Over the past months, headlines have been marked by persistent conflicts in Ukraine and Israel. Cybercriminals took—and continue to take—advantage of a volatile geopolitical situation and relentlessly exploited vulnerabilities. 2023 also saw the rise of generative AI involvement in cyber attacks as well as in the general population.
In 2024, it’s clear to all that the cybersecurity arena is poised for continued challenges. Given the tactics we saw in action last year, we can anticipate some patterns are likely to emerge:
Impacting Infrastructure and MFA:
Cyber adversaries are evolving and adopting new guises to infiltrate and exploit organizations. As Mike Wilson writes for Forbes, the coming year may witness a heightened focus on targeting the foundational infrastructure of authentication as threat actors develop new TTPs. In tandem, Multi-Factor Authentication (MFA), once considered a security hallmark, will become less effective. The vulnerabilities of SMS-based and push-notification-based MFA are increasingly exploited by cybercriminals; as they catch up with common forms of layered infrastructure, cybersecurity professionals will have to evolve quickly too.
In 2024, the cybersecurity community is expected to shift towards a more modern, layered approach to authentication.
Regulations… with Teeth:
The era of lax security regulations is coming to an end. Stringent measures and consequences for non-compliance are anticipated as the global cybersecurity problem grows. In both national and worldwide arenas, trust-based legislation is being replaced by verification-oriented regulation. As attacks increase in sectors like healthcare, education and EdTech, and government and GovTech, financial penalties will come into effect as well as legal impetuses.
AI Concerns:
The now-widespread adoption of AI applications, including free versions like ChatGPT, poses a security risk as users unknowingly share sensitive data. The use of AI in creating headshots, for instance, involves individuals sharing biometric data. We can expect cybercriminals to capitalize on this data as the popularity of AI apps continues to grow.
That said, the tide of intense growth will certainly slow. In 2023 the hashtag #GenAI hit the scene with fury, but already reports indicate the expense and security concerns around LLMs might not live up to all the hype.
Identity Security Under Siege:
As SMBs as well as Fortune 500 companies outsource identity protection to third-party providers like MSPs, the third-party organizations themselves have become prime targets for threat actors. With extensive volumes of PII being conveniently stored in single places, these providers face continuous attacks aimed at finding vulnerabilities that could compromise authentication systems. The struggle for identity security organizations to defend against these threats is likely to intensify throughout 2024, especially as more companies outsource to other providers.
While all bets are off when it comes to the new threat vectors we’ll see in 2024, one thing is for sure: the stakes have never been higher.