The past year has turned into an arms race in cybersecurity. From the increased usage of attacks for military purposes to the skyrocketing prices of data ransoms, the monetary and convenience prices we all pay for cyberattacks continue to grow. Will it continue in 2024? Here are my cybersecurity predictions for the upcoming year
Continued Weaponization of Cyberattacks
The outgoing year has shown that cyberattacks are turning from criminal activity into another military weapon. Since the beginning of the Russian invasion of Ukraine, both parties have utilized cyberattacks as weapons. Ukraine has attacked Russia’s supply lines, while Russia attacked both governmental and civilian infrastructures in Ukraine.
Yet, another conflict has shown to be even more predictive. In the wake of Hamas’s attack on Israel, Iran has started to attack Israel-made tech products around the world. Thus, a third-party government is utilizing cyberattacks to disrupt lives and the economy around the globe while hiding behind a thin veil of deniability.
Given the coverage the cyberattacks have caused and the imbalance of conventional forces between Western democracies and the rest of the world, these types of attacks will become the norm of warfare.
The Cybersecurity Regulations
Undoubtedly, 2023 has been a year full of government actions, requests for comments, and debates. Yet, most regulations, like the SEC filling requirements, only went into force in the fourth quarter.
We can expect additional regulation with the debate about further regulation in the US, EU, and worldwide. Consequently, companies should be ready to adopt new cybersecurity strategies and procedures to match the rules. Likewise, boards and councils should be aware of new filing requirements that these might entail.
Apart from filling requirements, companies should be on the lookout for new ransomware rules. A growing chorus is asking for it to be outlawed or crypto trading to be restricted.
Talent Crunch in Cybersecurity
The talent crunch in cybersecurity will remain with us in the new year. While some non-traditional training methods for cybersecurity have yielded excellent results, they haven’t had much impact on the overall state of the field.
Additionally, many of these programs rely on the apprenticeship rules. Biden is currently reworking the rules. The length of the proposed rulemaking and the inherent complexity of the 776 pages might stop many programs.
Cost of Cyberdefenses
Ransom payments, phishing swipes, and data exfiltration prices have increased significantly over the past few years. Yet, the MGM case has shown that ransomware payments and the costs of fighting the attackers are getting close. The more we reach this territory, the more companies will fight back and take protective measures.
Consequently, 2024 might show a return to higher and more regular expenditures. Vis-a-Vis, we will see fewer payments for ransoms.
Given that inflation is tempering off, the costs for protective measures should likewise flatten off. However, the decrease in spending in 2023 likely will prevent any cost decreases.
Increased AI usage for phishing E-Mails will mean new technologies and training are needed. Thus, increased costs in other areas will offset any savings from AI and automation.
AI in Cybersecurity
Not only will costs be changed by AI, but it will also touch many repetitive tasks and automate them. After all, AI is great at spotting and replaying patterns. Consequently, many cybersecurity professionals will change their focus on either adapting the tools to the company’s specific needs or dealing with tasks that are too complex for AI. The increased usage will require people to learn about the new technologies, their usage patterns, and applications.
While learning and excitement will peak in 2024, so will the disillusion. With most cybersecurity attacks involving a human, no amount of AI or technology will ever get us to behave entirely rationally and predictably.
Old and New
While the new year will bring many new challenges, many things will be more of an evolution. We have already seen the first changes in ransomware, the first leading corporations to fight back, and the first AI tools to come into cybersecurity. The new year will accelerate the trends.
Yet, with the increase in technological change, an intensifying talent crunch, and the weaponization of cyberattacks, none of us will be bored with what is yet to come. Happy New Year!