Some new predictions and trends also come out each June at the Gartner Security & Risk Management Summit, and some other eye-opening reports and predictions have been released midyear by several top companies. This blog will examine a few of these.
But first, as a reminder, here are the top themes from my 2024 report back in mid-December 2023:
COMMON THEMES FOR 2024
For 2024, security industry prediction reports highlight common themes.
- AI will revolutionize everything and everyone — for better and for worse. Here are some specific predictions around AI and generative AI (GenAI):
- More effective cyber attacks than ever before against everyone, with bad actors leveraging GenAI tools to find vulnerabilities in critical sectors.
- More AI threat actors, AI threat vectors and AI code assistants introduce further vulnerabilities (BeyondTrust).
- Use of AI-based cyber defense is a must for enterprises to keep up.
- Bring your own AI (BYOAI) for 60 percent of us, as enterprise solutions lag (Forrester).
- Shadow AI will grow along with governance challenges.
- Productivity improvements will drive rapid and widespread adoption of GenAI tools.
- More regulation, laws, policies, data privacy and ethics rules regarding appropriate use.
- Uptick in sophisticated deepfakes and business email compromise (BEC) using GenAI to attack.
- More voice and video impersonations, including particular accents and targeted executive account takeover using social media and personal accounts.
- Focus on various attacks against LLMs.
- CISOs will get more power and a broader role for several years (Gartner).
- Election cyber attacks globally will be center stage. Specifically:
- Misinformation on elections in social media.
- Voting machine and virtual cyber attacks.
- Data surrounding voter lists, people, process and technology cyber attacks.
- More cyber attacks in space, including overall programs, cyber arms race in space including satellites and other next-generation vehicles.
- Ransomware growing and evolving, gaining access and targeted ID management using more sophisticated phishing and social media compromises.
- Use of breached credentials to log in rather than hack in. This data is available for sale on the dark web from many years of data breaches.
- Supply chain attacks will grow and evolve with developers targeted in supply chain attacks via software package managers (Google Cloud).
- Cyber insurance market will continue to grow and evolve. Most reports say prices will stabilize.
- Attacks targeting hybrid and multicloud environments will mature and become more impactful (Google Cloud). There will also be more cloud-native worm attacks (Trend Micro).
- Attackers will look to blockchain for fresh hunting grounds and extortion plans. Also, with the rise of bitcoin and other cryptocurrencies, there will be new crypto wallet attacks.
- Growth in hacktivism, with more hacktivism tied to APTs (Kaspersky).
- More groups in the “hacker for hire” business (Kaspersky).
- “Malinformation” will grow dramatically, as trust is hard to gain and keep (Gartner).
- Next-level cyber attacks with a “go big or go home” approach (Fortinet).
- New tech, such as QR codes and VR headsets, attacked in various ways (Watchguard).
- Zero-trust models will be more widely implemented.
- Attacks on global events — for example, the 2024 Summer Olympics in Paris — to gain attention will increase.
RIGHT ON!
No doubt, we have seen several massive data breaches and ransomware attacks already in 2024, as many predicted:
Wired: Ransomware Is ‘More Brutal’ Than Ever in 2024
TechCrunch: United Healthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack
CBS News: What customers should know about AT&T's massive data breach
Reuters: US lawmakers grill Microsoft president over China ties, hacks
Axios: About 165 orgs may have been affected in Snowflake incident
We have seen a growth in hacktivism in the first half of 2024, as articulated in these posts:
The Hacker News: A New Age of Hacktivism
TechTarget: Recorded Future observes 'concerning' hacktivism shift
Forbes: Hacktivism On The Rise: Protecting Critical Infrastructure Is Top Priority
MorningStar: 2024 Intel 471 Cyber Threat Report Reveals Emerging Hacktivist and Adversary Strategies in the Cyber Underground
Also, cyber attacks against elections are heating up worldwide:
The Register: Russian hacktivists vow mass attacks against EU elections
EuroNews: Dutch cyberattacks latest in EU election campaign marred by disruption and violence
Politico: Taiwan bombarded with cyberattacks ahead of election
Missouri Independent: Feds deliver stark warnings to state election officials ahead of November
Also marching on as predicted are zero-trust adoption trends:
The Stack: FBI reveals Zero Trust adoption plans in $8 billion IT budget
GovCon Wire: DOD Wants to Push Zero Trust Adoption Deadline Forward
Dark Reading: Gulf Region Accelerates Adoption of Zero Trust
One more of the top stories correctly predicted for 2024 includes space cyber attacks:
Politico: Officials plan for new age of cyber threats to satellites
The Conversation: Cybersecurity for satellites is a growing challenge, as threats to space-based infrastructure grow
Forbes: Cyber-Securing Space Systems A Growing Global Concern
NOT SO MUCH (AT LEAST NOT YET)
The predictions that cyber insurance will grow has hit snags, with many state and local governments I have spoken with deciding to self-insure due to costs. But the market is definitely evolving:
Risk & Insurance: U.S. Cyber Insurance Market to Harden in 2024
SC Media from RSAC 2024: Top cyber insurance trends, traps and advice
Munich RE: Cyber Insurance Risks and Trends 2024
Supply chain attacks have been more muted this year so far, but there have been examples of note, such as this piece: Sisense Breach Highlights Rise in Major Supply Chain Attacks. The Change Healthcare cyber attack that impacted prescriptions nationwide could also be viewed as a supply chain issue of a different sort.
There are many other areas we could discuss in this category. However, it may be too early to make judgments regarding 2024 trends and cyber attacks. Some areas, like the USA elections, Paris Olympics and other upcoming events will become clearer in the second half of 2024.
GARTNER SECURITY AND RISK MANAGEMENT SUMMIT 2024
Several new outlooks were presented at the most recent Gartner Security and Risk Management Summit in National Harbor, Md. Here are a few talks of note that can viewed on YouTube.
- 58 percent of board directors expect to increase their risk appetite between 2024 and 2025.
- 58 percent see digital technology initiatives among their top-five business priorities for the next two years.
- 93 percent of project managers feel pressure to speed up delivery.
Overall, this talk explains the push for more decentralized control in risk management within business areas.
Two more recent talks:
OTHER MIDYEAR FORECASTS OF NOTE
I’d like to highlight a few other interesting reports for your review. First we have this LinkedIn post from Anil Yendluri. I like his infographic, and his key takeaways:
- The global end-user spending on cloud services is estimated to reach $700 billion by 2024.
- There will be 3.5 million unfilled cybersecurity positions worldwide by 2025.
- The global zero-trust cybersecurity market is expected to reach $133 billion by 2032.
- Ransomware attacks will cost victims $265 billion by 2031.
Also from Yendluri:
- Cyber Resilience Will Hog the Spotlight in 2024
- Attacks Against Cloud Services
- Growing IT Skills Gap and Soft Skills Demand
- Rise in IoT (Internet of Things) Devices With 5G Connectivity
- Generative AI and Machine Learning
- Zero-Trust Cybersecurity
- International State-Sponsored Warfare
- Evolving Social Engineering Attacks
- Multifactor Authentication
- Continuously Evolving Ransomware
- Mobile Cybersecurity
- Connected Cars
- Rise in Insider Threats
- Cybersecurity to Cyber Resilience
"The consultancy predicts that generative AI could enable losses from fraud to reach $40 billion in 2027 — up from $12.3 billion in 2023 — a compound annual growth rate of 32 percent."
What I find amazing by these predictions (or if you prefer "forecasts" or "trends"), is that the bad guys will benefit more than the good guys. The assumption here is that losses will grow dramatically, which runs contrary to the narrative given by many cyber companies that says AI and GenAI will reduce losses.
Lastly, Helen Yu posted this excellent infographic on LinkedIn that offers Gartner’s top-nine trends in cybersecurity in mid-2024. I’ll let you go to her post to see those items in interactive form.
FINAL THOUGHTS
While I was doing research for this blog I came across this YouTube Conquest Cyber video from two years ago at the Gartner Security and Risk Management Summit. It grabbed my attention because it includes me in several of the clips, including the thumbnail.
One final item. I was fascinated by this CNBC post entitled Microsoft employees’ cybersecurity contributions will factor into their pay. The main points include:
- For top Microsoft executives, one-third of the “individual performance” portion of their bonuses in the new fiscal year will be tied to a review of their cybersecurity work, the company’s president, Brad Smith, told a U.S. House committee ahead of a hearing on Thursday.
- Individual employees will discuss with their managers their cybersecurity contributions in twice-annual reviews that factor into total compensation.
The main message: Not only is everyone focused on cybersecurity in mid-2024, but their pay depends on successful resilience efforts. That is progress IMHO.