Morey Haber, Chief Security Officer at BeyondTrust predicts the seven key cybersecurity trends that will help the industry prepare for defence in the year 2024.
If you are looking for forward-looking societies — citizens, governments, businesses — then the GCC has rich pickings. The dawn of a new year is a time to talk about new things, and what better venue than the Gulf, which has a fondness for new things all year round?
So, let’s talk. Let’s take a look at seven technology trends. And in a region with an enviable average for net worth, let’s make our trends specific to cybersecurity. The threat actor has always been drawn to this region. Paydays are that much greater. According to IBM’s 2023 Cost of a Breach report, the combined average in the United Arab Emirates and Saudi Arabia is US$8 million against a global average of US$4.45 million. And that was before generative AI captured the imaginations of innovative minds. Let us make no mistake. Threat actors are innovative by habit.
So, let’s take a dive into our seven cybersecurity trends — some good news for attackers, and some good news for defenders — for 2024.
1. AI on the march
It’s everywhere, and apparently useful for more than just student assignments. But using AI as a virtual assistant to write code, for example, is already leading to more security vulnerabilities than when professional human coders worked alone. Threat actors have noticed, and they are also going to use artificial intelligence to augment their campaigns.
Think of AI as a cybernetic battle-suit that extends the capabilities, reach, and effectiveness of its wearer. We have already witnessed this suit at play in generating ransomware and malware, but we expect its deployment in other areas any day now — discovering vulnerabilities, for instance, or evading detection. And that is just weak (or “narrow”) AI. If strong AI — also known as artificial general intelligence (AGI) or artificial super intelligence (ASI) — emerges, we could see a single threat actor become general of an army of digital menaces.
Additionally, beware of generative AI’s potential to create fake material, such as news, legal sources, and “official” announcements. Imagine the scope for new attack vectors built on such chicanery.
2. Dedicated apps face extinction: Starting in 2024, AI may be used for trusted connections, leading to the gradual (or perhaps even rapid) obsolescence and eventual decommissioning of banking, travel, and search apps. Bank statements, full travel itineraries, and corporate reports could all be handed off to AI. Some applications may remain as trust-based connectors, but essentially, we would be entering a world of cyber-secure digital valets and valet services run by AI, with requests issued by voice command and results returned in richer and richer formats as technology evolves.
3. POTS and VoIP step aside to make room for UCS: POTS (plain old telephone system) and even VoIP will give way to unified communication services (UCS) such as Zoom and Teams. Today, any two devices that are connected to the Internet can put their users in touch with one another. Soon, phone numbers themselves will be obsolete, replaced by email addresses and other digital aliases. Of course, with communications digitized, we must watch for vulnerabilities and their exploitation by threat actors.
4. Subscriptions everywhere: The way we buy things has changed since the days of bartering livestock for cloth. From cash and credit cards to the dizzying modern world of crypto and mobile wallets, we have incorporated each change and rapidly moved on to the next. But have you noticed that ownership has undergone a similar metamorphosis? In 2024, we can expect this to continue. From smart home technology to social media accounts, we will see vendors and providers renting out capabilities rather than selling one-off products and services. Subscriptions will be the central business model of a growing number of enterprises.
But we should take care. Any contract gaps could lead to data losses. And when information on lapsed agreements is archived, this could lead to private information being stored in a less protected environment, leading subsequently to a data breach. Where such service gaps occur, it is critical that the customer requests their data to be deleted.
5. USB-C is good news for juice jackers: USB-C has arrived. It’s easier to plug in and it’s faster — a lot faster. At 10Gbps, it is twice as fast as USB 3.0. We can expect standardization on these connectors to follow. So, boons for compatibility and e-waste, but banes for cybersecurity professionals who have to consider the heightened potential for juice jacking (where data transfers, including malware, take place through media connections), since the time needed to steal data or plant malicious payloads is halved. Obviously, this threat extends to other vectors related to physical connections.
6. Cybercrime consultancy services: Rather than conducting full RansomOps campaigns in 2024, we will see threat actors do the initial scouting and sell what they find. If they discover a zero day, they might sell it to the highest bidder. Likewise, inside information on a specific business’s setup — misconfigurations, unpatched flaws, and other inroads — could be sold along with customized AI tools to those that run the attack. This isolates the original scout from the damaging phase of the campaign and decreases the chances of their discovery.
7. Standardization of cyber insurance: We have seen cyber insurance become more expensive and difficult to obtain of late, with insurance companies insisting on certain levels of security hygiene and sometimes even limiting coverage when drawing up policies. We see 2024 as the year these policies become standardized. As the field of cyber insurance has matured, we have seen new categories such as “Acts of War” spring up and gain acceptance among providers. As such, 2024 will see the emergence of a framework-based approach to cyber insurance, enabling insurance companies to standardize their services against all threats when it comes to reducing risk and liability.
At arms
Now you know what is coming over the hill, you can prepare your defenders. The more proactive you are, the more likely you are to stay out of the headlines. You will identify risks more efficiently. You will suffer fewer breaches. You will incur less damage. Stay safe in the year ahead.