Global cyber threat intelligence provider Cybersixgill has released its anticipated cybersecurity trends for 2024 and beyond.
The company’s experts foresee a landscape shaped by the evolution of artificial intelligence, intricate regulatory requirements, expanding attack surfaces, and heightened geopolitical issues.
As organizations pivot towards proactive cybersecurity measures like Threat Exposure Management (TEM), Cybersixgill emphasizes the pivotal role of cyber threat intelligence in shaping strategic business decisions.
AI’s pervasive influence on cybersecurity
Cybersixgill’s first prediction centers on the broader accessibility of AI in cybersecurity. The company anticipates that the value of AI in cybersecurity hinges on the breadth and reliability of data.
Expectations are high for significant improvements in 2024 as AI vendors strive to enhance the richness and fidelity of results, and the company therefore envisions a future where AI becomes broadly accessible to practitioners, irrespective of their skill set or maturity level.
However, as the use of AI proliferates, concerns surrounding data privacy are poised to escalate. Cybersixgill anticipates companies establishing their policies while awaiting regulatory legislation, which may manifest, albeit tentatively, in the US and other countries by 2024, with clearer policies potentially emerging in 2025 or later.
AI as a double-edged sword: Attack tool and target
As AI takes center stage in cybersecurity defenses, Cybersixgill’s second prediction raises a red flag about its potential misuse. In the coming year, threat actors are expected to harness AI to automate large-scale cyberattacks, craft duplicitous phishing email campaigns, and develop malicious content with pinpoint accuracy.
Malicious tactics, such as data poisoning and vulnerability exploitation in AI models, are projected to gain momentum, potentially leading organizations to inadvertently provide sensitive information to untrustworthy parties.
Furthermore, a shady trend known as shadow generative AI is predicted to rise, where employees surreptitiously use AI tools without organizational approval or oversight, potentially resulting in data leaks, compromised accounts, and widened vulnerability gaps in a company’s attack surface.
Regulatory mandates elevate corporate accountability
As cyber threats rise, especially with expanded attack surfaces, regulations are expected to make top-level executives more responsible for their organization’s cybersecurity practices. To comply with stricter reporting rules, companies may add cybersecurity experts to their leadership boards.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. It was established to protect sensitive cardholder data and reduce the risk of data breaches and theft of financial information. Cybersixgill pointed out that anticipated changes in the PCI DSS’s 4.0 update will specifically pressurize companies in retail, healthcare, and finance to meet new reporting requirements by March 2024.
This regulatory shift is likely to increase the demand for proactive threat intelligence, aiding organizations in managing risks, identifying vulnerabilities, and strengthening their cybersecurity measures.
CTI’s central role in proactive cybersecurity
Cybersixgill’s fourth prediction emphasizes the fusion of proactive cybersecurity and tool consolidation, underlining the critical role of cyber threat intelligence. More companies are adopting Threat Exposure Management, a proactive cybersecurity approach focused on identifying, assessing, and mitigating potential security risks and vulnerabilities within an organization’s digital environment. As a result of that adoption, cyber threat intelligence (CTI) is poised to be a foundational component, providing insights to mitigate operational risks.
Expanding motivations for cyberattacks
In its fifth prediction, Cybersixgill highlights the broadening motivations behind cyber attacks in 2024. As geopolitical tensions and other issues come to the forefront, threat actors are predicted to target entities beyond financial gain.
With 40 national elections worldwide, the motivations of threat actors are expected to broaden beyond financial gain. Cybersixgill anticipates an uptick in attacks targeting entities without profit centers, such as schools, hospitals, public utilities, and other essential services. This shift in motivation may also manifest through the growing trend of cybercriminals offering their skills and expertise for hire through ransomware-as-a-service, malware-as-a-service, and DDoS-as-a-service offerings.
Affiliate programs are predicted to flourish as powerful cybercriminal gangs franchise their ransomware technology, making the extortion business accessible and profitable to a larger pool of threat actors.
“Over the past year, we’ve witnessed significant developments in cybersecurity, including the emergence of generative AI and its ability to enhance organizations’ threat intelligence efforts, and the rise of Threat Exposure Management, a program of consolidation to identify and mitigate risk and strengthen cyber defense proactively,” said Sharon Wagner, CEO of Cybersixgill.
“With these advancements, curated threat intelligence is gaining prominence and accessibility, delivering relevant, contextual data based on a company’s attack surface and the effectiveness of its security stack,” he added. “As security teams hone their strategies against malicious actors, these trends will play an even bigger role in the coming year and beyond.”