Throughout history, the cybersecurity industry has continually responded to shifts in attackers and changes in operational realities, and the new year is no different. As new technologies like artificial intelligence and cloud computing change the cybersecurity landscape, the cat-and-mouse game between attackers and defenders is sure to intensify and become more complex.
Combined with other factors, such as more aggressive government action on cybersecurity risks, the new year is set to be particularly dynamic.
Here are five major trends for the year ahead.
1. The accelerating data explosion will force a rethink of security strategies
The world has been talking about the exponential growth of computer data for years, but the reality still exceeds the hype. One report predicts that the amount of data a typical organization needs to protect will jump 42% next year and grow a staggering sevenfold over the next five years.
There are two main reasons for this: the increasing popularity of digital devices that generate data, and the mass adoption of artificial intelligence systems that require large amounts of data to train and improve.
In today's diverse technology landscape, businesses face new challenges. Last year, data generated by software-as-a-service (SaaS) systems grew by 145%, while cloud data grew by 73%. In comparison, on-premises data centers grew by 20%. Moreover, cloud computing and SaaS come with fees, and those fees are growing almost as fast as data.
What this all means is that by 2024, organizations will face an even greater challenge of protecting data across a rapidly expanding and changing surface area.
This will be a major cybersecurity concern for many organizations over the next year. More people will realize that the entire security structure has changed: no longer protecting a single area, but an interconnected whole.
2. Attackers will expand attacks on virtualized infrastructure
As organizations become more sophisticated in protecting traditional targets like computers and mobile devices, some bad actors have turned to trying to penetrate other infrastructure components, such as SaaS and Linux applications, APIs, and bare metal hypervisors.
Earlier this year, VMWare warned that attackers were exploiting vulnerabilities in its ESXi hypervisor and components to deploy ransomware, a clear sign of the threat. Other reports this year also show that ESXi-related ransomware vulnerabilities are expanding.
Attackers also read the news. It is very much a "follower" economy, able to pivot quickly to known successes.
Finally, these types of attacks provide attackers with many advantages in terms of speed and scale of intrusions. This technology has pros and cons, providing attackers with new opportunities.
3. Edge devices will become targets of “boutique” hacker groups
In September, U.S. and Japanese government agencies announced that hackers linked to the People's Republic of China used stolen or weak administrative credentials to compromise routers by installing hard-to-detect backdoors to maintain access.
This disclosure suggests that in the new year, we will see more of a new trend: Government intrusion groups view attacks on edge devices as a way to differentiate themselves from ordinary ransomware gangs.
Because such intrusions require considerable technical prowess, are often difficult to detect, and can cause massive damage, they are almost certainly an important means of differentiating cyber threats.
Edge devices will almost certainly become a major cybersecurity battleground in 2024 and will provide hacker groups with an opportunity to demonstrate their capabilities. There will be organizations that can (and will) do this. To push this prediction to the edge, government programs may even “protect” edge access from other cybercriminal organizations and push them away to maintain their clandestine access.
4. Artificial intelligence will dominate the cybersecurity conversation
By 2024, artificial intelligence will be front and center in a range of cybersecurity discussions.
Both attackers and defenders will increase their use of artificial intelligence. Attackers will increasingly use it to generate malware, automate attacks, and enhance the effectiveness of social engineering campaigns. Defenders will respond by incorporating machine learning (ML) algorithms, natural language processing (NLP) and other AI-based tools into their cybersecurity strategies.
Meanwhile, the Brennan Center for Justice calls 2024 the first presidential election in the era of generative AI. Candidates may need to address the “AI anxiety” felt by many voters. And there are widespread concerns that the technology could be used to spread disinformation through deepfakes and AI-generated voices.
Anyway, when it comes to cybersecurity, AI will be everywhere.
5. Chief Information Security Officers (CISOs) will feel the pressure of recent government actions
In late October, the U.S. Securities and Exchange Commission announced charges against SolarWinds and its chief information security officer, Timothy G. Brown. SolarWinds was the subject of one of the worst cyber espionage incidents in U.S. history in 2019, being targeted by a Russian-backed hacking group.
The indictment alleges that for more than two years, SolarWinds and Brown deceived investors by exaggerating SolarWinds’ cybersecurity practices and underestimating or failing to disclose known risks.
Nearly six months ago, a judge sentenced Uber's former chief information security officer Joseph Sullivan to three years of probation and ordered him to pay a $50,000 fine after a jury found him guilty of two felonies. Sullivan was accused of covering up a ransomware attack while Uber was under investigation by the Federal Trade Commission for its data protection lapses.
But many critics of the verdict questioned why Sullivan should be held criminally responsible for striking a deal with a ransomware attacker to protect his company's reputation.
On top of that, new U.S. Securities and Exchange Commission (SEC) rules regarding cybersecurity and breach disclosures take effect on December 15. These new regulations require public and private companies to comply with numerous incident reporting and governance disclosure requirements.
By 2024, all of this will have chief information security officers (CISOs) paying close attention. As if protecting organizations from bad actors wasn’t challenging enough, now they must take even greater care to document everything. The CISO role will assume greater regulatory compliance responsibilities.
By 2024, the entire C-suite may also have to recalibrate its private/public sector discussions.
With the above views and their knock-on effects on other equivalent positions, the geopolitical landscape is changing. Over the past three years, the organization has demonstrated unparalleled engagement and advocacy, and advocated for working across public-private divides. This is due in large part to the community-wide response efforts of SolarWinds and the goodwill generated by the near-universal support for Ukraine's cyber efforts.
SolarWinds and the SEC are about to change the view that Israel's conflict with Hamas is more divisive than Russia's invasion of Ukraine. All of this could lead to a marked shift in how senior leaders talk about and to government.
As these five predictions show, 2024 should be an especially interesting year in cybersecurity.