Top 10 Cybersecurity Trends in 2024
Business insurance company Allianz reported that in the first half of 2023, the number of ransomware victims surged by 50% year-on-year. But in 2024, organizations are fighting back.
As cybersecurity threats and ransomware attacks continue to increase and evolve, it’s become increasingly important to stay vigilant and adopt the most current cybersecurity trends. Some of the top cybersecurity trends for 2024 include authentication systems, including zero trust, passkeys, and passwordless technologies, as well as AI-enabled detection tools to help circumvent bad actors’ tactics.
According to Veeam’s 2024 Data Protection Trends Report, the most common and most important aspect of a modern data protection solution is its ability to integrate with cybersecurity tools. As cybercriminals refine their tactics via AI and machine learning, the number of cyberattacks on business leaders, social engineering attacks, geopolitical and disinformation threats, and ransomware attacks all continue to increase.
1. The Rise of AI and Machine Learning
The last few years have seen the release of large language models and generative AI applications, including GPT-4, Bard, Falcon, and Auto-GPT. These developments, along with conventional machine learning algorithms, are changing the threat landscape and marking a significant shift in cybersecurity trends. On the one hand, you can use AI to improve your cyber defenses, while on the other, cybercriminals can also leverage AI to find and exploit vulnerabilities.
AI in Cyberthreat Detection
AI’s ability to analyze network activity in real time can refine responses to cyberattacks, which is a key development in cybersecurity trends. By performing continual risk analysis, AI tools can automatically detect risky user behavior and unusual login attempts, as well as abnormal network activity and suspicious traffic. With autonomous tools, AI can also proactively detect and neutralize security threats.
AI-powered Cyberattacks
Unfortunately, attackers also use AI to automate cyberattacks. Examples of such attacks include automated phishing attacks, malicious chatbots, and the use of adversarial machine learning algorithms to disrupt operations and poison data. With the assistance of AI, criminals can develop advanced malware and sophisticated attack strategies. Bad actors train AI models with exfiltrated data and use AI tools to analyze stolen data and extract sensitive information. AI-powered malware makes it easier for unsophisticated cybercriminals and hackers to successfully steal data and implement ransomware attacks.
2. Ransomware Evolution
Ransomware tactics have changed over the last decade, from locker malware that prevented users from accessing their systems to current data encryption and exfiltration tactics. These tactics succeed because it’s extremely difficult, if not impossible, to reverse encryption without a decryption key from the hackers. Even then, the 2023 Ransomware Trends report shows nearly a quarter of companies that pay the ransom still don’t regain access to their data. Overall, around 34% of encrypted data wasn’t recoverable.
According to the Professional Assurance Agents Western Alliance, ransomware losses for 2023 topped $1 billion, which underscores the critical need for adaptation in cybersecurity trends.
Ransomware attacks are successful because hackers often target and encrypt backup files, so victims have little option but to pay the ransom. Besides encrypting stolen data, hackers also commonly threaten to release sensitive information to the public to coerce payment. In many instances, payments were made by insurance, but this is becoming increasingly expensive.
As resistance to making payments increases, cyberattackers are now adopting more aggressive actions to force victims to pay a ransom. Like the militant scorched-earth tactic, attackers harass victims and their customers, publish stolen data, and conduct distributed denial-of-service attacks.
Another part of what’s behind successful ransomware attacks is a concerning trend called Ransomware as a Service (RaaS). This model involves cybercriminals who are providing ransomware tools and infrastructures to other malicious actors, who then carry out attacks on targets. The advent of RaaS highlights the importance of comprehensive cybersecurity measures, proactive risk management strategies, and collaboration between public and private sectors to mitigate the impact of ransomware attacks.
The best defense against an attack is a strong ransomware prevention strategy that’s supported by a backup strategy with immutable backups. This strategy should include:
- Identity and access management
- Strong security controls
- Employee education
- Data encryption
- 3-2-1 Rule backup solutions
3. Increased Cyberattacks and Threats to Executives and Leaders
Cybercriminals increasingly target business executives. Some attacks are malicious and seek to damage personal reputations and the organization’s standing. Others aim to obtain access to sensitive information, like financial data, intellectual property, and corporate assets.
In some instances, criminals attempt to steal executive credentials or trick executives into making unauthorized and fraudulent financial transfers. The impact of successful cyberattacks on senior management includes business disruption, plant downtime, and theft of sensitive data. State-sponsored hackers who attempt to blackmail executives and steal trade secrets are another worrying trend. Sometimes, these cybercriminals seek to exploit disgruntled employees by using their credentials to steal and encrypt data.
4. Internet of Things (IoT) Security Challenges
The term IoT applies to any electronic device or sensor with Wi-Fi or wireless capabilities. IoT devices, such as remote sensors in factories and Wi-Fi-enabled appliances, wearables, and equipment, communicate autonomously with data networks. According to Statista, there were over 15 billion IoT devices worldwide in 2023, and this number is expected to double by 2030.
The security of existing IoT devices is a major concern. They have relatively small processors and limited storage and security capabilities and while many are easy to hack, they aren’t easy to secure.
Mandatory security certifications for new devices, encryption, and standardized security protocols may improve security. However, these will need to be customer-driven, and users must make conscious decisions to only employ IoT devices that meet security standards. Techniques such as edge computing can filter sensitive information and increase the overall security of IoT devices.
Implementing multi-factor authentication and other security techniques ensures that only authorized personnel can access IoT devices. Other techniques include using AI threat detection on IoT data streams to detect anomalies and security breaches.
5. Zero Trust Data Resilience
The concept of Zero Trust Data Resilience is based on the Cybersecurity and Infrastructure Security Agency Zero Trust Maturity Model, and the principles consist of assuming a breach, explicitly verifying users, and using least-privileged access. It overcomes the fundamental weakness of more traditional access-based perimeter models by working on the principle of no network perimeter. Zero trust assumes an attacker may be present within the network and requires every user and device to be explicitly verified. Users are also granted sufficient access to only complete their tasks. This means a user can’t move laterally through a network, and the network is effectively micro-segmented.
Zero trust data resilience extends this thinking into the organization’s backup infrastructure. The backup infrastructure has an inherently large attack surface, with read-and-write access across the organization’s applications, so an organization’s backups are always a primary target for cybercriminals who must infect, encrypt, or destroy backups to successfully demand a ransom.
By implementing zero trust data resilience, you’re protecting your backup and recovery processes from attack and, in the event of a breach, limiting the attack surface and potential blast radius. By having immutable backups securely stored away from production data, you can successfully recover from a ransomware attack.
6. Passkeys and Passwordless Technologies
Passwords are the least secure authentication method available. Hackers can steal passwords using brute-force attacks, key-logging software, man-in-the-middle interceptions, and phishing attempts.
Alternatives include passkeys and passwordless technologies. A passkey may use some form of biometric identification, such as a fingerprint, face scan, or a screen lock pin. Supported by FIDO Alliance, passkeys are resistant to phishing and credential-stuffing attacks. A passkey uses cryptographic key pairs generated between the user’s device and the application. The key can be automatically synchronized across the user’s devices or restricted to a single, specific device.
Passwordless technologies similarly identify a user by using possession factors, such as biometrics, registered devices, proximity badges, USB tokens, or magic links in an email generated from your email address.
Passkeys and passwordless technologies are forms of multi-factor authentication techniques that require users to provide more than one unique form of identification. These technologies are more secure than traditional authentication methods and are becoming more commonplace. Google, for example, has made passkeys available on Chrome and Google accounts, as well as Android devices.
7. Geopolitics and Disinformation
Nation-states have started using the internet as a political weapon, which is a concerning development in cybersecurity trends. Several nation-states exist, and many are believed to be in North Korea, China, Iran, and Russia. Typically, they use cyberattacks to punish their enemies and earn foreign income. One of the most spectacular examples was the NotPetya attack in 2017, which initially targeted Ukrainian infrastructure and affected numerous organizations around the world, including the Maersk shipping line. The malware spread with incredible speed and irreversibly damaged the boot records of infected computers.
Disinformation is the deliberate spread of false information, such as conspiracy theories, through the use of social media and other forms of communication. It’s used to spread untruths, often in support of political agendas. Disinformation is a significant problem; especially as unscrupulous news sites repeat fake stories. As of 2022, Security Magazine estimates businesses lose $78 billion annually due to deliberate misinformation.
Governments have responded with legislation regarding disinformation. In Germany, the Network Enforcement Act flags content that’s considered illegal under German law. However, these laws can be seen as restrictive and difficult to enforce. Many citizens believe disinformation and regard efforts to contain such information as an infringement on their rights.
8. Social Engineering Tactics
Social engineering is a technique hackers use to manipulate people into revealing sensitive information, including login details, PINs, and other credentials. The process starts with pretexting, a term used to describe the fictional story and character the hacker creates. Pretexting creates a cover story that seems feasible to the victim. The cover may be an email supposedly from the victim’s bank that looks genuine but can be identified as false due to a subtly different URL. Other forms of pretexting include impersonating a senior manager, coworker, or someone from a trusted organization. Hackers may also use AI tools to increase the effectiveness of these attacks.
Phishing attacks come in many forms, including:
- SMS and social messaging apps, such as WhatsApp, Telegram, and Messenger
- Corporate messaging apps, such as Slack, Skype, and WeChat
- Voice phishing, where the attacker pretends to be a person in authority, such as being from the IT department or bank fraud center
Phishing attempts are often successful because attackers know key customer details that support their claims. This information is generally purchased on the dark web or were stolen in earlier attacks.
Using generative AI, social engineering has also become more sophisticated and difficult to detect, so users should be on their guard against any attempts to extract sensitive information. Organizations should educate users on ways to mitigate phishing attacks, including:
- Leaving unknown email attachments unopened
- Resisting requests for personal and sensitive information
- Minimizing the amount of personal information on social media
- Avoiding tempting offers
- Using multi-factor authentication, passkey, or passwordless technologies
9. Supply Chain Cybersecurity
Supply chain cyberattacks are also a growing problem. These attacks are primarily aimed at third-party vendors who supply services to the supply chain. The rationale behind this approach is that while companies typically have strong cybersecurity protection, the same doesn’t always apply to vendors who have access to the supply chain.
A notable example is the SolarWinds cyberattack in 2020. SolarWinds, a leading provider of network management software, was the victim of a sophisticated supply chain attack where malicious actors compromised its software update mechanism and impacted over 18,000 customers.
The attackers inserted a backdoor into the software updates for SolarWinds’ Orion platform, which is widely used by government agencies and private sector organizations for network monitoring and management. As a result, hundreds of thousands of SolarWinds’ customers unknowingly downloaded and installed the compromised updates, giving the attackers access to their networks.
The SolarWinds attack highlighted the vulnerability of supply chains and underscored the importance of having robust cybersecurity measures throughout the entire supply chain ecosystem.
Another form of supply chain attacks come through open-source software that’s commonly used during the development of supply chain software. In 2020, researchers discovered Octopus Scanner malware in a set of GitHub repositories that infested NetBeans project files. Vendors can strengthen supply chains by eliminating internet-facing attack surfaces and using zero trust security solutions. These can stop lateral movement and block the spread of malware.
IT managers that oversee supply chain software are urged to adapt to these cybersecurity trends by extending their security protocols to include third-party vendors’ software solutions, which makes the implementation of security measures a prerequisite for integration into the supply chain.
10. Regulatory Landscape and Compliance
Regulations surrounding cybersecurity fall into one of two categories:
- Data protection regulations
- Cybersecurity regulations
These requirements overlap but have different focuses. One overriding factor is that the theft or inadvertent release of consumer information often incurs administrative and other financial penalties.
Cybersecurity regulations differ from data protection regulations in that they specify minimum security requirements for products, software, and networks. Examples of these regulations include:
The CISA has identified 16 critical infrastructure sectors whose physical and virtual systems and networks are considered vital to the U.S.. This organization provides resources and information on cybersecurity best practices, including artificial intelligence, cyber safety, and identifying cyber threats and theft. Adherence to these guidelines may help your organization stay compliant.
Stay Ahead of Cybersecurity Trends With Veeam
According to the World Economic Forum, 2023 saw an increase in the use of large language AI models to write malicious code. Cyber threats in 2024 are evolving into more dangerous and sinister variants. Cybercriminals are exploiting vulnerabilities in IoT devices to penetrate organizational security and leaning on open-source and third-party software vulnerabilities to attack supply chain software and hack into corporate systems. Social engineering tactics backed by AI are improving at fooling unsuspecting victims. Nation-state bad actors are also using geopolitics to attack systems in countries they consider to be adversaries, while disinformation spreads falsehoods nationally and internationally.
Using the latest technologies and making cyber resilience a high priority can defend your organization against bad actors. These include using zero trust networks that require explicit authentication and limited lateral movement, as well as passkeys and passwordless technologies to secure networks. It’s prudent to assume a determined hacker can successfully encrypt and exfiltrate your data.
Encrypting your data can protect your organization against this outcome and ensure hackers can’t exploit stolen data. Recover quickly from a successful ransomware attack with a strong data protection and backup platform that uses air-gapped and immutable backups for secure protection against ransomware attacks.
Learn more about cybersecurity and how Veeam can help protect your organization’s data through secure and immutable backups.
Related Content