While there are always surprises when it comes to technology (and indeed cyber-security at large), 2023 was in general moderately chaotic, especially when compared to a few previous years.
The cost of cyber-attacks on the global economy is predicted to top $10.5 trillion by the end of the coming year, reflecting the growing need for cybersecurity to be treated as a strategic priority on an individual, organizational, and governmental level.
This should be taken into account not just by large companies and governments – such changes in the landscape will impact even the everyday lives of regular citizens. As organizations, businesses and governments start to adopt stricter policies, and impose regulations regarding the safeguarding of data, ordinary citizens will be somewhat forced into learning digital skills. In some cases, the cost of implementing cyber defense will eventually land on the shoulders of its users.
We split the general overview in two sections, which are by no means exclusive categories, but more of a guideline in terms what we expect for 2024 as well. Emerging threats are rather newer forms (or rehashes of older methods) of (miss)using digitals tools. Their future is rather unpredictable, and subject to many changes. On the other hand, there are those more established digital threats (like ransomware for example), which are nothing new and fancy, but still filled the headlines in 2023, and we also believe they will continue to do so in the following year.
Emerging Cyber Security Threats
Mass-scale governmental surveillance and tracking programmes
Even if you are a casual follower of cyber-security news, or technology in general, the impact that the Covid pandemic brought to the digital world surely caught your attention in early 2020. The sudden boom of work-from-home policies, the hastily built e-health apps, Covid passports, tracking systems (in most cases governmental!), and the ever-looming automated decision making (ADM) or AI integration across services and platforms, and many other rushed processes marked 2020, and probably the two years that followed.
Some governments used the public health crisis to impose strict(er) regulations, which could easily be misused and endanger the privacy of private citizens. Disguised behind public health concerns, these measures were meant to curb the pandemic. However, many are still in use even today, even though according to the World Health Organization, the global emergency regarding the Covid pandemic is over. This begs the question: to what end are these apps being used today, and who still enjoys access to these personal data?
Yet, even if you are not that interested in cyber-security, or try to avoid technology news in general, one surely cannot miss the news about the Russian invasion on Ukraine.
Cyber-warfare
The Russia-Ukraine war continues
The war in Europe is predicted to play a significant role in cyber warfare, with economic uncertainty and even a potential global recession. The global threat of cyberattacks has increased by 16% since the conflict began in February 2022.
Surprisingly (for many), this act also sent shockwaves throughout the online (“hacking” or other) communities. People from across the world stepped up, and started creating and consolidating teams, in efforts to disrupt the enemy, and aid the side they support.
State-sponsored cyber-attacks and cyber warfare
Businesses and organizations that conflict with government philosophies are increasingly at risk. State-sponsored cyber-attacks can target competing governments, businesses, or individuals that interfere with state goals or values. Elections will also be a target for cybercriminals due to the increasingly digital nature of how they are conducted. Unfortunately, regulation and checks-and-balances in this area are moving at a snail pace – we don’t expect much to change in the near future.
All of these events had lingering effects in 2023 as well – as we all know, the Russian invasion is still ongoing, and Covid didn’t just disappear overnight (unfortunately, this also applies to various tracking apps!). Nearing the end of the year, just as everyone thought things are rather “settling down” – the surprise attack on Israel by Hamas happened.
Israeli – Hamas clash
Alongside the premeditated, hybrid warfare that is unfortunately commonplace in the region, the current crisis sparked massive engagement from online groups as well. These actions characterized yet another unfortunate milestone for the Israeli-Hamas conflict, a conflict that has seen most modern forms of warfare so far.
Marked by massive disinformation campaigns, involving deepfakes and generative AI, this ongoing crisis will be studied for years to come. So, what exactly happened, and why is it connected to cyber-security?
On October 7th, at 06:30 local time, the terrorist group attacked Israeli cities by firing rockets – which triggered the air raid sirens. In the following hours, millions of DDoS attacks were launched against Israeli websites that help alert civilians to find shelter against incoming threats. This attempted disruption (and the similar ones that followed) were conducted by various pro-Palestinian hacktivist groups and individuals.
To this day, DDoS attacks and other attempts to disrupt Israeli support are very much active, now preferring newspapers and media outlets websites instead.
Such armed conflicts, albeit rare today, showcase that any military conflict can (and will) have spillover effects in the cyber-realm. Ranging from social media, news outlet websites, to hospitals, universities, governmental institutions, and crucial systems like air raid warning sirens – nothing is off-limits anymore.
Trending cyber security threats
Cybersecurity threats are commonly a mixture of new technologies and the access they provide, alongside more traditional, maybe less technical ones. In 2023, cyber threat actors were invested in sophisticated attacks that have worked in the past. Some of the trending cybersecurity threats of 2023, that we also expect to expand their presence in 2024, include:
Ransomware
Attackers are moving away from data encryption to stealing data and extorting a ransom not to publicly reveal it. Ransomware-as-a-Service (RaaS) continues to be lucrative. RaaS is gaining popularity among threat actors, with ransomware breaches doubling in frequency in the past few years. More than half of all financial institutions were hit by ransomware within the last year — with a 62% increase on the previous year.
For 2024, we expect this trend to develop, both in sophistication and in scale as well.
Multi-Vector attacks
These attacks combine multiple techniques and attack vectors within a single cyberattack campaign. These campaigns are typically more organized, require more time to prepare, and in some cases, even have structure and budgets! While there have been some notable incidents in the past few years, due to their nature and sophistication, they are yet to reach their full potential.
We expect multi-vector attacks to thrive in the next few years: and these have the potential to become the number one threat for larger organizations.
Data breaches
Data breaches are inevitable and are among the top cybersecurity trends for 2023. Protecting an organization’s data is a priority in terms of cybersecurity. Any flaws of the present system or application, such as bugs and unprotected endpoints, pose a vulnerability threat to your organization or company’s sensitive information.
We expect data breaches to fill headlines in 2024 as well.
Rapidly-changing cyber threat landscape
While some organizations and companies have had the experience in dealing with various cyber incidents over the years, and consider themselves experienced, there is no doubt that the cyber threat landscape is now evolving faster than ever.
Companies and organizations are facing a rapidly-changing cyber threat landscape, one that many have problem to adapt to with a right pace. Cyber threat actors are growing more sophisticated, especially with the recent introduction of AI.
For 2024 and beyond, the cyber threat landscape will continue to diversify at a very rapid pace. We expect governments, companies, and organizations to struggle to adapt their policies and tools to properly defend against trending threats.
Generative AI adopted on both sides of the battle
With the recent advancements in AI, specifically generative AI, it is becoming increasingly appealing for malicious actors as well. We expect that, as AI becomes more and more sophisticated, its use will become more common, in various forms of cyber-attacks, and in defense as well.
AI can indeed help in warding off threats, including their detection, neutralization or even evasion whenever possible, all (or mostly) without human intervention.
Increasingly sophisticated phishing attacks
Social engineering attacks will continue to increase in complexity and sophistication. Generative AI tools will enable attackers to make smarter, more personalized approaches, and deepfake attacks will become increasingly prevalent.
We expect generative AI to play a larger role in 2024 and beyond, both in offensive and defensive capacity. This is especially important for organizations dealing with combating disinformation, as generative AI has the biggest disruption potential in this area.
Skills gap in the cyber security field
There is a shortage of professionals with the skills needed to protect organizations from cyber-attacks. While this is no news for those who follow cyber security issues, it is still a prevailing trend, and one we expect to continue in 2024 and beyond.
The security skills gap is a major threat to organizations’ security objectives. Most, if not all, organizations report lack of dedicated team or properly trained individuals to tackle cyber security issues in their institutions. Staffing issues are also reported by governments – there is simply not enough professionals, and even worse – the students’ interest in cyber security studies does not seem to increase.
Unfortunately, we expect this trend to worsen, with less and less organizations gaining access to skilled professionals, as the few that are trained and experienced will typically end up working for larger companies. This, in-turn, will lead into greater investment in training, development, and upskilling programmes for current employees.
The “Zero Trust” approach
Zero Trust might just be the buzzword of 2023. It is defined by NIST as a “collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised”. The Zero Trust approach can be best summed-up with the phrase: "never trust, always verify". With the enormous shift to work-from-home, especially in some industries like IT, a lot of pressure has been put on more traditional forms of security already present in companies and organizations.
Therefore, the adoption of zero trust security models, also known as zero trust architecture (ZTA), and sometimes known as “perimeterless” is in full swing across the globe.
The adoption of Zero Trust will continue to grow in 2024 and beyond.
Stay resilient
This list of threats and issues is by no means final – as we mentioned above, the threat landscape is now evolving at a very rapid pace. This means, even threats that are not yet introduced, could become a talking point number 1 in just a few months, if not weeks.
The only real suggestions we can give is – continue to follow cyber security news from trusted organizations and individuals. This way, you will be informed on latest threats, trends, and ways to protect yourself, and your organization or company. Always be on the look-out for latest courses and materials, that in lieu of a cyber-security team or skilled professional, will give you at least some fighting chance against common threats.
Click this link to check out our free, self-paced course on cybersecurity basics.
Image by: pexels-mati-mango