As we bid farewell to 2023, tech experts are peering into the future, unveiling their insights for the upcoming year. For my yearly Top Ten list, I’ve been distilling the wisdom of other brilliant minds since 2012. Given the positive feedback I’ve received, I’m thrilled to continue the tradition and present my meticulously curated Top 10, Top 10 Predictions for 2024, this time brought to you by Ericom, the Cybersecurity Unit at Cradlepoint.
Let’s start the Top 10 off right by talking about the biggest threat facing businesses today: cyberattacks. Did you know that these attacks have a staggering $10.5 trillion impact on the global economy? And the problem is only getting worse, thanks to the growing skills shortage in the cybersecurity industry. But here’s the thing: artificial intelligence (AI) is both a blessing and a curse when it comes to cybersecurity.
On the one hand, AI can help organizations stay ahead of the game by detecting and preventing threats in real time. It can also enable real-time authentication and activity monitoring, making it easier for companies to adopt a Zero Trust access model. On the other hand, cybercriminals are also leveraging AI to launch increasingly sophisticated attacks. They’re using machine learning algorithms to create fool-proof phishing scams, circumvent security systems, and develop automated malware that can evade detection. And your company secrets may be exposed by employees who, seeking productivity gains, enter them in generative AI apps.
So, what does this mean for you? Whether you’re a seasoned cybersecurity pro or just starting out, now is the time to upskill and get ready for the challenges ahead.
Phishing attacks are a major threat to organizational data, with 90% of corporate security breaches resulting from phishing. Despite employee training, approximately 7% of users still fall victim to malicious links. The frequency and sophistication of phishing attacks are alarming, with a new phishing website created every 20 seconds on average and 70% of newly registered domains being used for malicious purposes.
Amazon Prime Day is a particular favorite for phishing attacks, with 1,633 fake sites targeting the event detected in the 90 days leading up to last year’s sale. This is concerning given that 61% of survey respondents couldn’t distinguish between Amazon’s genuine login page and a phishing site designed to mimic it.
Email remains the primary delivery method for phishing, accounting for 90% of ransomware attacks. With the average cost of a data breach reaching a hefty $4.35 million, it is crucial for organizations to take action. The financial sector is particularly vulnerable, accounting for 23% of all successful phishing attacks. These statistics highlight the urgent need for robust cybersecurity measures, like browser isolation, to protect against phishing threats.
Whether you count it in the Top 10, 51, or 5, the risk associated with unmanaged devices cannot be overstated. Despite their significant role in breaches, less than 50% of organizations actively monitor these potential security threats, leaving ticking time bombs within their networks. Unmanaged devices frequently serve as the initial entry point for attackers, making them challenging to detect and eliminate once infiltrated.
Moreover, the presence of unmanaged devices can impede incident investigations, especially when IoT devices like IP cameras establish connections with command-and-control servers. Compounding the challenge is the potential disruption to governance of security controls, particularly when a comprehensive asset inventory is lacking. This becomes even more complex in environments where Information Technology and Operational Technology are distinct, as rogue devices may create network bridges that bypass firewalls, compromising the isolation required to secure these network segments.
The imperative lies in organizing networked technology comprehensively and ensuring that no vulnerabilities exist to safeguard against potential threats stemming from unmanaged devices.
Information Age has reexamined Check Point Research’s 2024 cybersecurity predictions, aligning with the practice at hand. The forecast identifies key focus areas categorized into seven main domains: AI and machine learning, supply chain and critical infrastructure attacks, cyber insurance, nation-state activities, weaponized deepfakes, phishing, and ransomware.
Anticipating a surge in threat actors leveraging AI to enhance their toolkits, they project the emergence of an AI battlefield: While adversaries adopt AI for accelerated and expanded attacks, security teams are expected to harness the same technology to counter AI-powered threats. Notably, the issuance of an Executive Order by the White House signals a shared recognition by both the EU and the U.S. regarding the necessity to regulate AI.
The vulnerability of the supply chain, considered one of the weakest security links, is prompting organizations to transition toward a Zero Trust model. This model mandates verification from anyone seeking to connect to a system, irrespective of whether they are an employee or a third-party individual or server, from inside or outside the network.
Cyber insurance retains its prominence in boardroom discussions, with an evolving focus tied to the cyber resilience of potential customers. Cyberwarfare and the persistence of deepfakes remain overarching concerns, with the added dimension of AI-enhanced phishing tactics that are becoming more personalized and effective. Acknowledging the limitations of user training in countering these threats, the cybersecurity landscape is poised for dynamic changes in the coming years.
CRN has identified “Zero Trust” as a dominant cybersecurity trend. However, despite the buzz, implementation challenges persist. A CyberRisk Alliance survey revealed that nearly 25% of IT security leaders struggle to gain support from other departments for Zero Trust initiatives. Moreover, a Gartner study found that only 10% of large enterprises are on track to achieve a mature and measurable Zero Trust program by 2026. In other words, while Zero Trust is a buzzworthy concept, true widespread adoption will take time since it is not a standalone product or solution, but rather a holistic approach to security that encompasses a comprehensive program and architecture tailored to modern systems.
Some industry professionals roll their eyes at the term “Zero Trust” due to its overuse. Cloudflare CEO Matthew Prince proposes “total control” as an alternative label. Regardless of terminology, the core idea remains crucial: implementing a robust security strategy that prioritizes least privilege access and continuous validation.
John Kindervag, the former Forrester analyst who first coined the term “Zero Trust,” advises against rushing into implementations. Companies often stumble when trying to tackle Zero Trust too quickly and broadly. Instead, he recommends starting with the most critical or sensitive data or IT systems.
For contemporary distributed architectures, Zero Trust Network Access (ZTNA) is considered a safer alternative to traditional Virtual Private Networks (VPNs). This is because ZTNA grants access solely to the resources users need, rather than providing unfettered network access, once a user is in.
Analytics Insight shifts its focus to the 2024 cloud landscape, recognizing its pivotal role in driving operational efficiency and facilitating groundbreaking technological advancements like AI and IoT. While some organizations opt for hybrid models or have even repatriated systems from the cloud, the indisputable rise of edge computing emphasizes the need for reduced latency, more efficient data processing – and security.
Notably, cloud providers are intensifying their investments in security and resilience, recognizing these as critical issues amid the escalating migration of organizations to the cloud. The Top 10 discussion encompasses a spectrum of transformative technologies, including IoT, ML, AI, and Blockchain.
Another interesting trend on the horizon is the proliferation of citizen developers, individuals who are adept at connecting to APIs and crafting customized automation without the need for extensive coding expertise. This evolving landscape underscores the dynamic and multifaceted nature of the cloud’s impact on businesses and technological innovation.
According to Gartner’s latest forecast, global IT spend is expected to reach $5.14 trillion in 2024, a 4% increase from this year’s $4.72 trillion. The three largest tech markets will be IT services, software, and communications services. Generative AI is predicted to be the biggest focus area for 2024, as it becomes more accessible and democratized for workers worldwide. Gartner anticipates that by 2026, over 80% of enterprises will utilize GenAI APIs and models or deploy GenAI-enabled applications in production environments, a significant increase from less than 5% this year. However, it’s worth noting that organizations seem to be embracing AI without proper due diligence and risk assessment, which could lead to potential risks down the line.
Gartner’s outlook extends to industry cloud platforms, foreseeing that by 2028, the norm will be industry-specific whole product offerings equipped with packaged vertical nuances for individual customers. Another intriguing prediction involves tying the environmental impact of increased IT-related energy consumption to executive pay. Gartner envisions that by 2027, a quarter of CIOs will witness their personal compensation linked to their sustainable technology impact.
The article delves into seven more predictions, encompassing topics such as continuous threat exposure management, machine customers, and the augmented-connected workforce. This comprehensive exploration provides a glimpse into transformative trends shaping the IT landscape in the coming years.
The digital landscape is constantly evolving, and with it comes an array of emerging threats that demand our attention. One of the most significant vulnerabilities lies in the supply chain, which too often is compromised through trusted vendors. As organizations rely heavily on open-source libraries and fast software release cycles, the likelihood of supply chain breaches increases. Third-party contractors pose another substantial risk, with 96% of companies granting external individuals access to critical systems, potentially providing hackers with an easy entry point into sensitive data.
To address this issue, implementing application isolation solutions can secure contractor access in a Zero Trust environment. However, this alone may not suffice, as AI-powered malware is becoming increasingly sophisticated and capable of evading detection, identifying vulnerable targets, and customizing attack strategies. Traditional, detection-based security measures will need to be reinforced with preventative measures that can counter even unknown advanced threats.
Another concerning trend is the surge in vulnerabilities within cloud systems, which has increased by 150% over the past five years. Investing in robust security and resilience measures is crucial to protecting data. Unfortunately, security misconfigurations are commonplace due to the shortage of skilled professionals and errors during deployment. In fact, Rapid7 found that 80% of external penetration tests revealed exploitable misconfigurations.
The attack surface continues to expand, with zero-day exploits and Advanced Persistent Threats (APTs) relentlessly seeking out fresh vulnerabilities to exploit. Adding to the concern are insider threats and the evolution of ransomware, now dubbed Ransomware 2.0. It’s clear that the threat landscape is becoming increasingly complex, making it imperative for organizations to stay vigilant and proactive in their security efforts.
In the swiftly evolving digital landscape, Mindflow, like other industry experts, highlight the enduring significance of cybersecurity as a paramount concern for global businesses and emphasize the need for a forward-thinking approach to the ever-growing challenges in this realm.
Compounding these challenges is the impact of work-related stressors, an issue that is already making its presence felt and is anticipated to further escalate. Contrary to expectations, the skill shortage in cybersecurity is unlikely to improve. Projections indicate that by 2025, almost half of all cybersecurity leaders will not merely change companies or positions but will undergo a complete shift into entirely different roles. This trend underscores the urgency for organizations to initiate cultural shifts that foster supportive environments for managing stressful jobs.
Amidst the challenges, there is a silver lining in the inclusion of cybersecurity expertise on corporate boards. This development elevates the role of cybersecurity professionals to critical positions in corporate governance and risk management. As a result, Chief Information Security Officers (CISOs) are transitioning from mere control owners to facilitators of risk decisions, marking a positive evolution in the cybersecurity landscape.
Ericsson, our parent company, has unveiled significant findings in the realm of mobile data, offering key insights into the future landscape. Notably, 5G is poised to be the driving force behind all mobile data growth within the next five years. Projections indicate that by 2028, 5G’s share of mobile data traffic will surge to an impressive 66%.
The study underscores the dominant role of video traffic in the mobile data arena. Currently accounting for 71% of all mobile data traffic, this figure is anticipated to escalate to 80% by 2028. The report delves into regional variations in mobile data growth, with North America projected to reach an average monthly mobile data usage of 58 GB per smartphone by 2028.
Factors such as unlimited data plans, expanded 5G network coverage, and increased capacity are expected to attract a surge in new subscribers for both mobile and Fixed Wireless Access 5G services. These developments align well with Cradlepoint’s innovative 5G solutions, positioning the company favorably in the evolving landscape.
This wouldn’t be a predictions list without ol’ Michel de Nostredame, commonly known as Nostradamus giving his take. In the realm of predictions, Nostradamus takes center stage with a forecast that includes dramatic elements such as violent storms, floods, and the potential abdication of King Charles III due to persistent attacks on him and his second wife. Interestingly, Nostradamus accurately predicted Queen Elizabeth II’s age at death, sparking speculation that Prince Harry might ascend to the throne in 2024.
Nostradamus refers to the ‘King of the Isles,’ likely Charles, being replaced by a man with ‘no mark of a king,’ a detail fans interpret as Prince Harry assuming the crown over William. Adding to the intrigue, there’s a prophecy of a potential new pope in 2024. However, the forecast for the Catholic Church doesn’t seem optimistic, as Nostradamus suggests that, despite the younger age of the new Pontiff and a lengthy papal tenure, he will ‘weaken his See.’ How these predictions unfold remains to be seen!
…And that’s it for this year! If we’re all still around next December, I foresee doing another Top 10, Top 10. In the meantime, consider exploring the Simpsons Predictions for 2024 video as a bonus. I wish you a fun, healthy, and enjoyable 2024!
Curious about how well last years’ prognoses came true? Check out my Top 10 Top 10 Predictions for 2023 and previous years.
Contact us today for more information on how your organization can guard against generative AI security threats, ransomware, phishing, unmanaged device risk and other internet- delivered dangers likely to impact your business today and in the year to come.
The post The Top 10, Top 10 Predictions for 2024 appeared first on Ericom Software.
*** This is a Security Bloggers Network syndicated blog from Ericom Software authored by Peter Silva. Read the original post at: https://www.ericom.com/blog/cybersecurity-trends/