TOP CYBERSECURITY TRENDS FOR 2024

2023 was another year of headline-garnering cyberattacks that ravaged industries across the board, captured global attention, and left a distinct impact on the cybersecurity landscape. From Norton Liflock's devastating stuffing attack to T-Mobile's double breach in one year that cascaded vulnerabilities downstream (Google-Fi), to an incapacitated MGM resort and finally but not ultimately our beloved ChatGPT suffering its first blow - it seemed that last year nobody was immune to becoming a victim.

The increase in connectivity through the proliferation of IoT, growing demand for Cybercrime as a service (CaaS), and discovery and exploitation of zero-day vulnerabilities are just a handful of factors that continue to fuel this fire, making it that much more important for organizations to continuously assess and adapt their cybersecurity strategies and training to stay abreast of this ever-evolving landscape.

To help in this effort, listed below are the top 5 cybersecurity trends expected to wield substantial influence over the landscape in the coming year. In crafting this list, we consolidated insights and reports from key industry leaders, identifying shared themes and commonalities before making our selections. Additionally, we infused our perspectives which are particularly tailored for financial institutions.

Starting with:

5.) More Zero-Day Attacks

There’s been a steady increase in zero-day attacks since 2012, with 2023 on track to beat the previous record set in 2021 - Google Cloud

It's expected that Zero-Day attacks won't be slowing down anytime soon, whether it is nation-state attackers or cyber-criminal groups, the demand for these exploits is significantly growing within the underground market. Unfortunately, there isn't a single "best" protection against these attacks as it requires more of a multi-faceted and layered approach. Employing a combination of strategies such as proactive patch management, detection, and response programs in parallel to continuously adapting your security posture is how you can keep your organization safe.

4.) Cyber Insurance Will Stabilize 

Cyber insurance prices in the U.S. declined 4% year over year on average in the second quarter of 2023 according to insurance broker Marsh - WSJ

With price hikes declining over the past year, insurance premiums are forecasted to stabilize in 2024 due to advancing modeling tools that can precisely predict the frequency and severity of cyber events. Quantifiable risk assessment has also been a key factor in decreasing insurance premiums as it empowers cyber insurance companies to precisely identify risk within organizations which in turn allows for tailored and customized coverage.

3.) Favoring Memory Safe Languages 

Roughly 60 to 70 percent of browser and kernel vulnerabilities—and security bugs found in C/C++ code bases—are due to memory unsafety, many of which can be solved by using memory-safe languages - ConsumerReports

A blog released by CISA last September highlights the importance of adopting code written in memory-safe languages due to systematic problems found in memory unsafe languages that include C and C++. For years, developing with unsafe code has allowed hackers "the reach and scale to hold our systems for ransom, access our personal information, and steal our nation’s business and security secrets"- CISA. Organizations have so far begun focusing on this initiative and is expected to grow in 2024 and years to come.

2.) Rise In Supply Chain Attacks  

An independent report by Trend Micro revealed that "over half of global organizations have had part of their supply chain compromised by ransomware"- TrendMicro

Though supply chain attacks aren't new to the industry, these attack vectors are expanding in scope and target, encompassing not just software but also hardware and critical infrastructure. There have been a series of devastating supply chain attacks over the past few years, from Solar Winds attack in 2020 to Codecov Bash Uploader in 2021 to the recent MOVEit Transfer software that exposed organizations to potential hardware supply chain attacks. Although it may seem these attacks are outside your control, preventative measures such as conducting annual supply chain risk assessments, due diligence in vendor selection, and adhering to regulatory compliance can help you avoid becoming a victim.

1.) Prominence of AI / Generative AI Threats 

Thirty-four percent of organizations are either already using or implementing artificial intelligence (AI) application security tools to mitigate the accompanying risks of generative AI (GenAI) - Gartner

AI stealing the show in 2023 shouldn't be news as the revolution and arms race have been underway for the past year. So far, many in the cybersecurity community believe that GenAI is a double-edged sword, on one hand, it can play a pivotal role in proactive threat hunting and detection, while on the other hand, it introduces new challenges and risks brought by adversaries using the tool. A particularly concerning area includes social engineering attacks. With AI, it becomes possible to craft phishing emails, messages, or websites with a high level of authenticity, mimicking legitimate communication from trusted sources- posing a challenge for users in distinguishing between genuine and fraudulent content. It's pretty clear AI will play a transformative role in shaping the future of cybersecurity, organizations that adopt AI are positioned to achieve a substantial edge in the continually evolving cybersecurity landscape and broader business operations.

How To Prepare For A New Year In Attacks

The first step to preventing attacks is to understand the status of your current system through a detailed risk assessment. By pinpointing the areas with the highest potential risk, you can effectively identify and address immediate concerns.

Tack on quantification for every individual risk (using the Rivial Platform), and now you can leverage this information to support your plan of action when presenting to the Board. If you have any questions, use the link below to schedule 30 minutes with one of our expert security consultants!