5 cybersecurity trends expected to shake up 2024
Google Cloud expects cyber rates to moderate, while other cyber experts anticipate further tightening of policy terms.
In the coming year, the cybersecurity sector will contend with artificial intelligence being deployed more often to commit as well as thwart cybercrimes, while phishing techniques will continue to evolve and mobile devices become bigger targets, according to year-end predictions from cybersecurity experts.
During 2024, Google Cloud anticipates that cyber insurance premiums will hold steady as the market further softens after years of rising rates and growing policy restrictions.
According to the tech giant, more insurers are eager to grow their cyber books of business, further escalating competition in the cyber market and relieving pricing pressures.
In the coming year, cybersecurity vendor Netwrix Corp. anticipates cyber insurance requirements to become tighter. Requirements such as multifactor authentication, patch management and regular security training will be joined by new requirements like identity and access management.
Additionally, insurers are expected to partner with management service providers to ensure some cybersecurity steps are being taken by oft-targeted small- and medium-sized businesses, Netwrix reported.
The following are five additional trends that Netwrix and Google Cloud highlighted in recent reports:
1. AI will make attacks easier to conduct and stop
Sources across the insurance and cybersecurity ecosystems are in agreement that AI will play a massive role in how cyberattacks are conducted moving forward.
AI tools will give hackers the ability to quickly locate personal details to tailor convincing phishing emails, Netwrix noted. Artificial intelligence will also allow hackers to more easily search databases of stolen credentials to use in password-based attacks.
“Criminals will be taking advantage of AI and machine learning — but so should the security community,” Ilia Sotnikov, a security strategist for Netwrix, said in a release. “These technologies can help quickly connect the dots across multiple data sets, giving them the broader context required to spot even sophisticated cyberattacks in their early stages.”
2. Growth of mobile cybercrime
Cybercriminals will increasingly target mobile devices, Google Cloud reported. These attacks could leverage social engineering tactics, such as messages from fake social media accounts or help services, in an effort to trick users into installing malicious software on their devices.
3. Phishing will get harder to spot
Google Cloud anticipates cyber crooks to target ticketing systems and merchandise during the 2024 Summer Olympics in Paris. Phishing campaigns asking users for financial information or credentials are expected to surge.
According to Netwrix, phishing is going to become harder to spot in the new year, while more non-English speaking countries will be targeted. AI is expected to be leveraged by cybercriminals to improve phishing techniques and messaging.
4. Security fatigue sets in
While cybersecurity training and tools are vital components to protecting systems, Netwrix warns that inundating employees with cybersecurity information can backfire. The potential result is security exhaustion, which can lead to errors and negligence.
To prevent security fatigue, Netwrix recommends adopting strategies such as a zero trust model, which requires verification from all users to access network resources.
5. Hackers will increasingly steal encrypted data
Enterprising hackers are looking toward the potential of quantum computing to unlock encrypted data, Netwrix reported. In preparation for those days, cybercriminals are expected to start harvesting encrypted data in hopes that they might soon be able to decrypt it.
Organizations with large caches of personal data, such as financial service providers, insurance companies and legal firms, will become top targets. Corporate intellectual property will also be targeted more frequently.
Instead of relying too heavily on encryption, Netwrix reported that these companies should build out a multilayered approach that includes data classification, risk assessment and mitigation, and incident detection and response.
Netwrix cautions that data harvesting can easily go unnoticed if there is no immediate ransom demand. This makes monitoring activity around sensitive data, including encrypted data, a critical piece of a top-flight cybersecurity plan.
Related: