A Cybersecurity Expert’s Top 10 Predictions for 2024 (Chris Wright Commentary) | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

What do cybercriminals have up their sleeves for 2024? Will it be more of the same or slight iterations of attackers’ go-to tools, such as general phishing scams? Or will the New Year bring “The Terminator” and artificial intelligence (AI)-generated threats like deepfakes?

When it comes to cybersecurity, nothing is a sure bet. Attackers are constantly changing their tactics to attempt to breach our systems. But based on previous trends and concrete evidence from the field, we can gauge what’s coming down the pipeline to be better prepared.

Here’s what the crystal ball indicates we’ll see in 2024:

  1. With the rise in low-skilled cybercriminals, unprepared companies will experience attacks on their “low-hanging fruit,” such as unpatched vulnerabilities. These attacks can be prevented — or their impact blunted — with tailored cybersecurity best practices.
  2. The motto “Think Before You Click” will grow in importance as phishing attacks become more targeted for specific audiences and industries. Efforts will be more drawn out, complex and believable to unsuspecting or unprepared recipients.
  3. Multi-factor authentication will remain a necessary and cost-effective tool for companies to safeguard their systems against possible breaches and attacks—despite attackers finding creative ways to bypass it.
  4. Companies that don’t practice cyber hygiene will leave the door open to ransomware, now “extortionware,” attacks. Once granted access to the data or files, these criminals will deploy new methods to make their assaults more painful and costly for victims.
  5. Cybercriminals will employ AI, large language models, such as ChatGPT, and AI-generated media in their attacks. However, their adoption and use will be slow since simple tools like phishing will continue to offer results.
  6. Before agreeing to provide a policy, cyber insurance carriers will mandate that potential policyholders implement or upgrade their protective measures. Underwriters will also likely require hard proof.
  7. Businesses and organizations that lay off their in-house or third-party technology experts will likely have to pay the piper through unforeseen or unmitigated attacks and, within specific industries, the resulting regulatory fines.
  8. Government entities and industry groups will be quick to consider or enact compliance regulations if organizations consistently fail to implement sufficient cybersecurity precautions to protect their employees, consumers or the public.
  9. If not already, businesses will need to be cautious of sales-focused vendors that leverage the fear surrounding cybercrimes to promote unnecessary services and products. There are no silver bullets. Instead, they will need to recognize that their time and resources are better spent developing a custom program that includes best practices to meet their threat landscape.
  10. As in years past, no business will be immune to having their systems compromised. They will, however, have the control to select, source and integrate security controls to address their vulnerabilities. By building up their security measures, they will reduce their risks and become more resilient against future attacks.

Christopher Wright is co-founder and partner at Sullivan Wright Technologies, an Arkansas-based firm that provides tailored cybersecurity, IT and security compliance services.


Click Here For The Original Source.

National Cyber Security