Cybersecurity predictions for 2024- Navigating the evolving threat landscape

Cybersecurity predictions for 2024: Navigating the evolving threat landscape

By Sumit Srivastava

The world of cybersecurity is in constant flux, with attackers and defenders engaged in an ongoing cat-and-mouse game. As technology evolves, so do the tactics employed by cybercriminals, making it crucial to anticipate future trends and threats.

AI and Generative AI Adoption for Cybercrime: The Escalating Threat

In 2024, the battle for cybersecurity will be further complicated by the rapid adoption of artificial intelligence (AI) and generative AI by cybercriminals. The realm of deepfakes, where AI synthesises convincing yet entirely fabricated media, is poised to become more sophisticated and challenging to detect. Malicious actors will harness this technology to bolster their social engineering endeavours, manipulating video calls to impersonate trusted figures such as executives or colleagues. These convincing deepfakes will, in turn, deceive unsuspecting victims into divulging sensitive information or executing illicit fund transfers. As generative AI models, exemplified by entities like DALL-E 2, continue to evolve, cybercriminals will increasingly employ fake identities, credentials, and documents to facilitate identity theft and financial fraud. As the threat landscape becomes more intricate, security teams must remain vigilant, embracing counter-deepfake technologies that can distinguish authentic from manipulated content.

Cloud Tier-0 Assets: The New Bullseye for Cybercriminals

With an ever-increasing number of organisations migrating their crucial workloads and data to public cloud platforms, assets like Azure Active Directory, AWS Identity and Access Management (IAM), and Identity-as-a-Service (IDaaS) providers occupy the position of the modern “keys to the kingdom.” In 2024, these centralised identity and access management systems will emerge as prime targets for cybercriminals. The potential compromise of tier-0 assets presents a dire scenario, as they grant access to all other cloud resources and applications once infiltrated. Cybercriminals will dedicate more resources to direct attacks on these coveted assets, employing methods such as brute force attacks, credential stuffing, and the exploitation of vulnerabilities. Moreover, the risk of cascading supply chain attacks will loom large, with attackers potentially compromising third-party entities that possess access to a cloud environment, thereby enabling access to tier-0. Both cloud providers and their customers must fortify the security surrounding tier-0 assets and remain vigilant for anomalous access patterns.

Cascading Supply Chain Attacks: A Pervasive Menace

The year 2024 is poised to witness the continued acceleration of cascading supply chain attacks. These sophisticated tactics allow attackers to indirectly infiltrate a target by compromising a weaker element within the organisation’s supply chain. This approach can prove more effective than direct assaults on the primary target. The well-documented Okta breach in January 2022 serves as a vivid illustration of this threat. In this incident, the attackers initially compromised a third-party application integrated with Okta, utilising this access to penetrate Okta’s systems. As interconnected ecosystems grow increasingly complex, organisations must exercise prudence in assessing the security of all vendors in their supply chain and remain vigilant for lateral movement following a breach.

Session Hijacking and Cookie Theft: A Growing Peril

In 2024, the theft of session cookies and tokens, which enable the preservation of authenticated sessions, will become a more prevalent attack vector. Once obtained, these stolen credentials can be exploited to impersonate legitimate users and gain access to privileged accounts and sensitive systems. The Okta incident provides yet another striking example of the associated risks. In an era where workforces heavily rely on cloud applications and remote access, the opportunities for credential theft have increased. Consequently, organisations must implement additional layers of authentication beyond cookies and tokens, closely monitor access patterns for anomalies, and deploy web isolation measures to safeguard high-value browser-based assets.

Secure Browser and Web Isolation Adoption: A Rising Defense

As the risks associated with session hijacking mount, more organisations will turn to secure browser and web isolation technologies in 2024. These solutions effectively isolate high-value browser sessions and applications within a secure “air gap” environment, rendering credential theft ineffective even if the endpoint is compromised. Recognising the growing peril, many organisations have begun evaluating isolation technologies to bolster their defense mechanisms. The increasing prevalence of always-on devices and the embrace of hybrid workforces further underscores the importance of isolation solutions, which provide additional protection for remote and mobile access scenarios. Expect a surge in adoption, particularly among high-value targets such as financial institutions and government agencies.

Passkeys for Enterprise: The Dawn of a New Era

In 2024, passwordless authentication standards, with passkeys at the forefront, will gain substantial traction in the enterprise landscape. These passkeys offer secure authentication without the need for traditional passwords. Organisations that have undertaken passwordless pilots and preparations will transition to broader rollouts, with passkeys emerging as the favoured passwordless option. Furthermore, governments and regulatory bodies are anticipated to provide clearer guidelines on passwordless authentication. With passkeys seamlessly integrated into operating systems, browsers, and applications, IT leaders will feel increasingly confident in the shift away from legacy passwords, ushering in a more secure and frictionless authentication paradigm.

Legislative Loosening: Enabling SaaS Adoption in Regulated Industries

Traditionally, regulated industries such as financial services, healthcare, and critical infrastructure have exhibited reluctance toward the widespread adoption of cloud-based security software-as-a-service (SaaS) offerings due to legislative ambiguities surrounding data sovereignty, privacy, and auditability concerns. However, 2024 will witness a transformative shift as several jurisdictions amend regulations to accommodate third-party security SaaS solutions more effectively. Countries like Taiwan, South Korea, Hong Kong, India, and others will clarify guidelines governing the utilization of cloud-delivered security controls. This regulatory relaxation will empower regulated firms to harness cutting-edge SaaS-based cybersecurity defenses, including next-generation Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Extended Detection and Response (XDR), and other solutions.

In the face of these imminent challenges and opportunities, organisations must remain vigilant, adapt swiftly, and invest in the technologies and practices that will best protect their digital assets and sensitive data in cybersecurity’s dynamic and ever-changing landscape. By staying informed and proactive, enterprises can navigate the unpredictable terrain of cybersecurity in 2024 and emerge as resilient defenders in the ongoing battle against cyber threats.

The author is solutions engineering director, CyberArk India

Follow us onTwitter,Facebook,LinkedIn