Major cybersecurity trends in 2024 would centre around AI, hactivism, and weaponised Deepfakes.
According to Check Point Research (CPR), there’s an 8% increase in global weekly cyberattacks in the second quarter, marking the highest volume in two years.
Familiar threats such as ransomware and hacktivism have evolved, with criminal gangs modifying their methods and tools to infect and affect organisations worldwide, CPR said, adding that even legacy technology such as USB storage devices regained popularity as a vehicle to spread malware.
One of the most significant developments this year was the evolution of the ransomware landscape, according to CPR.
Data derived from more than 120 ransomware “shame-sites” revealed that in the first half of 2023, a total of 48 ransomware groups reported breaching and publicly extorting more than 2,200 victims, CPR added.
There were several high-profile cases this year including the attack against MGM Resorts, which shutdown major Las Vegas sites for several days and is likely to cost millions in remediation, the organisation observed.
Some of Check Point’s predictions for major cybersecurity trends in 2024 include the following.
Rise of AI-directed cyberattacks
- Artificial intelligence and machine learning have dominated the conversation in cybersecurity.
- Next year will see more threat actors adopt AI to accelerate and expand every aspect of their toolkit.
- Whether that is for more cost-efficient rapid development of new malware and ransomware variants or using deepfake technologies to take phishing and impersonation attacks to the next level.
- Fighting fire with fire: Just as we have seen cybercriminals tap into the potential of AI and ML, so too will cyber defenders. We have already seen significant investment in AI for cybersecurity, and that will continue as more companies look to guard against advanced threats.Phishing attacks continue to plague businesses
Phishing and legitimate tools
- Software will always be exploitable. However, it has become far easier for threat actors to “log in” instead of “break in”.
- Over the years, the industry has built up layers of defence to detect and prevent intrusion attempts against software exploits.
- With the relative success and ease of phishing campaigns, next year will bring more attacks that originate from credential theft and not vulnerability exploitation.
Deep fake technology advances
- Deepfakes are often weaponised to create content that will sway opinions, alter stock prices or worse. These tools are readily available online, and threat actors will continue to use deepfake social engineering attacks to gain permissions and access sensitive data.
Advanced phishing tactics
- AI-enhanced phishing tactics might become more personalised and effective, making it even harder for individuals to identify malicious intent, leading to increased phishing-related breaches.
Data Risks Amidst Ransomware Defences
- Despite organisations bolstering their defences against ransomware, incidents of data loss or leakage are likely to ascend.
- A contributing factor may be the increasing reliance on SaaS platforms to store sensitive data as part of application services, presenting new vectors and vulnerabilities that malicious entities can exploit.
AI in Insurance
- Like all industries, AI is set to transform the way that insurance companies assess how cyber resilient prospective customers are.
- It is also going to provide opportunities for these companies to offer cybersecurity services directly.
- However, it is crucial to note that AI alone cannot solve all cybersecurity challenges, and companies must balance security with convenience.
Preventative approach to reduce premiums
- With rising costs of cyber insurance and talent shortages, organisations will begin to shift from reactive security to more effective defensive security.
- By demonstrating preventative action against cyberattacks, organisations may see their premiums reduced.
