As cyber threats continue to multiply, the importance of robust cybersecurity has never been greater. While 2023 was a year of new regulations, an escalating sophistication of ransomware attacks, and a proliferation of Internet of Things (IoT) devices, the cyber challenges and threats of 2024 promise to be even more demanding.
What sorts of cyber threats will organizations confront in the coming year? We asked our CYE experts what security teams should expect. Here are their predictions.
More AI-Enabled Threats
Artificial Intelligence has evolved into a double-edged sword in the digital era. While it has empowered us to create systems capable of processing and analyzing data at unprecedented speed and accuracy, it has also armed cybercriminals with tools for crafting more intricate and targeted attacks.
As a result, the quality, accuracy, and sophistication of social engineering, phishing, and human related attacks is expected to increase significantly in 2024. Attacks will become even more personal, targeting individuals in order to gain access to companies.
Attacks on the Supply Chain and Service Providers
As in 2023, supply chain attacks will continue to rise in the coming year. In particular, states will persist in launching supply chain attacks to reach their main targets. The appeal of such attacks to cybercriminals is that using a third party as a “proxy” provides legitimate access to the target, allowing a high level of confidentiality and deniability. Malicious actors are expected to continue targeting service providers, software providers, and large market leading vendors.
Attacks Targeting OT and ICS Environments
The geopolitical situation that started in 2022 with the Russia-Ukraine War and the present overall geopolitical climate generated some techniques and tools that focus on the Operational Technology (OT) part of organizations. Consequently, in the coming year, we expect to see a significant increase in attempts and attacks against OT- and Industry Control Systems (ICS)-based environments. In addition, the relatively lower cybersecurity maturity in those environments will elevate the expected impact and losses to compromised organizations.
Cyberattacks as Weapons of War
In the past few years, we have witnessed a dramatic shift in the usage of cyber as a weapon of war. This has occurred for two primary reasons:
- Significant development of cyber capabilities to create damage and chaos, such as CNA (computer network attacks) and CNE (computer network exploitation) attacks
- Countries can execute attacks with little risk of retaliation; they can always deny them.
These attacks can take various forms, including the deployment of ransomware, malware, and distributed denial-of-service (DDoS) attacks. They can target traditional military targets, as well as civilian infrastructure, financial systems, and communications networks. In the coming year, we will continue to see this trend as state and non-state actors seek to gain a strategic advantage or disrupt the operations of adversaries.
Increase in Ransomware as a Service (RaaS)
With Ransomware as a Service, creators of ransomware lease out their malicious software to others, allowing them to launch attacks without having the technical knowhow to develop the malware on their own. The creators can customize and deploy the ransomware and they typically take a percentage of the ransom payments.
During the Russia-Ukraine war, we witnessed a large usage of RaaS groups used by Russia for deniability purposes. In the coming year, we will likely see much more of this extremely fast-rising phenomenon.
Attacks on Multiple Targets
Malicious actors often target multiple entities to cast a wider net and increase their chances of success. As such, we expect to see an increase in the following targets in 2024:
- Endpoints: The rise of remote work and of devices connecting to corporate networks have made endpoints (such as laptops, mobile phones, and tablets) prime targets for cybercriminals.
- Cloud: As organizations transition their operations to the cloud, it becomes a prime target for cyberattacks.
- IoT: The Internet of Things (IoT) connects billions of devices globally, offering opportunities for innovation and efficiency. However, many IoT devices require enhanced security, making them susceptible to cybercriminals.
- Mobile devices: As mobile devices become ubiquitous, they have become prime targets for cyberattacks. Implementing robust mobile security measures, such as regular software updates, strong passwords, and multi-factor authentication, is imperative for protection.
- Automotive: Modern vehicles incorporate various electronic systems that enhance safety and convenience, but they also provide new opportunities for cybercriminals.
Increased Cyber Risk Quantification
To help prioritize the mitigation of cyber threats and help comply with regulations, we predict that more organizations will invest in cyber risk quantification. Quantifying cyber risk is vital for making informed decisions on cybersecurity resource allocation. Organizations can enhance their cyber risk quantification efforts by investing in advanced analytics tools and gaining a comprehensive understanding of their risk landscape.
Want to learn more about what to expect in 2024 and how to adjust your security budget accordingly? Watch our webinar.