AI shows great promise, its widespread availability poses an unprecedented challenge for cybersecurity,” Tysen says. “AI will evolve specific attacks against enterprises to become continuous, ubiquitous threats against businesses, individuals, and the infrastructure they rely upon. Even still, it will be a race against the threat actors to design resilient systems and protections. If we fail, the risk of successful hacks becoming commonplace and wreaking havoc in the near future is a clear and present danger.”

Take one part AI and add an equal part ransomware, and you’re already halfway to the situation envisioned by Veritas Technologies’ SVP and GM for Data Protection, Matt Waxman.

“The first end-to-end AI-powered robo-ransomware attack will usher in a new era of cybercrime pain for organizations,” Waxman predicts. “Already, tools like WormGPT make it easy for attackers to improve their social engineering with AI-generated phishing emails that are much more convincing than those we’ve previously learned to spot. In 2024, cybercriminals will put AI into full effect with the first end-to-end AI-driven autonomous ransomware attacks. Beginning with robocall-like automation, eventually AI will be put to work identifying targets, executing breaches, extorting victims and then depositing ransoms into attackers’ accounts, all with alarming efficiency and little human interaction.”

(KT-Stock-photos/Shutterstock)

Generative AI tools are getting much easier for folks without Ph.D.s to wield. That’s good news for cyber crooks, but not such good news for the rest of us, according to Adi Dubin, the vice president of product management at Skybox Security.

“In 2024, there will be a transition to AI-generated tailored malware and full-scale automation of cyberattacks,” Dubin says. “Cybersecurity teams face a significant threat from the rapid automation of malware creation and execution using generative AI and other advanced tools. In 2023, AI systems capable of generating highly customized malware emerged, giving threat actors a new and powerful weapon. In the coming year, the focus will shift from merely generating tailored malware to automating the entire attack process. This will make it much easier for even unskilled threat actors to launch successful attacks.”

Surging investments in AI will trigger a momentous shift in AI security and reshape the landscape, says JP Perez-Etchegoyen, CTO of Onapsis

“With AI models, particularly large language models and generative AI, being integrated into every facet of the software chain across diverse industries, the demand for safeguarding these technologies against evolving threats like prompt injection and other malicious attacks will reach unprecedented levels,” Perez-Etchegoyen says. “Despite the relative novelty of these advancements, the imperative for stringent security measures will gain traction, marking a watershed moment in the journey of AI technology. As we continue to grapple with the uncharted territory of immense data and new challenges, we will witness a concerted effort to fortify the boundaries and ensure the responsible growth of this transformative technology.”

Security precautions take the past few years will force hackers to get creative with their data-stealing techniques, says Zach Capers, the manager of ResearchLab and a senior security analyst at GetApp.

(JLStock/Shutterstock)

“Businesses appear to have rebounded from an influx of pandemic-fueled vulnerabilities and have begun locking down systems like never before,” Capers says. “ This means that cybercriminals will increase reliance on social engineering schemes that exploit employees rather than machines. Moving into 2024, GetApp research finds the number one concern of IT security managers is advanced phishing attacks. And we’re not only talking about email phishing. SEO poisoning attacks are a rising phishing threat designed to lure victims to malicious lookalike websites by exploiting search engine algorithms. This means that employees searching for an online cloud service might find a bogus site and hand their credentials directly to a cybercriminal, have their machine infected by malware, or both. In 2024, it will be more important than ever to educate employees on the sophisticated and increasingly dynamic methods used to trick them into handing over sensitive information that can result in damaging cyberattacks.”

Fraud was up in 2023, but so were technological enhancements, according to David Divitt, the senior director of fraud prevention and experience at Veriff. The cat-and-mouse game that describes cybersecurity will continue.

“There has been a 20% rise in overall fraud in the past year and it will continue into 2024,” Divitt says. “We will see the number of account takeovers using deepfakes with liveness rise as the use of biometrics for authentication purposes increases. As tools like AI become increasingly easier and cheaper to access and facilitate, we will see more impersonation and identity fraud-type attacks. We’ll see more counterfeit attacks pushed on and at the masses as well as at-scale mass attacks that use deepfake libraries and acquired identities. The trifecta of counterfeit templated docs, deepfake biometrics, and mass stolen credentials will continue to be a looming threat.

(StudioFI/Shutterstock)

More data equals more security headaches for Steve Stone, the head of Rubrik Zero Labs

“The accelerating data explosion will force a security strategy rethink,” Stone says. “In 2024, organizations will face a stiffer challenge in securing data across a rapidly expanding and changing surface area. One way they can address it is to have the same visibility into SaaS and cloud data as they have in their on-premises environments–in particular with existing capabilities. And that will be a major cybersecurity focus for many organizations next year. More will recognize that the entire security construct has shifted – it’s no longer about protecting individual castles but rather an interconnected caravan.

Privacy professionals will need to rapidly upskill for the AI era, says Elise Houlik, Intuit’s chief privacy officer.

“As personal data becomes more valuable, and AI further permeates nearly every sector across the globe, the definition of today’s privacy professional and the skill sets required will need to rapidly evolve,” Houlik says. “More than ever, privacy teams will need to work closely with system architects, AI scientists and engineers, cybersecurity teams, product developers, privacy engineers, and other technology disciplines to ensure platforms are processing personal data correctly, and using that data in the most responsible way possible. Complicating matters is a fragmented and challenging global AI regulatory landscape, which places greater urgency on the need for continuous upskilling from a data privacy perspective as global frameworks come into sharper focus.”

The proliferation of AI copilots will have a downside, predicts Steve Malone, vice president of product management at Egress.

(MeshCube/Shutterstock)

“With more and more technology products offering a ‘co-pilot’ AI assistant, I expect that poisoning or take-over of AI tools will lead to breach, compromise and manipulation of users,” Malone says. “In fact, AI has already wormed its way into CISOs brains; our 2023 Email Risk Report showed 72% of cybersecurity leaders are worried about the use of chatbots to improve phishing attacks. For 2024, it’s bound to be a prominent force.”

AI will give us new tools to fight the cyber thugs, such as stateless AI agents, predicts Dale “Dr. Z” Zabriskie, the Field CISO at Cohesity.

“The technology world is evolving at a very rapid pace, and with this, the skills gap in emerging technologies is growing much wider than ever before. New tools need to be developed to act as a translation engine between native/natural language and engineering-speak or technical jargon,” Dr. Z says. “To solve this, we are already starting to see the emerging trends of AI Agents – systems that act and reason with a set of predefined tools – to solve more complex situations than traditional RAG architectures. Agent and tool combinations will be leveraged to assist humans in more complex systems management and operational automation.”

Passwords have become passé in security circles, as multi-function authentication (MFA) becomes the standard. This change in the security landscape carries important implications, says Joe Payne, CEO of Code42.

“As organizations quickly adopt technologies like Okta Fastpass, which uses biometrics for authentication instead of passwords, the way in which bad actors operate will change,” Payne says. “We expect an increase in two areas: breaches caused by social engineering (already on the rise), and breaches caused by Insiders (already over 40% of all breaches). Insiders who have legitimate access to source code, sales forecasts and contacts, and HR data continue to take data from organizations when they depart for competitors or start their own companies.  As we reduce the ability of hackers to access our data using weak passwords, the focus on solving the insider problem will become more pronounced.”

Related Items:

It’s a Bird…It’s a Plane…It’s 2024 Cloud Predictions

2024 GenAI Predictions: Part One

What Will 2024 Bring to Advance Analytics?