top of page

Ransomware, Regulatory Shifts, and AI - Cybersecurity Trends for 2024

1 Ransomware will continue to dominate


In 2024 ransomware groups are set to advance in sophistication, refining both their attack methodologies and selection of targets. The recent MOVEit incident serves as a testament, illustrating the evolving tactics of groups like Clop. Notably, these threat actors now strategically target third-party tools and exploit vulnerabilities in software providers, streamlining the compromise of multiple targets concurrently.


Adding complexity is the geographical diversification of these cybercriminal entities. Departing from the historical dominance of Eastern European or Russian affiliations, groups like Scattered Spider and LAPSUS$ now include members from the United States, the United Kingdom, and South America. This shift not only broadens their operational horizons but also amplifies the efficacy of social engineering tactics, thanks to a nuanced understanding of Western societal norms.


2 AI and Generative AI


A transformative wave is sweeping through the cybersecurity landscape, fueled by the escalating influence of artificial intelligence (AI) and generative AI (GenAI). GenAI is a type of artificial intelligence technology that can produce various types of content, including text, imagery, audio and synthetic data.


In the imminent future, a paradigm shift is anticipated in offensive security strategies as AI and GenAI become more accessible at a lower cost. This evolution is poised to manifest in an upsurge of cloud-based attacks facilitated by GenAI, reshaping risk landscapes.


Looking into the repercussions, it becomes apparent that malicious actors are gearing up to elevate their game in manipulating users through social engineering. GenAI empowers these bad actors to execute more intelligent and personalised phishing campaigns, exploiting unwitting victims. Concurrently, the rapid advancement of deepfake technology adds an additional layer of complexity, making it increasingly challenging to discern the authenticity of digital content.


The silver lining lies in the fact that the same AI tools available to potential attackers can be wielded by defenders, automating cybersecurity activities for better risk analysis, threat detection, and response efficiency.


3 Regulatory Reshaping


A significant force shaping the future is the evolving landscape of compliance and regulations.

In 2023, key developments, such as the introduction of cybersecurity and AI executive orders by the White House and the Security and Exchange Commission's disclosure rules, laid the groundwork for a new era in cybersecurity governance.


The effects of these regulations, becoming enforceable at the end of 2023, are anticipated to make security compliance and disclosures a focal point in the cybersecurity domain.


The United States is undergoing a crucial phase of maturity in cybersecurity practices, marked by heightened compliance and regulations. Notably, the SEC now mandates public companies to report cybersecurity incidents within a four-day window. The enforcement actions, exemplified by the SEC charges against SolarWinds for downplaying cybersecurity risks, underscore the escalating emphasis on corporate cybersecurity responsibility.


President Joe Biden's 2023 strategy, emphasizing market-driven security enhancements, is predicted to lead to a more accurate pricing of cyber risks. This shift is expected to elevate liabilities and increase compliance demands, particularly within the software industry.

Looking ahead, these regulatory changes are anticipated to reverberate into the role of Chief Information Security Officers (CISOs) in 2024.


The SEC's decisions suggest a transformation in the CISO's role, with cybersecurity issues expected to escalate to boardroom discussions. CISOs are likely to advocate for a collective acceptance of risk across the entire organization, leading to increased demands for budget, headcount, tooling, and a more influential voice in the C-suite.

Comments


bottom of page