< Back
trendcomputersec

Tags:

Ercom
01 January 2024

Top cyber trends in 2024

As the cyber landscape continues to evolve, mastering its latest innovations becomes essential. From advances in artificial intelligence to data protection, we take a look at the major trends that will define the new year. 

1) The geopolitical climate, a multiplier effect for APT and hacktivist threats

Cybercriminal groups can be divided into three broad categories: cybercriminals whose sole aim is to make money, APTs (Advanced Persistent Threats), and cyber soldiers sent on missions by their governments. They seek to steal, spy and compromise other countries. The last group are the hacktivists, or “volunteer” cyber criminals for whom ideology is the only matter that counts. They target countries and organizations at the opposite of their ideology, and are in no way seeking profits. The threat posed by APTs and hacktivists jumped by 27% in the last quarter of 2023. 

The reason for this unprecedented increase is the deterioration in international relations we are facing today. Since the invasion of Ukraine, hacktivists and APTs aligned with Ukraine have clashed in cyberspace with hacktivists and APTs aligned with Russia. Added to this are Russian APT attacks against NATO countries. Asia has not been spared either, with attacks by APTs aligned with Beijing, and Indian, Taiwanese and Vietnamese APTs targeting pro-Beijing countries. Overall, the number of politically motivated or state-sponsored cyber attacks exploded in the wake of October 7.

The trend is not towards appeasement in 2024, with the Russian-Ukrainian war still underway, the Israel-Hamas war, Anglo-Saxon strikes against Houthi terrorists, Iranian attacks on US bases in the Middle East, tensions between Taiwan and China, and civil wars in Burma and Sudan. All these war zones have created, and will continue to create, as many areas of confrontation in cyberspace with APTs and hacktivists, each of these groups wishing to further their country’s interest or ideology.

 

2) Cyber threats at major sporting events: A race against hackers

The coming year will be marked by major sporting events such as the Olympic Games in Paris, the African Cup of Nations (CAN) and the Euro soccer championships, attracting hundreds of millions of viewers worldwide. 

However, this represents a major security challenge for law enforcement agencies, who have to manage not only traditional risks, but also cyber threats. Hackers could exploit these opportunities to steal data, hijack broadcast signals, and disrupt critical systems. The growing use of malware, accessible even to novice hackers, underlines the importance of reinforcing vigilance. 

Platforms like Telegram and the darknet have become marketplaces for cybercriminals to sell data, bank details, passwords and malware. Such availability makes it easier for even less experienced individuals to attack, creating a growing concern for cyber security.

 

3) Transforming the digital landscape with AI

Artificial Intelligence (AI) is growing exponentially, rapidly redefining the digital landscape with opportunities, but also with cyber security risks. Deepfakes and voice generators derived from generative AI accentuate the dangers of fraud. Attacks such as the “president’s scam”, where cyber criminals impersonate the CEO of a corporation to deceive staff, are likely to become almost undetectable this year with the advance of voice impersonation. Forecasts suggest that by 2026, 90% of online content could be generated by deepfakes, prompting cyber security vendors to develop faster detection tools.

AI is becoming a tool of choice for hackers, creating a complex digital environment. Its constant adaptation requires ever-increasing vigilance from cyber security professionals. Defense strategies must incorporate advanced technologies to counter AI-based attacks.

In the light of this, Thales, a leader in critical industries such as aeronautics, space and defense, is committed to developing a trusted and reliable AI based on four essential pillars: validity, security, explicability and accountability, with the aim of supporting crucial decision-making. By 2024, data protection and management will play a central role in the adoption of generative AI. Organizations investing in a solid framework will be better positioned to benefit from the business potential of these technologies, requiring distributed data management for informed, profitable decisions.

 

4) Zero Trust adoption will continue alongside cloud adoption

The watchword defining the year 2024 for cyber defense experts is “reinforcement” in the face of anticipated disruptions. Several essential defense levers are used, including AI and the Zero Trust principle, allowing for a complete overhaul of network structures to improve their security.  In the future, companies will turn to proven but underused technologies, such as Zero Trust web browsing solutions, especially remote browser isolation. By running web browser sessions in an isolated cloud container, information can be transmitted securely to the user's endpoint, perfectly in line with cloud migration policies that have become essential for most organizations since the past year.  Increases in data breaches in cloud environments underline the urgency of developing sophisticated security strategies. Comprehensive identity and access management, data encryption and continuous monitoring are becoming crucial to secure cloud-based assets. 

5) Privacy by design as a priority 

In 2024, privacy and security will remain front and center of all product and service design decisions, not only to comply with regulatory standards, but also to earn the trust of users.  It is becoming imperative to prioritize 'privacy by design', which emphasizes incorporating privacy right from the design stage of products and services. Designers and developers are now encouraged to build their products around security, making data protection the default option.  Furthermore, although aimed at preventing unauthorized access to data, security must be accompanied by stringent enforcement of 'Security by design' to minimize the consequences in the event of a breach. Designers need to integrate these principles from the start, making privacy the default setting. Transparency, visibility and independent verification of privacy protection measures are also essential to maintain user confidence and comply with international regulations. 

6) The NIS2 Directive in Europe:

2024 marks a period of major transformation with the imminent implementation of the NIS2 Directive in Europe, representing a significant turning point for cyber security. Focused on strengthening digital resilience, this regulation imposes strict rules on companies operating in the European Union.

Faced with these regulatory changes, companies need to anticipate potential threats and develop robust strategies to minimize vulnerabilities. The need for rapid incident reporting underlines the importance of an agile response to cyber attacks, reducing response times and potential damage.

This regulatory transition is driving companies towards the adoption of advanced correlation and context analysis capabilities. Mere compliance is no longer enough. Adopting proactive approaches to understand the threat ecosystem is becoming essential. By strengthening the security of entities considered critical, NIS2 aims to create a safer digital environment better prepared to face emerging threats.

 

7) Towards cyber resilience in 2024: Evolving responsibilities for CISOs

 

In the face of emerging threats, coordinated measures are being taken to strengthen the security mindset. This includes comprehensive updates, disaster recovery plans, and incident response protocols, creating a complete approach to cyber resilience.

The role of CISOs is evolving considerably, encompassing strategic, operational and leadership responsibilities. They strive to protect their organizations from cyber threats while developing strategies aligned with business objectives, despite the impact of emerging trends and innovative technologies.

Despite growing investment in cyber security, cyber attacks persist, requiring CISOs to justify costs and demonstrate the effectiveness of their measures. Ongoing validation of defenses, through the simulation of attack scenarios, is becoming crucial, as is the active involvement of executive boards in cyber security issues.

In 2024, CISOs will have to face new challenges and adopt a proactive, dynamic and strategic approach to technological advances.