It’s likely that you won’t be surprised that cyber security experts will need to step up their game in 2024. Last year’s events have shown us that education is key and that vigilance is essential.
While we learned a lot in 2022, we also had new issues to deal with. Remote work caused 88% of businesses to feel that they are facing “challenges to effective cyber security measures for remote workers,” while 20% of organizations were dealing with remote work as one of their biggest risks.
Gartner predicts that cyber security spending will hit $215 billion in the coming year, an increase of almost 15% from 2023.
Cloud security, generative AI, and increasingly strict regulations are likely to be leading causes of the additional spending. The good news is that they also predict that over the next two years, we could see up to 75% of the world’s population covered by these new regulations.
There’s a lot to be prepared for in 2024, so let’s get into the top cyber security trends of 2024 that we need to watch out for.
ICS/OT Infrastructure is at Risk Without Added Measures
The world of technology wasn’t always as complex and connected as it is today. As a result, many Industrial Control Systems and Operational Technology (ICS/OT) structures were not developed to deal with the reality of today’s cyber security threats.
According to Christian Orfali, Information Security Advisor at Fortra’s Terranova Security, researchers have found in recent years that these risks are being compounded by supply chain attacks and corporate networks.
With the vulnerabilities that have been added due to IT integrations into OT, cyber security professionals and OT professionals will need to work with each other to design “resilient systems that prevent costly operational disruptions […] emphasizing the need for continuous learning and collaboration in this dynamic field,” according to Mike Holcomb from Fluor.
Mike notes that it will be essential for IT pros to learn to be more like engineers, while OT specialists will need to embrace cyber security as a means of securing critical infrastructures.
It will take time, it will take resources, and it will take education, but in the end, it will be necessary to protect industries that rely on technology for crucial tasks.
Quebec’s Data Protection Laws Take Effect with Law 25
Back in 2021, Quebec passed Law 25 in the National Assembly. The new law adds further directives to existing data protection requirements in the province, most of which came into effect in September of 2023.
Previous exigencies included the appointment of a data protection officer and an incident response plan. However, new compliance requirements for this year include public privacy policies, the right to destruction or anonymization of one’s data, as well as conformity to laws and regulations for data transfers outside of Quebec.
The penalties should make anyone operating in Quebec sit up and take notice, as they can be up to $25M in CAD or 4% of worldwide turnover, whichever is greater for noncompliance.
Generative AI Poses a Real Threat
As more and more businesses move towards using AI for business applications like data analysis, healthcare implementations, and UI customizations, generative AI is beginning to pose a real threat to those using its capabilities.
Apart from the ability to use it to spread misinformation, or to craft staggeringly realistic phishing emails, malicious or buggy code that is generated by AI and then inserted into development pipelines can be devastating for cyber security.
Recognizing the threats of generative AI attacks, Google has expanded its vulnerability rewards program (VRP), also known as a bug bounty, to include provisions to crack down on generative AI security threats.
VRP pays ethical hackers to help Google find and disclose security flaws. With generative AI now included in the bounty, Google is taking steps to identify and respond to these types of threats.
Training those in your organization who use AI tools will be key to managing threats, as well as implementing generative AI usage policies that are communicated to all employees.
IoT is a Bigger Challenge Than Ever in 2024
Just a few years ago, we began to learn that the Internet of Things (IoT) opened up individuals and businesses to a whole new kind of threat.
Heading into 2024, we find that “more devices talking to each other and accessing the internet means more potential ‘ins’ for cyber attackers to take advantage of,” according to Forbes.
While remote work continues, an increasing threat comes from devices on the same home network workers use to access business networks. Their weak security protocols and passwords make them an easy target for hackers.
The article goes on to state that businesses will need to build zero-trust systems into their IT security strategies. This means that “there is no perimeter within which network activity can be assumed to be safe.” Constant and consistent monitoring of network security against ransomware and phishing attacks should be high on the agenda for all cyber security experts in 2024.
The Olympics, Elections, and the Very Real Threats to Institutions
With the approach of events like the 2024 US election and the upcoming Olympics, nation-state actors and opportunists may intensify their cyberattacks. In 2021, the Olympics in Japan faced 450 million cyber attacks on their infrastructure.
This is 2.5 times as many as were attempted during the 2012 Summer Olympics in London. One can assume that huge, important events like elections and the Olympics will be high-value targets in the upcoming year.
Email spoofing, phishing, and even fake websites that are made to appear as though they are affiliated with these events will seek to gain access to infrastructure.
We’re even seeing the potential of deepfakes as a top security threat for the upcoming elections “with no reliable tools yet in place to combat them.”
In addition, misinformation campaigns will continue to be rolled out via social media. Nathaniel Gleicher, head of security policy at Meta, says the following:
“When we have particularly sophisticated threat actors, in the context of foreign interference, nation states that are trying to run these campaigns, we have seen a small number of cases where they plan and coordinated the campaign off of our platforms, which means that our investigators might not know that a campaign is coming until the last minute.”
In addition, voting machine infrastructure is expected to be a target due to the “decentralized nature of America’s election system.”
Meagan Wolfe, an administrator of the Wisconsin Elections Commission, is quoted as saying, “People don’t remember that this is a real and imminent threat, and so getting those local jurisdictions, their governing bodies, to really buy into this concept and to support sustainable solutions for local election jurisdictions continues to be a real challenge, as well.”
We can say that all of this will be a massive challenge that will require all hands on deck to maintain the safety and security of all those involved in these events.
Keeping an Eye on Third-Party Vendors and Supply Chains
It should come as no surprise that social engineering and phishing attacks aren’t going anywhere soon. And with each passing year, the methods by which bad actors gain access to systems get a little more innovative and a lot more intrusive.
We can expect to see growth in supply chain attacks that exploit their target’s vendors and third parties. Theo Zafirakos, Ciso, Professional Services Lead of Fortra’s Terranova Security, explains:
“Attackers can send phishing emails or use social engineering tactics to compromise third-party employees. Once they have access to the third party’s network or credentials, they can use this access to infiltrate the targeted organization’s systems.”
One of the biggest difficulties with third-party risk management is how hard it is to detect a compromise. Tracing it back to the original source takes time and resources that could, instead, be dedicated to more pressing matters.
As a result, businesses should be looking into confirmation that their third-party vendors are keeping their employees updated and educated.
Cyber Security Education is Crucial in 2024
Global cybercrime damage costs could grow up to $10.5 Trillion (USD) by 2025, according to this article. This number is in stark contrast to the $3 Trillion it cost businesses in 2015.
With around 6 billion people connected to the internet, all of whom are using a wide variety of devices, the issue of cyber security education has never been more crucial.
Ongoing education and cyber security awareness training should continue to be top of mind for everyone who has to connect to the internet in some way. Giving employees up-to-date information and keeping them aware of threats will go a long way toward minimizing the potential impact of cyber crime in 2024.
2024 Cyber Security Trends and a Look to a Bright Future
We live in a complex, technology-rich, constantly changing, and evolving world. It’s a fantastic time in history, with the ability to do so much more than ever before with just a simple click on a device.
And yet, these devices continue to be targets that can be exploited for monetary gain, the spread of misinformation, and to cause financial loss for those affected.
It’s going to require some effort to mitigate the negative potential of all of these threats, but with education and awareness, the future is a bright one in which we can embrace that future and prepare for a fantastic 2024 and beyond.
So, from all of us here at Fortra’s Terranova Security, we wish you a happy new year and all of the best from us for your 2024. We can’t wait to hear about how you’re preparing for 2024, so feel free to share this article and your thoughts on it with your social network. Have an excellent year!
Our in-house CISOs are ready to prepare you and your team for the upcoming year
Learn how to evaluate your security position, identify goals and objectives, get examples of program deployment and communication strategies, and so much more!