The Evolving Cybersecurity Landscape in 2024

This post is also available in: עברית (Hebrew)

The ever-evolving cybersecurity landscape promises to bring new cyber threat actors, vulnerabilities, and weaknesses to counter, and as technology evolves, so do cyber threat actors’ tactics, techniques, and procedures (TTPs) to take advantage of unsuspecting organizations for personal gain.

Following are the top five predictions for cybersecurity threats organizations will confront in 2024, according to cybersecurity experts in HS Today:

1) Human-operated Ransomware

Human-operated ransomware attacks have been a persistent threat, and they are not going anywhere. 2023 saw major companies lose 100s of millions of dollars in very high-profile, human-operated ransomware attacks. Such attacks involved cybercriminals making fraudulent phone calls to help desks to phish for credentials, which they used to access the network and deploy ransomware.

It is likely that in 2024 these attacks will get more sophisticated, with more advanced encryption techniques and diversified targets.

2) AI-generated Threats

Artificial intelligence (AI) tools have been widely adopted worldwide in many fields, including cybercrime. Cybercriminals began leveraging AI to automate and optimize their attacks, for example, to efficiently create convincing phishing messages.

In 2024 we are likely to see an increase in AI-powered malware that adapts and learns from its environment, making it more challenging to detect and mitigate in the future.

3) Supply Chain Attacks

The software supply chain is becoming an attractive target for cybercriminals as organizations get more interconnected and reliant on third-party applications.  A major example from 2023 is the MOVEit cyberattacks, a file transfer tool that is used by many major companies and government entities across the US, the impact of which affected millions of people.

2024 is likely to see an increase in attacks targeting the software supply chain, aiming to compromise the integrity of widely used applications and services.

4) Mandatory Cybersecurity Self-Assessments

It is anticipated that in 2024 both the US and EU will push to implement significant cybersecurity initiatives, after the recent laws mandating the reporting of breaches involving customer data. There will probably be a push to further those laws by taking a more proactive approach to cybersecurity that includes mandatory self-assessments, requiring that organizations evaluate their cybersecurity measures, identify vulnerabilities, and implement necessary safeguards.

5) Critical Infrastructure

Political conflicts and worldwide involvement in them bring a rising threat of infrastructure cyberattacks (on energy, transportation, healthcare, and more). Such attacks can be performed for financial gain through ransom demands, geopolitical motivations, or even sabotage to destabilize a region or nation. An example is the recent attack on Iran’s gas stations, which completely deactivated 70% of the country’s fuel.

Cybersecurity experts advise organizations to adopt a preemptive cybersecurity strategy- conduct continuous security assessments, implement employee training programs, collaborate with security experts in the industry, and emphasize that a proactive stance is key to staying ahead of emerging cyber threats.