Cybersecurity trend 2: Data will be weaponized against cloud-based ML models
Since AI and machine learning depend on training data to build their models, compromising that data is an obvious way for bad actors to poison AI/ML systems. Some organizations have countered this so far by training to private datasets only, not public inputs. Yet growing numbers of enterprises are turning to sourced data from third parties to get on the AI bandwagon while keeping costs down, which could make them vulnerable.
Compromising AI/ML systems can open up opportunities for exfiltration, extortion, and sabotage, making this weaponization of training data a powerful prospect for cybercriminals.
Cybersecurity trend 3: Supply-chain attacks will test the resilience of CI/CD systems
According to Trend Micro research, 52% of global organizations had their supply chains attacked by ransomware last year. Continuous integration/continuous delivery (CI/CD) software development supply chains are a particularly appealing target because of the access they give to large numbers of potential victims via island hopping. Bad actors who hack software developers in the CI/CD pipeline can inject malicious code that undermines the whole IT infrastructure and affects virtually every connected party. The appeal of that scope and scale makes software supply chain attacks another cybersecurity trend to watch out for in 2024.
Cybersecurity trend 4: Generative AI will level up social engineering lures in targeted scams
Faced with conventional phishing schemes and other social engineering attacks, cybersecurity teams have at least had the advantage that many if not most phishing emails and texts are conspicuously fake if people know what to look for. Cybersecurity-aware users can watch for spelling and grammar errors, voice and tone slips, wonky URLs, and suspicious email addresses and pick out suspect messages.
Generative AI changes that situation more or less completely—as Trend Micro Global Security and Risk Strategist Shannon Murphy pointed out in a great presentation at AWS re:invent last December. Not only can generative AI produce fake messages that are error-free and seem authentic, but it can also do so in multiple languages and embed all manner of links, QR codes, and contact numbers to misdirect unsuspecting targets. This is bound to drive an increase in business email compromise (BEC) attacks and, soon enough, audio/video deepfakes as well.
Cybersecurity trend 5: The blockchain will serve as fresh hunting grounds for extortion schemes
The last of the cybersecurity trends outlined in our predictions report focuses on private blockchains. While these attacks may not be so widespread in 2024 since blockchain itself hasn’t gone totally mainstream yet, more organizations are looking at cost-effective private blockchains to manage internal financial transactions both locally and in the cloud. As they do, attackers will be watching and waiting to exploit gaps and vulnerabilities that give them administrative rights they can misuse to wreak havoc and reap gains. Presuming that blockchain’s promise of tight data integrity means it is also highly secure would be a serious misstep for enterprise adopters.
How to prepare for the future of cybersecurity
What can organizations do to protect themselves against these complex and evolving threats? In each case, fortunately, there are practical steps that can be taken—ways of protecting data, devices, and the overall technology infrastructure while continuing to enable connectivity-driven business goals. The keys to any effective defense strategy are protection at all points of the attack life cycle and multidimensional security built on good threat intelligence.
For additional detail on the coming year’s cybersecurity trends and what can be done about them, download the full Critical Stability predictions report and watch for more posts on these topics in the weeks and months to come.
Next steps
For more 2024 cybersecurity predictions, check out the following resources: