Authors: Morey J. Haber, Chief Security Officer, Christopher Hills, Chief Security Strategist, and James Maude, Director of Research
As we turn the final corner of 2023, it’s time to examine the cybersecurity trends that have taken shape over the course of the year and start planning for those upon the horizon. For this edition of our annual cybersecurity trend predictions, we’re sharing our top prognostications for 2024, as well as a glimpse into the key emergent trends we foresee taking hold over the next five years.
But first, let’s take a brief moment to consider where we currently reside. Artificial Intelligence (AI) really arrived in full force in 2023. In particular, Generative AI made a disruptive debut splash into the mainstream consciousness as ChatGPT took the world (and workplace) by storm. The widespread acceptance of AI in various aspects of business operations, from coding to accounting, promises numerous benefits for workplace productivity—but it also changes the game when it comes to cyberthreats.
Read on to learn about the developments we predict will impact the cybersecurity landscape in 2024 and beyond. This year's predictions may read like an "AI edition"—but don’t worry, the writers are still all human (we think).
Cybersecurity trends for 2024
1. The Evolution of the AI Threat
We can expect to see the emergence of AI continue through 2024, but we should also expect to see the evolution of the AI threat unfold in three rapid stages:
Part I – AI Threat Actors Take the Stage
Human threat actors will be increasingly augmented with AI capabilities. These capabilities will act as a force multiplier, rapidly extending the reach and technical capabilities attackers can wield.
We have already witnessed the leveraging of AI capabilities to generate ransomware and malware, but we have yet to be fully tested by it as a business cyber threat. Generative AI (think technologies like ChatGPT) has already paved the way for what is next to come: Weak AI (also called Narrow AI), which focuses on specific narrow tasks. Weak AI will thrive in 2024, providing an edge for threat actors in specific areas, such as discovering vulnerabilities and evading detection.
We also expect to see significant growth from Strong AI, which offers a much broader and more human-like intelligence. Strong AI is also known as Artificial General Intelligence (AGI) or Artificial Super Intelligence (ASI). It could lead to the emergence of computer-based threat actors that are able to autonomously conduct end-to-end cyberattacks.
Strong AI will also allow a single threat actor to act as a large group. This will supplant the technical skills once provided by other humans, while, at same time, giving the attacker a competitive advantage in speed and scale to capitalize on the black market against legacy, human-only threat actors.
Part II – New AI Threat Vectors Emerge
AI will continue to enhance existing attack vectors, like phishing, vishing, and smishing. It will also create new attack vectors that are crafted based on the quality of results of generative AI itself.
Generative AI will be as disruptive to the world as the dot com (.com) era was in the early 2000’s. Some will argue that AI will be as revolutionary as the Internet itself.
Threat actors have always found a way to leverage new technology for malicious behavior. Some early indicators for this potential have already materialized in the form of fake news articles from leading periodicals, faux legal cases, and fake correspondence and announcements from recognized organizations. These will materialize in the form of videos, vocals, advertisements, and even fake history or faux product announcements that will challenge our ability to determine what is real and what is a scam.
Part III – AI Code Assistants Introduce Further Vulnerability
The increased adoption of AI assistants will, perhaps counterintuitively, introduce more errors in software development. Namely, writing security vulnerabilities into the source code.
Researchers from Stanford published study findings showing that developers using AI assistants to write code are more likely to introduce security vulnerabilities than those who don’t rely on AI assistants.
As developers continue to adopt tools designed to make their lives easier and increase their productivity, we will see source code being sent to cloud services that may be unsecure, and this will result in source code risks. Increased use of these tools will also start to introduce unintentional, AI-generated vulnerabilities and misconfigurations into software products.
Generative AI models being trained on online code examples that contain mistakes will cause machine error rather than human error to be the cause of software vulnerabilities.
2. Dedicated Applications Start the Course Toward Extinction
Generative AI will make obsolete the dedicated applications and icons we love, beginning in 2024.
There is a potential for collaboration to occur when we shed our mobile device applications and marketplace stores in favor of AI. Generative AI has already proven it can build full travel itineraries, tell the status of factual data based on trusted connectivity, and display information dynamically based on verbal or written requests.
With such flexibility and power, dedicated applications for banking, travel, and information retrieval may become obsolete, if trusted connections could be established using concepts like zero trust. Questions like ‘what is my bank statement’, ‘please book my trip’, or ‘please retrieve the last 10 sales for my company’ could all become reality. In fact, the applications themselves could become connectors that build trust to a common interface that provides the results, just like a browser.
This is the future of generative AI. Everything we need will be a voice command away using a standard interface. This may force the need for larger mobile device screens to become obsolete because the concept of complex user interfaces for detailed applications will become results-driven and function-specific.
3. Down with VOIP and POTS—UCS is the Future
2024 will usher in the final death knell for POTS (Plain Old Telephone System), long distance phone bills, and desktop phones—and dedicated VOIP won’t be far behind.
The death of POTS is no surprise to any of us. Twenty years ago, we anticipated its decline. Today, few POTS systems have avoided replacement with VOIP (Voice Over Internet Protocol)—physical smart phones connected to TCP/IP using various technologies to transmit phone calls.
Early VOIP systems had complex gateway technology to communicate on-premises VOIP implementations to POTS on the outside world. Then the cloud stepped in. If your organization had a big enough pipe (Internet bandwidth) to support data, streaming, and voice phone calls based on quality-of-service settings, VOIP could be managed from the cloud.
Today, that is all changing to Unified Communication Services (UCS) and applications. Microsoft Teams, Zoom, Ring Central, etc. have taken communications to the next level and made phone calls with dedicated phones nearly obsolete. We can answer phone calls on our computers, using applications on our smartphones, and we’ve nearly obliterated the need for dedicated VOIP and POTS. In fact, it is only a matter of time before phone numbers become a moot point too and are fully obfuscated by email addresses and aliases.
And finally, with communications no longer relying on a dedicated analog system, expect vulnerabilities, hacks, and exploits to breach what was once considered a secure medium for communications.
4. Subscription Overload: There’s a Subscription for That
Expect even simple items to have subscriptions—from the right to use your printer remotely all the way through to smart home technology and the social media accounts we’ve been taking for granted.
As a child, we remember hearing the expression, “if you like something, and can afford it, you can buy it.” When credit cards became readily available to everyone in the 1980s, millions of people learned how to purchase products and services on credit. While credit changed the boundaries of affordability, all these purchases were perpetual. You bought it, and you owned it.
In 2024, electronic payments will continue to replace cash, but instead of buying and owning things outright, we will increasingly license them via a subscription. If you want the built-in car dashcam to work, if you want to receive the latest version of an application, or if you want delivery services at no additional cost, they will be subscription-based. In fact, more and more of the items we purchased in the past will become available / usable only via a subscription.
One consideration here is that any gaps in subscription licensing or termination of an agreement can lead to data loss (during the gap) or archival of information that could be subject to a later data breach. Requesting data deletion from the intentional termination of a subscription may be a user’s best recourse to combat the digital information stored during your term.
5. Juice Jackers Exploit the Standardization of USB-C
2024 will be the year for USB-C everywhere, the replacement of USB-A, and no more flipping the connector over and over again to find the proper key for a connection.
Everything from mobile phones through computers will switch to USB-C following new regional laws and the potential for high-speed recharging and data transfers. Over the course of the year, we can expect to see those old, rectangular, one-way USB-A connectors slowly removed from everything, from airplanes to alarm clocks.
Having one standard USB connector everywhere will ensure compatibility, bring us closer to using the same power connector worldwide, and eliminate tons of e-waste from proprietary connectors. From a threat angle, you can also expect an increase in juice jacking and other attack vectors related to physical connections. With only one connection type for threat actors to target, the bar has been significantly lowered.
6. Exploit Mapping for Ransomware
Expect to see the attack focus shift from data for extortion to exploitable data for sale. Bad actors will focus more on selling exploit and vulnerability information about a business rather than performing the ransom themselves.
Over this past year, we have already seen the purpose of an attack evolve from personally identifiable information (PII) and protected health information (PHI) to spyware, malware, and ransomware. We have even seen where ransomware attacks have leveraged exfiltrated data for extortion.
In 2024, we can expect to see a further shift in the attack purpose to vulnerability identifiable information (VII) and exploit identifiable information (EII), once it becomes coupled with AI. Instead of getting their hands dirty (and risking detection) by injecting malware and holding businesses hostage for ransomware payment, we will see threat actors start leveraging the threat to sell exploitable data, such as enterprise vulnerabilities, exploits, identities, privileges, and hygiene.
This newly purposed attacker will target data that can lead someone to a compromise or that can breach an organization. Similar to an auditor reviewing your security practices and telling you what you need to remediate, threat actors will build a list of how you can be attacked and leverage that information as a part of ransom with a persistent presence to prove their intent.
7. The Standardization of Cyber Insurance
Cyber insurance will become more standardized across providers rather than individual brokers having their own requirements or checklists.
Cyber insurance has continued to mature over the last three years. As technologies and risks continue to rapidly diversify and evolve with AI, global conflict, and 5G connectivity (to name just a few), cyber insurers have responded by adopting new, specific categories. For instance, “Acts of War” have now been adopted widely across insurance policies and carriers.
Unfortunately, various cyber insurance carriers weigh risk differently. But threat actors don’t care if you’re a mom-and-pop shop or a multi-billion-dollar company. They just see opportunity.
In 2024, expect to see more of a core control or framework-based approach to cyber insurance. This evolution will allow providers to standardize against all threats when it comes to reducing risk and liability related to cyber policies.
Cybersecurity Trends Over the Next Five Years
1. The Age of Malware Comes to an End
With cloud and SaaS apps as the new normal, identity compromise will become the go-to technique. Most interactive intrusions will involve compromised identities and native tools rather than software exploits and custom malware.
The days of threat actors finding and exploiting critical zero-day vulnerabilities and using custom-built malware are dwindling. Using malware is noisy and increases the likelihood of being detected by ever smarter detection tools. To evade detection, threat actors will strive to exploit identities and their access, becoming malware-free by using native tools, APIs, and access in living-off-the-land (LotL) type attacks.
This powerful combination of compromised identities and malware-free intrusions will cause real challenges to organizations that are used to hunting for malware and code exploits in their environment to identify attackers. This evolution will accelerate the need for IAM and Security teams to improve collaboration. The end result will be an identity-centric shift focused on discovery of identity risks and attempting to baseline normal activity to detect deviations that might indicate compromise.
2. AI Supply Chains in the Crosshairs
Nation-states will focus on exploiting AI supply chains to introduce weaknesses that can later be leveraged.
For example, AI code assistants can add subtle vulnerabilities into training data and even documentation. This effect can be achieved through direct targeting of AI assistants, or by spreading misinformation online, where it will be consumed by the AI assistant. This could lead to the automatic input of vulnerabilities into the code by tools designed to help improve coding efficiency.
On the flip side, as organizations rely more on AI technologies, they will increasingly send sensitive company data to AI services for review. This data will make the AI infrastructure a highly prized target. This risk will prove difficult to solve. The business will not always have visibility into the AI tools employees are using, especially if the employee is using them to automate their own job, such as performing a grammar check on a piece of sensitive internal documentation.
3. The Comeback Special - Vintage Tech Returns
Expect a “modern vintage” return of nostalgic electronics. In other words, expect new products that provide a vintage experience, but with modern connectivity and components.
Whether it is old clothing, furniture, or vinyl records, we have a natural fondness for antiques, and a desire to re-connect with our past. Most vintage electronics have little practical use. After all, today’s consumers expect built-in support for internet connectivity and other basic functionality that was not even a faint consideration in decades past. With that said, several categories of electronic devices break this mold. Old video games, cameras, and some electronic toys still delight consumers.
In the next five years, expect to see more nostalgic electronics reappear. Many will be near-replicas of their older releases, albeit modernized with support for connectivity and other “must-have” components for today’s audience. Merging this technology could also lead to modern vulnerabilities, glitches, and hacks that represent new attack vectors against vintage technology.
4. Identity Trust Chains Evolve to Take On Modern Threats
Identity verification services will emerge as a mitigation strategy in response to the increase in identity-based threats.
For years, threat actors have spoofed peoples’ identities, and for years, individuals have altered their own identities (i.e. a minor trying to buy alcohol or enter an age-restricted establishment). State and federal governments have responded with enhanced drivers’ licenses that have photos, barcodes, and holograms in support of initiatives to positively affirm a person’s identity (RealID). In fact, some social media websites are now allowing you to upload these forms of identification to prevent identity attack vectors online.
However, what is missing is the universal acceptance of identity verification in an electronic world. Some organizations use email, SMS texting, and other forms of two-step verification to create or verify an identity. These security methods are increasingly failing as threat actors punch holes in them.
What is needed is an identity verification service that can provide a high confidence level for your identity to a third-party solution requesting verification. This is much like a credit reporting service, but fully independent compared to existing government-based initiatives. Expect these types of services to emerge and become the best mitigation strategy for threats like synthetic identities and nation-state threat actors.
5. Evolving AI Sets Moving Target for AI Governance
Expect the AI governance and compliance fields to evolve rapidly over the next five years.
As AI and machine learning (ML)-based technologies expand their footprint across systems, processes, products, and technologies, heightened emphasis will be placed on the responsible regulation of artificial intelligence in the private and public sector, and organizations will increasingly need to comply.
Regulations will focus on how AI is built and used to ensure it abides by ethical and privacy standards. In the early stages, these regulations could vary widely by region. Expect this to be a moving target of laws, regulations, and frameworks that will stretch what AI is allowed to do per region, vertical, and government.
6. The Remote Control Gets Lost… And No One Cares
One of the most commonly spoken utterances across the world’s many languages will soon vanish from our shared lexicon.
“Where’s the Remote?” (and it’s common variations such as, “Honey, where’s the remote?” “Have you seen the remote?” or “Where’s the @#&*! Remote?!”) is a concept we will need to explain to bemused future generations.
The rise of dedicated phone applications, digital personal assistants, and direct voice commands heralds the end of the physical remote control.
One of the simplest forms of electronic waste (e-waste) is handheld remote controls for TVs, stereos, fans, and other smart devices. In the next five years, expect these devices to shed physical remote controls and only allow control via dedicated phone applications, digital personal assistants, and/or direct voice commands. Remote control will be accomplished using the end user’s smart home technology of choice, or by simply pairing with Bluetooth devices (keyboards and mice) to accomplish the same goals.
As the world struggles with e-waste, simple changes like this can eliminate metric tons of proprietary devices when they become end of life. These changes can also open up attack vectors. As more devices become “smart” and connected, and as common, infrared tools that control a wide variety of technologies are replaced by applications using network or Bluetooth technology, more opportunities for threat actors to break into your network emerge.
Be Proactive about Cybersecurity in 2024
We’ve said it many times before, but it’s a piece of security advice that never grows old. No matter the times, preparing for what’s ahead makes all the difference in risk management effectiveness.
Research continuously shows that enterprises with more proactive IT security postures prevent more threats, identify potential security issues faster, suffer fewer breaches, and minimize damage from attacks more effectively than less prepared organizations.
If you’re looking to get proactive about your cybersecurity posture, contacting BeyondTrust is a great place to start.
Cybersecurity Predictions from the BeyondTrust Archives
The BeyondTrust team has a long history of making security predictions. You can check out some of our past forecasts below to assess how we’ve fared!
- Cybersecurity Trend Predictions for 2023 & Beyond: BeyondTrust Edition
- BeyondTrust Cybersecurity Trend Predictions for 2022 & Beyond
- Top Cybersecurity Trends to Watch for 2021: The Hacking of Time, M/L Data Poisoning, Data Privacy Implodes, & More
- BeyondTrust Cybersecurity Predictions for 2020 & Beyond
- BeyondTrust 2019 Security Predictions
- Cybersecurity Predictions for 2018 (+ 5-Year Predictions, Too!)
- 5 Cybersecurity Predictions for 2018
- 10 Cybersecurity Predictions for 2017
- 2017: Looking Forward to a New Year in Cybersecurity
- 2016 Cyber Security Predictions & Wishes
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four books: Privileged Attack Vectors, Asset Attack Vectors, Identity Attack Vectors, and Cloud Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.
Christopher Hills, Chief Security Strategist, BeyondTrust
Christopher L. Hills has more than 20 years’ experience as a Technical Director, Senior Solutions Architect, and Security Engineer operating in highly sensitive environments. Chris is a military veteran of the United States Navy and started with BeyondTrust after his most recent role leading a Privileged Access Management (PAM) team as a Technical Director within a Fortune 500 organization. In his current position, he has responsibilities as a Chief Security Strategist (America’s) working with Customer, Marketing, and Executives on Thought Leadership, Market Trends, Company Vision and Strategy reporting to the CSO. Chris has held the Deputy CTO and Deputy CISO role since starting with BeyondTrust. In his free time, Chris enjoys spending time with his family on the water boating, supporting his son’s football career as a senior, going to the sand dunes and offroading.
James Maude, Director of Research
James Maude is the Director of Research at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.