From world events to the economy, 2023 was an unpredictable year. Cybersecurity didn’t stray far from this theme, delivering some unexpected twists. As organizations begin planning their security strategies for 2024, now is the time to look back on the year before and extrapolate what the future may hold.

The year kicked off with Generative Artificial Intelligence (GenAI) hitting the headlines and dominating the conversation unexpectedly. The impact of the many new uses for GenAI rippled the cybersecurity world and was a top topic and cybersecurity concern, with a data breach of ChatGPT highlighting the risk. Cybersecurity professionals also increased their use of AI technology to help detect and prevent attacks.

Ransomware stayed in the headlines, starting with an increase in volume. The month of March alone saw 400 attacks. Local governments were a prime target this year with more than 34 attacks, including one incident that shut down critical systems in Dallas. On the good news front, the U.S. government issued the NIST Cybersecurity Framework 2.0 and the White House Cybersecurity plan took steps to protect critical infrastructure from cyberattacks.

To get insights into what to expect in the cybersecurity industry in 2024, we talked to leading experts. Here’s what they have to say.

2024 will be the year of deception (Charles Henderson, Global Head, IBM X-Force)

2024 is going to be a busy year for cyber criminals amid ongoing geopolitical tensions, major elections in the U.S. and European Union and the biggest sporting event in the world (Paris Olympics) all taking place within a few months of each other. It’s a perfect storm of events that’s going to see disinformation campaigns on a whole new level.

Cyber criminals have everything they need to deceive unsuspecting users, consumers and even public officials through AI-engineered deception tactics. We’re about to see improved deep fakes, audio fakes and very convincing AI-crafted phishing emails in cyber criminals’ efforts to deceive the public and advance their malicious objectives.

GenAI is about to make “customer acquisition” much easier for cyber criminals (Charles Henderson, Global Head, IBM X-Force)

Until now, cyber criminals have been very limited in how they can monetize from their data spoils collected from the billions of data compromised over the years. But all that’s about to change thanks to GenAI. GenAI is going to help filter through, correlate and categorize those huge data sets in minutes and put them together in a programmatic way for cyber criminals to create profiles for potential targets. GenAI’s ability to optimize target selection is no different from how it’s improving the customer acquisition process in marketing — it’s just a different light of legality.

Enterprises will see an influx of “doppelgänger users” (Dustin Heywood, Chief Architect, IBM X-Force)

With millions of valid enterprise credentials on the Dark Web right now and the number continuing to rise, attackers are weaponizing identity, viewing it as a stealthy means of access to overprivileged accounts. In the next year, I expect we’ll see more “doppelgänger” users popping up in enterprise environments, with users behaving a certain way one day and another way the next — this abnormal behavior should be enterprises’ sign of compromise. Attackers are assuming legitimate users’ digital identities unbeknownst to them, with this trend only exacerbating in 2024. Security and password hygiene have never been more important.

Get ready for the AI version of Morris Worm (John Dwyer, Head of Research, IBM X-Force)

The Morris worm is widely believed to be the first cyberattack ever reported back in 1988. I think in the relatively near term we’ll see a “Morris Worm-like” event where AI is confirmed being used to scale a malicious campaign. With AI platforms starting to become generally available to businesses, adversaries will begin testing the nascent AI attack surface, with activity increasing as AI adoption begins to scale. While we’re still far out from the day when AI-engineered cyberattacks become the norm, these things don’t happen overnight — but the “premiere” is likely around the corner.

Amid midlife crisis, ransomware is heading for a makeover (John Dwyer, Head of Research, IBM X-Force)

Ransomware may be facing a recession in 2024 as more countries pledge not to pay the ransom and increasingly fewer enterprises succumb to the pressure of encrypted systems — choosing to divert funds to rebuilding systems versus decrypting systems. Ransomware operators are starting to face a cash flow problem, making it challenging to keep up with their resource-intensive campaigns.

While we anticipate a bigger pivot to high-pressure data extortion attacks, ransomware isn’t going anywhere, as we expect it to shift focus to a consumer or small business target base where threat actors’ leverage remains strong. But considering that ransom demands against small and medium-sized businesses are likely to be less than enterprise victims, it’s clear that ransomware is heading for a makeover.

Generative AI adoption will force CISOs to focus on critical data (Akiba Saeedi, Vice President, Data Security, IBM Security)

With enterprises beginning to embed GenAI into their infrastructure, they’re dealing with new risks introduced by centralizing various types of data into AI models, various stakeholders accessing those models and data they’re ingesting, as well as the actual inference and live use of the model. This risk will drive CISOs to redefine what data can introduce an existential threat to the organization if compromised (e.g., fundamental IP) and reassess the security and access controls surrounding it.

Data security, protection and privacy measures are the linchpin to the success of an AI-driven business model. But with data becoming more dynamic and active across the environment, the discovery, classification and prioritization of critical data will be a top action for security leaders in 2024.

GenAI will level up the role of security analysts (Chris Meenan, Vice President, Product Management, IBM Security)

Companies have been using AI and machine learning to improve the efficacy of security technologies for years, and the introduction of generative AI will be aimed squarely at maximizing the human element of security. In this coming year, GenAI will begin to take on certain tedious, administrative tasks on behalf of security teams — but beyond this, it will also enable less experienced team members to take on more challenging, higher-level tasks.

For example, we’ll see GenAI being used to translate technical content, such as machine-generated log data or analysis output, into simplified language that is more understandable and actionable for novice users. By embedding this type of GenAI into existing workflows, it will not only free up security analysts’ time in their current roles but enable them to take on more challenging work — alleviating some of the pressure that has been created by the current security workforce and skills challenges.

From threat prevention to prediction — cybersecurity nears a historic milestone (Sridhar Muppidi, CTO, IBM Security)

As AI crosses a new threshold, security predictions at scale are becoming more tangible. Although early security use cases of generative AI focus on the front end, improving security analysts’ productivity, I don’t think we’re far from seeing generative AI deliver a transformative impact on the back end to completely reimagine threat detection and response into threat prediction and protection. The technology is there, and the innovations have matured. The cybersecurity industry will soon reach a historic milestone: achieving prediction at scale.

A new approach to security’s “identity crisis” (Wes Gyure, Director, Identity and Access Management, IBM Security)

As organizations continue expanding their cloud services and applications, each one brings its own disparate identity capabilities — creating a web of disconnected identity profiles and capabilities across cloud, on-premise systems and applications. In the past, organizations hoped to consolidate these identities via a single identity solution or platform, but in today’s reality, organizations are coming to terms with the fact that this approach is neither practical nor feasible.

In the coming year, organizations will move to embrace an “identity fabric” approach which aims to integrate and enhance existing identity solutions rather than replace them. The goal is to create a less complex environment where consistent security authentication flows and visibility can be enforced.

“Harvest now, decrypt later” attacks to become more common with quantum advancements (Ray Harishankar, IBM Fellow, IBM Quantum Safe)

Quantum system performance continues to scale closer to the point of being cryptographically relevant, with studies conducted by World Economic Forum, National Security memorandums and timelines published by CNSA suggesting quantum computers could have the ability to break the most widely used security protocols in the world by as early as the 2030s. And right now, classical systems are still vulnerable to “harvest now, decrypt later” attacks — where bad actors steal and store data for later decryption on the chance of accessing such future quantum computers. With quantum computing advancing rapidly, we believe these attacks will become more common over the next several years.

Recognizing these risks, the U.S. National Institute of Standards and Technology (NIST) has already begun the process of developing new quantum-safe cryptography standards and is expected to publish its first official standards in early 2024. In anticipation of this, organizations should start the process today of identifying cryptography used in their environments to prepare for the transition to quantum-safe cryptography to ensure their data and systems remain protected from threats posed by quantum decryption. With bad actors already carrying out “harvest now, decrypt later” attacks, and some estimates showing this transition could take as long as 15 years, the earlier organizations start, the better.

2023 was an unpredictable year, and 2024 will certainly hold many more surprises. But with proper planning and agile cybersecurity strategies, your organization can meet those challenges as they come.

Explore the cybersecurity predictions from 2023 and 2022.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today