Info@NationalCyberSecurity
Info@NationalCyberSecurity

10 Global Cybersecurity Predictions for 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


The cybersecurity field evolves constantly as technology advances, global events create uncertainty, and threat actors refine and improve their malicious tactics. While preparedness remains one of the most important facets of effective organizational cybersecurity, it can be difficult to plan for the year ahead with so many unknowns.

Global leaders and experts at FTI Consulting share their predictions for the most impactful cybersecurity trends to look out for in 2024.

Election Security Making Headlines

Anthony J. Ferrante, Global Head of Cybersecurity


“Election security will continue to be of national importance as the United States enters an election year. Governments, polling locations, and all third party systems involved in the election process will prioritize cybersecurity protections in 2024 in an effort to protect the integrity of the democratic process.”

The confirmed election meddling in 2020 will put increased scrutiny on cybersecurity protections in this election cycle.1 The threat is increasing not only in the United States, but around the world and will continue as more of the electoral process occurs digitally, creating new vulnerabilities and access points for threat actors to exploit.

A Two-Sided Approach to Artificial Intelligence

David Dunn, Head of Cybersecurity, EMEA & APAC


“As AI becomes increasingly accessible, organizations will adopt a dual perspective: harnessing AI for defense while simultaneously remaining vigilant about potential threats driven by AI. This balanced approach will allow organizations to both stay competitive with the latest technologies and acknowledge the significant risks they pose, which is crucial in navigating the evolving landscape of cybersecurity.”

Artificial Intelligence (AI) can analyze vast datasets, identify anomalies, and respond to threats to help defend against cyber attacks.2 AI-driven security solutions (AIOps), are used to automate threat detection and incident response.3 However, AI can also pose a threat to businesses. Cyber criminals use AI to create deepfakes and execute other sophisticated attacks.4 When AI models are integrated into business operations, they are vulnerable to poisoning attacks that disrupt the output of models, and unauthorized employee use of AI runs the risk of data leakage.5

Widespread Adoption of Zero-Trust Architecture

Thomas Hutin, Head of Cybersecurity, France


“The Zero-Trust Architecture security model will gain widespread adoption in 2024. Organizations will move away from traditional perimeter-based security and adopt a zero-trust approach, verifying every user and device attempting to access their networks, applications, and data.”

Zero-trust architecture refers to the security practice where all internal and external parties must be verified before accessing resources.6 It replaces traditional cybersecurity strategies that threat actors are increasingly able to surpass, like network security.7 The sophistication of threat actors will encourage more organizations to prioritize investments in enhanced cybersecurity models.

Cities Integrating IoT into Critical Infrastructure

Eva Kwok, Head of Cybersecurity, Hong Kong


“Cities in the APAC region will prioritize the integration of IoT and connected systems into their infrastructures through 2024. While making cities smarter can reduce environmental waste and make systems more efficient, it also opens critical operations to increased cybersecurity risk.”

Integrating Internet of Things (IoT) into critical infrastructure is a reflection of the ongoing global trend towards creating smart cities to enhance efficiency, sustainability, and overall quality of life. While IoT integration into critical infrastructure offers many benefits, the interconnected nature of IoT systems can make them vulnerable to cyber attacks.8 As cities continue implementing IoT devices into their infrastructures, it will become more important than ever for municipalities to prepare for nation-state and financially-motivated threat actors targeting their infrastructures.9

Increasing Cybersecurity Supply Chain Risks

Peter Fischer, Head of Cybersecurity, Germany


“Supply chain risk management will emerge as a top priority, recognizing that a well-prepared and adaptable supply chain is key to business continuity and overall resilience in a rapidly evolving global landscape. Organizations will invest heavily in evaluating the resilience of their supply chains, scrutinizing suppliers’ cybersecurity practices, and developing contingency plans to ensure that they can adapt and respond effectively to unforeseen challenges.”

When organizations rely on Original Equipment Manufacturers (OEMs) for components of their products, they are also depending on the OEM to ensure the part is free from cybersecurity vulnerabilities. Recent incidents in 2023 will encourage organizations to more carefully scrutinize the cybersecurity practices of their suppliers to ensure their final products are not impacted by unknown supply chain cybersecurity issues.10

Third Party Scrutiny Taking Priority for Compliance Officers

Collin Miller, Managing Director, Technology


“Compliance officers, in partnership with cybersecurity teams, will need to intensify their scrutiny and risk management over vendors and third parties. In the year ahead, there will be an emphasis on better safeguarding against cyber attacks that could be launched via a third party and infiltrate a vendor management platform.”

Two-thirds of senior compliance professionals ranked third party risk as an area of heightened compliance concern for 2023, and this will stay consistent through 2024 as organizations continue to outsource services.11 As threat actors find new and creative ways to access organizational data and systems through their external vendors, organizations will need to prioritize properly vetting third parties for cybersecurity controls.

The Start of Significant Fines From Australian Regulators

Wouter Veugelen, Head of Cybersecurity, Australia


“In 2024, I predict Australia will start issuing the first significant fines to organizations who fail to implement appropriate cybersecurity controls to protect their sensitive information. These fines would serve as a consequence for negligence, just as how companies are held accountable for reducing environmental impact and adhering to appropriate safety measures.”

Organizations in Australia have thus far largely managed to avoid significant fines despite inadequate proactive cybersecurity measures, but recent changes to legislation and associated fines will soon have Australia following suit with Europe and the United States. The Privacy Legislation Amendment approved at the end of 2022 paved the way for the Australian government to start issuing fines up to $50 million for failing to protect customer data.12 This has led to further warnings of impending fines from governmental agencies such as the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investment Commission (ASIC), while the Security of Critical Infrastructure (SOCI) Act requires entities in scope to comply with cybersecurity protections by August 2024 to avoid monetary penalties.13, 14, 15, 16

Corporate Responsibility Shifting to Individuals

Jordan Rae Kelly, Head of Cybersecurity, Americas


“Cybersecurity will remain a top priority for C-Suites and Boards of Directors, and we will see more individuals being held accountable for organizational cybersecurity incidents, with consequences for executives in addition to companies as a whole.”

Individuals, especially Chief Information Security Officer (CISO) and Chief Executive Officer (CEO) roles, have faced heightened scrutiny and even fraud charges in high-profile cybersecurity attacks in recent years.17, 18 As regulatory agencies continue to enhance cybersecurity requirements, including the Security and Exchange Commission (SEC)’s new disclosure rules and the CISO annual board reporting requirement in the New York Department of Financial Services (NYDFS) updated cybersecurity rules, more executives will find themselves facing legal trouble for insufficient cybersecurity protection for their company and clients.19, 20

Organizational Transparency Surrounding Cybersecurity

Sara Sendek, Managing Director, Cybersecurity & Data Privacy Communications


“2024 will see increased transparency from organizations about cybersecurity practices. With the SEC cybersecurity reporting rules taking effect imminently, and CISA reporting requirements just around the corner, companies will be under pressure to disclose incidents and disclose them early – potentially with limited information available in early stages of containment and discovery.”

Since the SEC cybersecurity reporting rule was announced in July 2023, organizations are increasingly taking quick action to file disclosures around ongoing cybersecurity incidents – often in the early stages of discovery and containment.21 Once CISA’s rules take effect, more companies will feel increased pressure to rush out quickly with disclosures to stay compliant with all requirements.22 Organizations need to have communications and incident response plans in place now, as required in the updated NYDFS cybersecurity rules, prior to regulators forcing their hand.23

Emergence of Incentivized Cybersecurity

Anthony J. Ferrante, Global Head of Cybersecurity


“While a wide range of cybersecurity laws and regulations have emerged in recent years, the main focus has been penalties for violations, rather than rewards for compliance. In 2024, I predict we will begin seeing the emergence of incentivized cybersecurity. By offering incentives to implement proper protections and resilience strategies, organizations will be better positioned to prevent incidents, respond faster if an attack is successful, and minimize downtime and damaging impacts.”

When the White House released its National Cybersecurity Strategy in March of 2023, it touched on a long term plan to realign incentives for cybersecurity collaboration and resiliency.24 In June of 2023, Iowa became the fourth state in the U.S. to adopt an incentive-based approach to encourage businesses to implement cybersecurity best practices, following the efforts of Ohio, Utah, and Connecticut.25 These small steps forward in 2023 pave the way for a bigger push towards cybersecurity incentive programs in 2024.

2024 promises to be a year filled with challenges and opportunities in the realm of cybersecurity. As technology continues to evolve, so do the tactics of cyber criminals, making it crucial for individuals and organizations to stay informed and proactive in defending against cyber threats. By staying vigilant and adapting to these emerging trends, we can better protect our digital assets and information in an ever-changing and increasingly connected world.

Footnotes:

1: The Associated Press, “Putin-linked businessman admits to US election meddling,” AP News (November 7, 2022)

2: Kinza Yasar and Stephen J. Bigelow, “AIOps (artificial intelligence for IT operations),” TechTarget (June 2023)

3: Id

4: Yuen Pin Yeap, “Generative AI Is The Next Tactical Cyber Weapon For Threat Actors,” Forbes (October 16, 2023)

5: Tracy Wilkison, Eric Vandevelde, and Erin Burke, “Mitigating AI Cybersecurity Risks from the Top Down,” Law360 (August 4, 2023)

6: Computer Security Resource Center, “Zero-Trust Architecture,” National Institute of Standards and Technology

7: Id

8: Elizabeth Montalbano, “Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack,” Dark Reading (May 16, 2023)

9: Todd Renner, “Protecting Smart Cities Through Cybersecurity,” FTI Consulting (October 25, 2023)

10: Elias Groll, “‘Downfall’ vulnerability leaves billions of Intel CPUs at risk,” Cyberscoop (August 8, 2023)

11: “Compliance Tech Priorities in 2023,” FTI Consulting (2023)

12: “Parliament approves Government’s privacy penalty bill”, Australia Attorney-General’s Portfolio (November 28, 2022)

13: David Ross, “APRA puts financial sector on notice to lift standards over its cyber security,” Cairns Post (November 4, 2023),

14: Nick Bonyhady, “The tougher regime for cyber threats that directors must heed,” The Australian Financial Review (September 19, 2023)

15: Wouter Veugelen, “Breaking Down the Security of Critical Infrastructure Act,” FTI Consulting (April 12, 2023)

16: Alec Christie, “Critical Infrastructure Update: Risk management program obligations under the SOCI Act now ‘turned on’,” Lexology (February 27, 2023)

17: Christian Vasquez, “SEC sues SolarWinds and CISO for fraud,” Cyberscoop (October 31, 2023)

18: Tim Starks and David DiMolfetta, “SEC notices spark alarm for cyber executives,” The Washington Post (June 29, 2023)

19: “SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies,” U.S. Securities and Exchange Commission (July 26, 2023)

20: “Governor Hochul Announces Updates To New York’s Nation-Leading Cybersecurity Regulations As Part Of Sweeping Effort To Protect Businesses And Consumers From Cyber Threats,” New York Department of Financial Services (November 1, 2023)

21: “SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies,” U.S. Securities and Exchange Commission (July 26, 2023)

22: “Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA),” Cybersecurity & Infrastructure Security Agency (March 2022)

23: “Governor Hochul Announces Updates To New York’s Nation-Leading Cybersecurity Regulations As Part Of Sweeping Effort To Protect Businesses And Consumers From Cyber Threats,” New York Department of Financial Services (November 1, 2023)

24: “National Cybersecurity Strategy,” The White House (March 1, 2023)

25: “Iowa Becomes Fourth State to Incentivize Cybersecurity Best Practices for Businesses,” Center for Internet Security (June 29, 2023)

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW