As we approach the conclusion of 2023, Deloitte's Cyber and Strategic Risk Practices have offered a glimpse into what could be on the horizon in the coming year. Their predictions span a wide range of critical areas, from the escalating scrutiny of connected device security and the rising tide of large-scale cyberattacks, to the growing prominence of AI in malicious activities and the evolving landscape of customer privacy in the advertising realm. Additionally, Deloitte experts shed light on the substantial impact of new SEC guidelines on public companies, as well as the coming of age of post-quantum cryptography (PQC). These insights provide a comprehensive view of the cybersecurity challenges and opportunities that await in 2024, serving as a roadmap for organizations seeking to navigate the ever-evolving cyber landscape.
Connected device security to see more regulatory scrutiny, AI use and large-scale attacks in 2024 – “In 2023, product security professionals saw stronger cyber regulations in some sectors—like medical devices, as well as spiking leadership interest in secure use of generative AI alongside connected devices. Looking ahead to 2024, I expect increased regulatory attention to connected product cybersecurity and the need for product security teams to quickly build and evolve their AI cyber capabilities. I also expect that connected devices will become a bigger target for cyber adversaries looking to cause incidents that affect product users en masse in 2024, as unpatched devices and emerging technologies can lead to vulnerabilities that are exploited if unaddressed,” says Veronica Lim, Deloitte’s US Product Security leader
Attacks targeting wireless connectivity and edge technologies to rise – “In 2023, as wireless connectivity and edge technologies gained increased adoption – especially in the areas of autonomous vehicles, asset tracking, energy management, and in-hospital patient monitoring -- the number and complexity of cyberattacks rose as well. In 2024, I expect adversaries to target wireless connectivity and edge technologies more aggressively via multi-vector attacks that combine techniques to identify and exploit security weaknesses. As a result, securing the edge is likely high on most CISOs’ 2024 agendas,” says Ally Adnan, Deloitte’s US Cyber Advanced Connectivity leader
Barriers to AI use by adversaries will disappear – “In 2023, we saw threat actors’ use of generative AI and AI tools advance considerably in everything from phishing email personalization improvements to existing malware iterating to increase effectiveness. As the barrier to AI use by adversaries falls, security organizations and CISOs may be challenged in 2024 to keep pace with an influx of AI-enabled bad actors unless they focus on frequently updating their own AI-based security solution deployments, employee training and education related to AI-driven security threats, and cybersecurity community collaboration to share information on new AI attack techniques as they evolve,” says Clare Mohr, Deloitte’s US Cyber Intelligence lead
Customer privacy will take center stage in advertising – “As digital platforms change, organizations will evolve their digital strategies to embrace customer data privacy more deeply. Brands advancing strategies that leverage cyber-aware, privacy-enhancing approaches will net competitive differentiation and nurture trustworthy engagements with their target audiences through more durable marketing tactics. In 2024, I expect the AdTech industry to continue to be disrupted by interactions that both help earn goodwill for brands and enhance privacy for customers,” Tanneasha Gordon, Deloitte’s US Data & Privacy Cyber leader specializing in digital trust
The sprint to comply with SEC cyber rules will fill 2024 for public companies and their ecosystems – “In July 2023, the SEC issued new cyber rules mandating that large, public companies disclose more about their cybersecurity programs via their annual reports – or 10-K filings – and more about material cyber events via 8-Ks. Due to the high interconnectivity across the global business world, I expect that in 2024 C-suite executives and boards will increasingly prioritize strengthening cybersecurity capabilities whether their organizations are public or not. As cyber is an evolving business risk with heightened regulatory expectations, it should remain high on boards’, CISOs’ and other leaders’ agendas in the New Year and beyond,” says Naj Adib, a Deloitte US cybersecurity leader
Post quantum cryptography (PQC) will come of age – “Drafts of PQC standards have recently been released and with that, in 2024, I expect that we will see a new group of organizations begin to take steps towards quantum readiness – starting with assessments of their cryptographic exposure - while those who have already commenced that journey will add further to their cryptographic agility plans. In addition, the continued expansion in the number and capabilities of PQC vendors will help organizations’ programs to improve by offering a greater ability to upgrade cryptographic algorithms across vast, heterogeneous environments,” says Colin Soutar, Deloitte US Cyber Quantum Readiness leader