Generative AI, Quantum Security and Presidential Campaigns: Cybersecurity in 2024

Cybersecurity is a rising concern for small and large businesses alike as technologies such as AI and large language models are increasing the sophistication and proliferation of attacks.

IoT World Today collected cybersecurity predictions from companies across industries, looking into how they expect the industry to change in the coming year, what technologies are set to emerge and how businesses can adapt to meet the changing landscape.

From the increased use of Generative AI, the deployment of quantum technologies for enhanced security, and major events such as the Summer Olympics, the presidential election and the Paralympics set to see a rise in email attacks, here are some of the major trends anticipated for 2024.

Andrew Whaley, senior technical director, Promon

“Current attack vectors targeting individuals and businesses for profit are, unsurprisingly, expected to continue. Geopolitical tensions may also escalate hostile nation-state activities, posing risks like espionage, mass data collection and infrastructure attacks – infrastructure supply chain businesses are particularly vulnerable. 

“The emergence of advanced AI-assisted attacks, including deep fakes for social engineering and bypassing ID controls, can also be anticipated. This raises the threat of AI being exploited for disinformation campaigns, with potentially major consequences for the upcoming U.S. election.” 

Related:Generative AI, Cost-of-Living Crisis Among Top Telco Risks for 2024

“Large language models have come a remarkable way over the past year and with this so have bad actors’ reverse engineering capabilities. This poses two main threats: 

1. Reverse engineering is now far easier, providing fledgling hackers with the capabilities typically associated with specialists. 

2. The reduced effectiveness of traditional protection methods against automated deobfuscation attacks. 

“This increases software vulnerability to malicious exploitation and will lead to an expected rise in incidents, including high-value attacks. Examples include mass attacks against mobile banking apps, remote mobile OS takeover and malware targeting smart devices.”

“Organizations must transition to quantum-secure standards, replacing RSA and EC-based cryptography, for future security.”

Eoin Hinchy, CEO, Tines

“For all the fear, uncertainty and doubt about an AI arms race between attackers and defenders in cybersecurity, AI is proving to be far more of an asset for security teams than hackers. 

“The powerful technology is tailor-made for solving security team’s most pressing challenges: too much data, too many tedious tasks and not enough time, budget, or people. AI is democratizing cyber defense by quickly summarizing vast swaths of data, normalizing query languages across different tools and removing the need for security practitioners to be coding experts.” 

“In 2024, we’ll see AI’s impact in automation as defenders use AI to make incident response more efficient. AI is a once-in-a-decade leap forward and it’s carrying cyber defenders farther than hackers.”

“Generative AI and LLMs are obliterating barriers to entry like no-code tools once did for the need to know how to code and no-code will be the next barrier to fall. Next year, we will see more and more AI chat functions replace no-code interfaces. We can expect non-technical teams throughout organizations embracing automation in ways they never thought possible. Natural language is the future on the frontline.” 

John Bennett, CEO, Dashlane 

“Amid high-profile cyberattacks targeting big companies in 2023 – think MGM and Okta – there’s one higher-risk segment that’s often overlooked: small- and medium-size businesses (SMBs).”

“SMBs are an appealing target for attackers looking for an easy payoff, as they tend to lack the necessary tools, resources and expertise to protect themselves commonly found within larger organizations. The consequences are also more dire. Corporations like MGM can survive a ransomware attack –the mom-and-pop shop or locally-owned car dealership chain often cannot.”

“In 2024, the uncertain macro environment will force SMBs to continue to tighten their budgets, with security continuing to fall by the wayside. I know this is a bleak outlook, but it highlights the continued importance of getting the security basics right: company-wide password management and multi-factor authentication (MFA), keeping systems updated and employee education.”

“Next year, as SMBs continue to become a priority target for attackers, they’ll recognize the need to improve their security posture and will start turning their cybersecurity ambitions into action.” 

Mihoko Matsubara, chief cybersecurity strategist, NTT 

“AI promises to impact both cybercriminal behavior and cybersecurity strategies in 2024. Malicious actors will use AI to continue to accelerate malware and exploit development and for passive reconnaissance work to identify targets, software and weaknesses.” 

“However, AI will also impact cybersecurity strategies and technologies by enhancing detection and analysis capabilities, improving the response to disinformation, phishing, malware and anomalous behavior.”

“Cyber criminals and state actors are already taking advantage of generative AI to create phishing campaigns, write malicious code or identify vulnerable systems to exploit, However, AI capabilities are not only being used for nefarious purposes. Cybersecurity professionals have also found generative AI helpful to automate some tasks, data analysis and vulnerability research.”

Dick O’Brien, principal intelligence analyst, Symantec Threat Hunter Team

“2024 will be a big year in the political climate, including the U.S. election, the Summer Olympics and the Paralympics, which will increase email scams.”

“Specifically, I expect a strong continuation of social engineering-based attacks that become easier to automate with some of the generative AI capabilities available to many attackers. The main target for these email scams will be credentials.”

“Ransomware remains one of the most serious threats facing any organization. The ransomware business model has been refined over the past decade and, while the actors may change, the tactics are well established.

“While the use (or abuse) of legitimate software is less likely to be detected than malware, there is still a risk that this anomalous activity may be uncovered. The next tactical innovation is likely to involve attackers abandoning toolsets and instead attempting “tool-free” attacks, obtaining legitimate access to a network and abusing the trust accorded to authenticated users.

David Beabout, chief information security officer, NTT

“2024 will bring with it presidential campaigns in Taiwan and the United States. As a result, malicious actors will increasingly use generative AI to spread disinformation. This continues a concerning trend seen in recent elections, with bots and bot farms contributing to divisiveness and the dissemination of intentionally misleading or entirely false content, including quotes and memes.” 

“Implementing essential cybersecurity measures for systems and ensuring physical security of voting machines, for example, remains critical.”

“While the security of voting machines has improved, it remains a concern among voters. The ability to validate and log results manually to address questionable issues will become increasingly important in the United States. This shift toward resiliency and result validation is expected to gain more prominence in 2024.”