As we embark on what is sure to be a year of many firsts in cybersecurity, we wanted to look back at what we’ve seen over the past year and make a few predictions on what is to come in 2024. Here’s our educated guess at some major trends and themes that will come into focus in 2024:

  • Increasing cyber resiliency of business systems will become a major growth area as senior executives invest in capabilities to ensure continuity of operations even in the wake of a successful breach.
    Cyber threats today are more complex and damaging than ever. For most companies, it is no longer a question of whether they will be breached but whether they are prepared to operate in a contested environment. Senior executives must expand their cybersecurity investment focus from cyber defense to cyber resiliency to ensure business continuity during and after a successful cyber breach. Cyber resilience is a strategy driven by senior executives that considers every aspect of the company's business ecosystem from its employees to partners to supply chain vendors to customers. It must proactively manage risks, threats, vulnerabilities, and the effects on critical information and supporting business assets across the entire business ecosystem.
  • Defending converged ecosystems such as IT, OT and IoT, will become an important focus area as companies move forward with business transformation initiatives to boost overall performance through increased revenue, lower operating costs, and better customer satisfaction and workforce productivity.
    As OT environments become more exposed via IT/OT convergence, we’ll see an increased need for modern cybersecurity solutions to defend critical infrastructure from new threats and attack vectors that previously weren’t a concern for OT environments.
    The ransomware attack on Colonial Pipeline in 2021 demonstrates how an IT-focused attack vector can shut down OT systems and as a result dramatically impact our daily lives – in this case, by causing significant disruptions in gasoline supplies across much of the US East Coast. Attacks have only become more sophisticated in the over two years since the attack, so companies dealing with IT/OT convergence will need to be more diligent than ever in their cybersecurity efforts.
  • Defeating AI-generated phishing attacks will become a major area of investment due to the widespread availability of generative AI tools that leverage deepfakes and personalize messages with a greater degree of sophistication.
    Without question, AI-generated phishing attacks will increase threat actors' scale, scope, velocity, and success rates. It transcends traditional phishing methods, utilizing AI tools for streamlined research and reconnaissance activities. This sophistication enables highly targeted and convincing phishing emails, with threat actors dynamically adjusting content and tactics in near real-time. Language translation services extend the reach and effectiveness of these phishing campaigns, especially within companies operating in multiple countries.

    With email compromise remaining the primary source of business vulnerability, generative AI has added a new layer of complexity to cyber defense. As generative AI becomes more mainstream – across images, audio, video, and text – we can only expect trust in digital communications to continue eroding. Business operations can't function efficiently in this type of environment. Companies must reimagine cyber defenses and user education to counter this new and emerging threat.

One thing we can say for certain is that 2024 is going to be full of surprises. Organizations and their trusted partners will need to stay vigilant and continuously adapt to keep up with today's and tomorrow’s cyber threats.