This post is part of our 2024 predictions series. Cybersecurity predictions provide valuable insights into emerging threats, enabling organizations to proactively enhance their defenses and protect against potential vulnerabilities, ultimately safeguarding sensitive data and maintaining business continuity. A Cyber Leader's Predictions - Nadir Izrael, CTO/Co-Founder, Armis
“One of the biggest cybersecurity concerns in 2024 will be the use of AI-powered cybersecurity attacks. AI can be used to develop new and more sophisticated malware, phishing attacks, and denial-of-service attacks. It can also be used to automate the process of carrying out cyberattacks. This means that attackers will be able to launch more attacks with less effort and motivation to get there fast. This kind of technology lowers the bar on adoption as you don’t need a lot of know-how so the industry is really going to have to step up and get active about how to combat this risk.
The use of AI in cybersecurity will have a profound impact on jobs. Some jobs will be replaced by AI, others will be transformed. It will affect us all over the next decade.
AI will be able to automate many of the tasks that are currently performed by cybersecurity analysts. This will free up cybersecurity analysts to focus on more strategic tasks, such as developing new security strategies and responding to major security incidents.
However, AI will also create new jobs in cybersecurity. For example, there will be a need for people to develop, train, and maintain AI-powered cybersecurity solutions. There will also be a need for people to analyze the data generated by AI-powered cybersecurity solutions and to identify new threats. We can’t possibly predict what it will look like but cyberwarfare and cybersecurity will take up more space in our daily lives than at any point in history.”
“In 2024, we can expect to see AI play an even greater role in cyberwarfare.
AI-powered malware: AI is being used to develop new types of malware that are more difficult to detect and remove. For example, AI-powered malware can be used to create custom malware that is tailored to a specific target or to evade traditional detection methods.
Automated attacks: AI is being used to automate cyberwarfare attacks, making them more efficient and effective. For example, AI can be used to automate the process of identifying and exploiting vulnerabilities in target systems.
Targeted attacks: AI is being used to target cyberwarfare attacks more precisely, increasing the damage they can cause. For example, AI can be used to identify and target individuals within an organization who have access to sensitive data or who play a key role in the organization's operations.
Defense against cyberwarfare attacks: AI is also being used to develop new methods of defense against cyberwarfare attacks. For example, AI can be used to develop new intrusion detection systems that can identify and block malicious activity before it causes damage.”
A CISO’s 2024 Predictions - Curtis Simpson, CISO, Armis
GenAI will prove preexisting security awareness training antiquated in 2024; organizations will modernize their programs to address these new, more sophisticated threats.
With the consumption of GenAI at scale within the bad actor community, the value of traditional security awareness training will decline rapidly. Companies will modernize security awareness programs to include continuous user-focused controls with a greater ability to identify and defend against today’s modern social engineering attacks alongside real-time user guidance to prevent users from accidentally falling victim to such attacks in the blink of an eye.
Material cyber attacks involving the use of deepfake voice and/or video content will be a reality in 2024.
Considering how easy the underlying tools can now be used, material attacks involving the use of deepfake voice and/or video content will be a reality in 2024. As of today, bad actors can already masquerade as anyone with a reasonable amount of voice and/or video content online. As a result, we will see attackers masquerading as CFOs, CEOs, VIPs, etc. to steal funds from enterprises with little to no friction. We will also see bad actors convincing information stewards ranging from executives to doctors to share sensitive information regarding people, past (confidential details) and upcoming events, and other information available to only those with need-to-know. In general, we will see deepfakes strategically used by attackers to steal funds and information. Leaks and losses will be newsworthy.
New CISO talent will emerge and have a long-term positive impact on individual organizations and the wider cybersecurity industry.
CISO burnout combined with the growing number of material attacks being experienced by enterprises and operations will lead to another record year in CISOs transitioning from their traditional roles. This will include retirements, moves to vendors, consulting firms, VCs and PEs, and transitions to boards and advisory roles in general. As a result, many Deputy CISOs in title or execution will be given the opportunity to take CISO roles at their current or even more desired company destinations. The impact will be positive to the industry overall. A large number of experienced resources will be moving into industry shaping roles as a result, which will have a long-term positive impact on aligning technology to business value. This will also introduce new talent and voices to leadership roles with the ability and desire to disrupt legacy approaches that are no longer business aligned or truly effective.
Overall, it’s safe to say that 2024 will continue to prove the need to strike a balance between innovation and security. As security and IT pros prepare for the year ahead, it’s critical that they prioritize the ability to see, protect and manage their entire attack surface to continuously safeguard their mission-critical assets from cyber threats.