Cybersecurity threats are constantly evolving as malicious actors change tactics and take advantage of emerging technologies to attack new targets, scale up their operations and evade capture. As a result, security professionals need to be aware of these changes.
Here are just three trends that emerged in 2023 that are likely to shape the threat landscape into 2024.
Whilst many companies are asking employees to return to the office, remote work is still more common now than pre-pandemic. As a recent study shows, working from home rose five-fold from 2019 to 2023, with 40% of US employees now working remotely at least one day a week. This brings with it extra security risks as Dave Berry, CEO of Bugcrowd explains. “Employee communications in a hybrid or remote-first environment become increasingly susceptible to social engineering attacks.”
This is something that companies will need to tackle, considering this trend is likely to continue (even if it is at a lower rate). One approach, according to Piyush Pandey, CEO at Pathlock, is that organisations should have the ability to dynamically adjust data security measures, such as by data masking, to manage the risk more effectively. Particularly when detecting a potentially risky account accessing information from a non-standard location.
Generative AI has been the buzzword of 2023 across many industries. In cybersecurity, it has given hackers the ability to more easily scale their operations by creating more successful phishing attacks or writing malicious code more easily. It’s also creating internal vulnerabilities, as Shawn Surber, Senior Director of Technical Account Management at Tanium points out, “AI is being rapidly built into all sorts of tools, and whenever development is rapid, it creates a potential for unexpected vulnerabilities. Additionally, with free and paid access to generative AI available to everyone, the risk of unintentional insider threat style data leaks grows exponentially.”
However, it’s not just criminals that benefit from new AI-based technologies. Companies can also leverage it for cybersecurity, and many already are. According to an IBM report, the majority of companies—globally and across industries—are adopting or are considering adoption of AI plus automation in their security functions. And 64% of respondents have implemented AI for security capabilities in at least one of the security lifecycle processes, and 29% are considering it.
This remains one of the biggest cybersecurity threats, with many criminals now also using double and triple extortion methods which have more impact and can be more costly for companies. As highlighted above, this method of attack has been supported by the rise of generative AI, and scaled through Ransomware-as a-Service (RaaS), where groups commercialise their ransomware, selling it to other cybercriminals. RaaS remains a key driver for the ongoing frequency of ransomware attacks.
Companies will not only need to prepare themselves for these types of attacks, but insurers will also need to better understand the dependencies that result from digital supply chains. As more companies outsource certain functions to third parties, more organisations have access to customer data which creates more opportunities for vulnerabilities outside of the insured company’s control.
These are just a few of the cybersecurity trends that have emerged throughout 2023, and we’ll be watching closely to see how they evolve over the next twelve months.