From AI to… AI: 9 Cybersecurity Predictions for 2024 and Beyond
How will 2024 go? Will AI dominate the cybersecurity news? Taylor and Travis, will they/won’t they?
2024 promises to be a pivotal year, in that it’s the next one after the one that’s going on at the moment. Beyond that, we have incredibly important elections in the United States and elsewhere, new AI tools being released with powers beyond belief, and a future that will likely fall somewhere on the spectrum between Utopia and The Terminator.
Given the importance of the year, we’ve decided to make some cybersecurity predictions for 2024. First and foremost, in a prediction that’s guaranteed to age well and not at all outside of our combined areas of expertise, we are forecasting the wedding of Taylor Swift and Travis Kelce as a lock but are unable to forecast how long it will take before they complete their takeover of Hollywood, and then the Earth.
Beyond that prediction, though, what other cybersecurity predictions can we make? To get a diverse perspective, we’ve brought in a guest to help us out. So here you go:
Our 9 Cybersecurity Predictions for 2024:
1) Advanced AI Leads to Advanced Cyberattacks
In 2024 the cybersecurity landscape will be significantly impacted by the use of artificial intelligence (“AI”) in phishing, vishing, smishing, and social engineering attacks. These AI-enhanced attacks will be highly sophisticated, making them difficult to distinguish from genuine interactions. Key indicators traditionally used to identify threats may become ineffective (no more typo-filled emails from a Nigerian Prince!), with technologies like deep fakes and voice emulation adding to the challenge, creating more convincing and deceptive scams.
This advancement in AI-driven attacks poses serious risks, likely leading to a surge in successful phishing attempts. Using personal data, like voice samples from publicly available sources, will allow for highly personalized and targeted attacks. The integration of AI in these malicious activities marks a new era in cyber threats, necessitating more advanced and vigilant cybersecurity strategies to protect against these increasingly sophisticated attacks.
2) AI Will Also Defend Against These Attacks… We Hope
The rising use of AI in cyberattacks, particularly in sophisticated phishing and social engineering, will dramatically increase the need for improved cyberdefense systems. Cybersecurity teams will confront not just traditional hackers but also AI-enhanced threats, marking a shift towards battling highly automated and effective cyberattacks. This evolution necessitates a transformation in defense strategies: teams will either successfully adopt AI technologies to fight back or will be overwhelmed by the advanced threats.
The impact of this shift is two-fold. On one hand, the cybersecurity teams that successfully integrate AI into their defenses may be able to effectively counter the new AI-driven attacks. On the other, failure to deploy AI resources effectively means relying entirely on human defenders, leading to increased burnout and a decline in the appeal of cybersecurity roles. Fortunately, we are forecasting a widespread adoption of AI by security providers. This proactive integration of AI in defense mechanisms is crucial to staying ahead in the cybersecurity landscape and ensuring that defenses evolve as rapidly as the threats they are designed to counter.
3) The Rise and Rise of Shadow AI
The 2024 cybersecurity landscape will be significantly impacted by the rise of “Shadow AI.” “Shadow AI” is the unauthorized use of generative AI and large language models (LLMs) for work. Employees are increasingly using these AI tools for work-related tasks, many involving confidential or sensitive information, without organizational oversight. This trend mirrors the earlier issue of Shadow IT – the use of unapproved devices for work. The primary concern with Shadow AI lies in its unregulated use, especially with publicly available AI systems that are trained on sensitive corporate data, potentially leading to security breaches.
This unauthorized use of AI poses several risks. There’s a danger of sensitive, confidential, or secret (yes, they all refer to different types of data) information being mishandled or leaked as employees input data into unregulated AI systems. Even within companies with their own AI systems, transparency and data security issues persist. The accessibility and ease of use of web-based AI tools tend to entice employees to bypass official channels, increasing the risk of data exposure. These developments underline the necessity for businesses to strengthen their policies on AI tool usage and educate their workforce about the associated risks of shadow AI.
4) Enhanced Cybersecurity Awareness in the Boardroom
In 2024, cybersecurity awareness will become a fundamental aspect of decision-making in corporate boardrooms. This shift will see cybersecurity integrated into every critical business decision, such as risk assessments, acquisitions, and client onboarding. The change signifies a deeper understanding of cybersecurity’s role in business health and strategy, with Chief Information Security Officers (CISOs) gaining more prominence in executive discussions.
The impact of this shift is substantial. CISOs, who historically had limited influence in boardroom dynamics, are now poised to play a pivotal role in shaping policy and strategy. This change is driven by an increased awareness of cybersecurity risks along with the increasing legal accountability of technology leaders in mitigating these risks. As a result, cybersecurity considerations will take a more prominent role in business decisions, likely leading to more cautious and security-centric decisions in areas like product development and market expansion.
5) Mergers, Mergers, Everywhere
In 2024, a key trend in the cybersecurity sector will be the consolidation of cybersecurity providers and solutions. Although likely driven by the usual economic reasons for mergers within industries, a byproduct of the trend is that it addresses the current challenge of businesses – needing an extensive array of tools to cover their cybersecurity needs. The shift will be towards more integrated platforms or services, combining multiple cybersecurity functionalities into cohesive solutions.
The impact of this consolidation will be significant, especially for small and medium-sized businesses that often struggle with the complexity and resource demands of managing numerous cybersecurity tools. For larger companies, it means streamlined security management and more strategic decision-making in cybersecurity investments. This unified approach to cybersecurity solutions will enable businesses of all sizes to defend their attack surfaces more effectively, reducing the burden of managing multiple tools and vendor relationships. Provided adequate competition still exists, these mergers could actually be a “win-win” for the cybersecurity vendors and their customers.
6) There Will Be No U.S. General Privacy or Cybersecurity Law
Not exactly going out on a limb with this prediction. The key legal prediction for cybersecurity (and privacy) in 2024 is… more of the same. We will not get comprehensive federal privacy or cybersecurity legislation at the federal level, but individual states will continue to adopt their own data privacy laws. Leaving the states to individually legislate issues of cybersecurity and privacy may potentially lead to a patchwork of laws and regulations but has already produced far superior laws to those proposed at the federal level. Noteworthy is California’s Delete Act, targeting the regulation of data brokers. It regulates the vast amounts of personal information collected by these massive but shadowy companies, with an emphasis on increasing transparency about the data they keep. These state initiatives are likely to have considerable implications.
Additionally, there will also be growth in the trend towards state-mandated age verification systems for internet services. These laws, usually described as an effort to protect minors online and limit their use of social media, require users to confirm their age by, among others, submitting a copy of a government-issued photo ID. Although intended to enhance online safety, the laws raise privacy and security concerns due to potential vulnerabilities and lack of transparency in their implementation. Verification systems, often run by third-party vendors, keep and process a significant quantity of protected information and are likely to become a prime target for cyberattacks.
7) Zero-Trust Models Go Mainstream
A key cybersecurity development in 2024 will be the mainstream adoption of Zero Trust models across corporate environments. This approach is not about deploying new tools. Rather, it involves a fundamental shift in managing technology assets, particularly concerning controlling access privileges. Zero Trust’s adoption, although expected to be met with resistance, is recognized as crucial for limiting the impact of data breaches. Embracing Zero Trust marks a departure from permissive access policies to more stringent, need-to-know-based access controls.
Implementing Zero Trust protocols is expected to pose behavioral challenges but is essential for enhancing organizational security. The model functions like a system with separate keys for different doors, rather than a single master key, providing enhanced security by compartmentalizing access. This approach significantly reduces the damage a threat actor can inflict once inside the system, giving security teams more time to detect and respond to breaches. The strategy underlines that while completely breach-proof systems are unattainable, creating multiple internal perimeters can effectively limit and control the extent of damage from any security incident.
8) Election Interference Attempts will be Enhanced by AI
In 2024, there will be a significant increase in AI-driven attempts to interfere in the U.S. election, particularly by foreign nation-states. Progressing from manual social media manipulation in previous elections to more sophisticated AI techniques, the upcoming election is expected to witness advanced, automated interference efforts. AI will likely be used to create convincing fake news and execute complex social engineering attacks which will be harder to distinguish from accurate information.
These advanced AI tactics pose a serious risk to the integrity of the 2024 election and the broader democratic process. By effectively mimicking legitimate sources, AI can sway public opinion, influence voter behavior, and foster social discord. The challenge for cybersecurity in 2024 is to utilize AI effectively to identify and mitigate these threats. If unaddressed, this sophisticated manipulation will significantly impact the election and destabilize societal trust. The urgency to develop robust countermeasures against these AI-driven threats is critical to preserve the fairness and credibility of the electoral process.
9) Election Interference Attempts Enhanced by AI Will Succeed
Although AI-driven election interference at the federal level is likely to get the headlines, in 2024, it will have the greatest impact at the state and local levels. Due to the limited resources of local campaigns, AI-enhanced attempts at manipulation will be more likely to go undetected and, even when discovered, will be far more difficult to counter and correct. Federal elections, with their larger budgets and better-equipped campaigns, are less vulnerable to such AI-generated misinformation.
This trend could significantly affect local electoral processes, where traditional campaigning methods and direct voter engagement are crucial. Local elections, with their diverse issues and less stringent party affiliations, may not be as prepared to deal with the onslaught of AI-generated false content, and are poorly equipped to adequately respond. The ease and low cost of deploying generative AI, coupled with its potential misuse, pose a real threat to the integrity of local elections, leading to misinformed voters and undermining the democratic process at a grassroots level.
We’re here to help make the complex language of cybersecurity understandable. So if there are topics or issues that you’d like Ryan and I to break down in an episode, send us an email at firstname.lastname@example.org or reach out to us on Facebook or LinkedIn. For more information about today’s episode, be sure to check out Fearless Paranoia.com where you’ll find a full transcript as well as links to helpful resources and any research and reports discussed during this episode. While you’re there, check out our other posts and podcasts as well as additional helpful resources for learning about cybersecurity.
- Resilience Cybersecurity & Data Privacy
- 8 Useful Small Business Cybersecurity Tips You Need to Know – Resilience Cybersecurity & Data Privacy
- How To Destroy Perfectly Good Cybersecurity Policies – Resilience Cybersecurity & Data Privacy
- 7 Uses for Generative AI to Enhance Security Operations – The Hacker News
- Liability Fears Damaging CISO Role, Says Former Uber CISO – InfoSecurity Magazine
- Porn Age Checks Threaten Security and Privacy, Report Warns – InfoSecurity Magazine
- Russia’s AI-Powered Disinformation Operation Targeting Ukraine, U.S., and Germany – The Hacker News
- Unproven AI face scans may estimate age for porn access in UK – Ars Technica
- Top 5 Risks of Artificial Intelligence – IT Security Guru
- Shadow AI: A Thorny Problem for Law Firms – Above the Law
- Researchers posed as foreign actors, and data brokers sold them information on military servicemembers anyway – Engadget
- Predictive AI in Cybersecurity: Outcomes Demonstrate All AI is Not Created Equally – The Hacker New
- The People Hacker: AI a Game-Changer in Social Engineering Attacks – Infosecurity Magazine
- SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures – U.S. Security and Exchange Commission
- Generative AI Can Save Phishers Two Days of Work – InfoSecurity Magazine
- Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds – InfoSecurity Magazine
- AI Solutions Are the New Shadow IT – The Hacker News
- Over Half of Organisations Are at Risk of Cyberattack Due to Exhausted and Stressed Staff – IT Security Guru
to make cybersecurity understandable, digestable, and guide you through being able to understand what you and your business need to focus on in order to get the most benefit for your cybersecurity spend.
©2024 Fearless Paranoia