The Top 24 Security Predictions for 2024 (Part 2)

Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more.

Last week, in part one of The Top 24 Security Predictions for 2024, I covered the top 15 cyber industry company reports and a summary of industry-wide security predictions. In part two, we will cover:

Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions or more, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these companies’ websites, read their full prediction reports and see the details on each item — often in video format. My goal is to point you in the right direction and encourage you to visit website links for more details.

16) Delinea — Joe Carson, chief security scientist and advisory CISO at Delinea, offers another excellent list, and I am always impressed with his analysis and expertise.

Delinea offers a great list of cybersecurity predictions in this piece: Delinea 2024 Predictions: Cyber in 2024 - AI, Cyber Insurance, Passwordless and Beyond.

You can watch a short YouTube video from Joe on each of their predictions:

• Surge in cyber insurance.
• AI and ML promise to streamline compliance efforts.
• Passkeys and passwordless solutions surge in usage.
• Artificial intelligence use by enterprises surges.
• Nation-states accelerate cyber espionage, blurring the lines between traditional and cyber attacks.

17) Chuck Brooks, Forbes Compilation — Chuck always delivers excellent content, and his piece in Forbes brings in unique analysis, including in space and quantum computing.

The article is called: “Artificial Intelligence, Quantum Computing, and Space are 3 Tech areas to Watch in 2024.”

But first, take a look at this France24 article describing how after 50 years, the U.S. will return to the Moon on Jan. 25:

“Takeoff is scheduled for December 24 from Florida aboard the inaugural flight of the new rocket from the ULA industrial group, named Vulcan Centaur.

“The probe will then take ‘a few days’ to reach lunar orbit, but will have to wait until January 25 before attempting landing, so that light conditions at the target location are right, Thornton said.

“The descent will be carried out autonomously, without human intervention, but will be monitored from the company’s control center.”

Now to the prediction highlights from Chuck Brooks of Brooks Consulting International and Georgetown University:

“Artificial Intelligence Is on the Cusp of Transforming Civilization: I think that in 2024 and onward there will be Malthusian scientific and technological advancements made possible via artificial intelligence. These developments will certainly have a significant effect on our way of life, economics, and security. Due to the potential speed of AI's analytical capabilities, operational models in cybersecurity will change. Approaches to risk management will need to preserve business continuity and cyber-resilience. Integrating AI will be a cybersecurity imperative to manage new and increasingly complex threats.

“Quantum computing is arriving sooner than we planned: In 2024, we must prepare for the exponential advantages and threats of quantum technology due to its potentially disruptive nature. More investment for R&D from the public and private sectors will be required as a result. For our emerging quantum future, quantum education and workforce development should also be planned for and put into action.

“Space attacks: In the coming year, the security risk management of satellites and space will emerge as a top priority among both the public and private sectors. The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure. The emerging frontier of Space will need to be a high security priority for 2024.”

18) ZeroFox — In their report, 2024 Cybersecurity Trends – What’s in Store for 2024, we see the following, with key takeaways offered in their report under each category:

• Social engineering keeps growing, taking advantage of the most complicated and persistent security weakness in any organization: people.
• Ransomware and digital extortion still aren’t going anywhere. Ransomware continues to succeed in part because the primary delivery method remains phishing emails, and those will continue to improve as generative AI keeps improving those campaigns.
• The deep and dark web continues to be critical real estate for cyber criminals. Compromised credentials, personally identifying information (PII), malware, and a plethora of tools and services are all for sale in cyber crime marketplaces.
• Mis/Dis/Malinformation (MDM) is the existential threat of our times. The expanding ease of access to tools for creating convincing audio and video pushes this threat from the horizon to our doorstep.
• Artificial intelligence threats are on the rise, as security analysts and threat actors alike adopt new generative AI and similar tools.
• Cryptocurrency-related threats appear to be on the rebound, given rising cryptocurrency values, including Bitcoin rising 109 percent and Ethereum rising 52 percent so far in 2023. These rises are likely responsible for the 399 percent increase in cryptojacking year over year.
• Threats to elections, including the 2024 U.S. presidential election, are an emerging trend. Multiple key elections taking place in 2024 are expected to drive an increase in various threat actor campaigns throughout the year.

They also say two areas are over-hyped: “These are topics everyone talks about even though most have no idea why (or if) we should be expending energy on them.

• Nation-state threats remain scary, but are STILL not likely your top concern.
• The metaverse continues to have interest beyond its current impact.”

Also see their ZeroFox Resources here, and their full report download here. 

19) Cobalt Labs — Cobalt offers a fascinating report, called Top Cybersecurity Statistics for 2024, featuring “90 cybersecurity statistics to provide a look at what we can expect in 2024 if the trends hold.”

The report lists many current 2023 statistics, but at the same time outlines trends and forecasts for more stats in 2024. Here are a few to watch:

• Worldwide cyber crime costs are estimated to hit $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures (Cybersecurity Ventures).
• Cyber crime is predicted to cost the world $9.5 trillion in 2024, slightly lower than the projected growth rate (Cybersecurity Ventures).
• Global cyber crime damage costs are expected to grow by 15 percent per year over the next two years, reaching $10.5 trillion annually by 2025 (Forbes).
• For 2023, the United States continues to have the highest cost of a data breach at $5.09 million (IBM).
• 75 percent of security professionals have observed an increase in cyber attacks over the past year (CFO).
• According to Mordor Intelligence, the cybersecurity market size is estimated at $182.86 billion in 2023 and is expected to reach $314.28 billion by 2028, growing at a CAGR of 11.44 percent during the forecast period (2023-2028).

20) Cyber Ark — The CyberArk blog team offers Cybersecurity Predictions for 2024 and Beyond.

Here’s what they say for 2024:

“Session hijacking will take on an increasingly prominent attack role. … ’Even more organizations will shift to passwordless access management, from passkeys to MFA, to help thwart attacks. Threat actors will evolve their tactics in lockstep to dupe enterprise and third-party users, steal session cookies and bypass strong authentication mechanisms. Their creativity will pay dividends; by 2024, session hijacking will account for 40% of all cyberattacks. Continued vigilance in securing, monitoring and responding to user sessions and cookies abuse/compromise is critical – especially with Google’s encouraging promise to wipe out cookies for good, never underestimate innovative attackers who will find another way.”

“But 30% of organizations will pay for lax password protections: ‘Traditional credential theft will be less prevalent when passwordless takes hold and is used correctly. Yet, credential theft isn’t going away. Why? Organizations implementing passwordless authentication may require a backup factor, and many companies will fall back on insecure options – passwords. As security teams fight new fires, attackers will take advantage of lax password protections, and 30% of organizations will experience an increase in data breaches linked to credential theft.’

“55% of enterprises will expedite tech consolidation to simplify security: ‘Most organizations’ IT and security environments are already too expansive, complicated and difficult to manage. Teams are rarely skilled in every tool they must cobble together with other ones, forcing them to hire or bring in outside experts. And since each platform focuses on specific things and overlap with others, teams struggle to see – let alone understand – every potential vulnerability and threat in their cloud-centric environments. Missed SLAs, spiraling overheads and dangerous security drift will push 55% of enterprises to accelerate tech consolidation. They’ll aim to simplify operations and maximize existing resources by working with fewer vendors and systems.’”

Here’s the CyberArk three-year look:
21)  Qualys — Via enterprisesecuritytech.com, Qualys offers a solid set of predictions called Qualys 2024 Cybersecurity Forecast: Streamlining, AI Support, and Soft Skill Emphasis.

Jonathan Trull, chief security officer at Qualys, writes, “CISOs are increasingly under pressure to quantify cyber risk in financial terms to C-suite and boardroom.

“De-risking the business and reducing cyber risk has become a central focus of executive stakeholders, from the CEO to the board of directors. CISOs find themselves in a challenging position – under immense pressure to address critical issues, while working with budget constraints that are tighter than ever. They are tasked with doing more with less. CISOs are being pushed more into the conversation of the financial impact of cyber risk. They need to be able to measure cyber risk in terms of financial risk to the business, communicate that effectively to the C-suite and boardroom, and eliminate the most significant risks expediently. The CISOs that succeed in these areas will be the ones that last in their roles.”

Other predictions include:

• CISOs will go from consolidation to simplification around security
• Skill issues will force more hands around AI deployments
• Education and soft skills will get more focus  

See also this Qualys list from and ITBrief Australia.

Also, this YouTube video From Qualys, with IDC included.

22) NortonLifelock — A surprisingly strong list from NortonLifelock’s cybersecurity predictions for 2024.

I encourage you to read their commentary on AI and GenAI. Here’s how they start:

“As we stand on the brink of 2024, the nature of cyber threats is undergoing a profound transformation: We are now expecting the threat landscape to be filled with frequent, highly individualized attacks in 2024. The advancement of artificial intelligence (AI) will notably enable the development of sophisticated tools. Criminals will use these tools for targeted messaging in victims' languages, enhancing manipulation.

“Next year, we anticipate ransomware and scams that are designed to manipulate individuals emotionally. As we navigate this changing landscape, our predictions for the next year offer insights into the challenges ahead, as well as the measures we can adopt to fortify our digital defenses.”

Here are some of NortonLifeLock’s non-AI predictions:

Digital blackmail will evolve and become more targeted.

• Ransomware will become more complex and damaging.
• Evolving attack methods: exploiting VPN and cloud infrastructure.
• Diversification of extortion methods beyond encryption.

Threat delivery will become more sophisticated on mobile:

• Instant loans as a lure into blackmail and extortion.
• Trojanized chat apps with spyware and stealing modules.
• Shifts in the delivery techniques of mobile threats.

Rising threats in the cryptocurrency sphere:

• An increased focus on crypto wallets by cyber criminals.
• Malware as a service will continue to evolve.
• Vulnerabilities in crypto exchanges and cross-currency transactions.

23) Threatlocker & G2 — Start with this G2 piece: “2024 Trends: Embracing Human-Centric Security in an Automated World.”

They lead with: “Security solutions will protect organizations through human behavior, not AI capabilities, in 2024.” Next, “an increasing number of reviewers achieve ROI at a progressively faster rate.”

I really like this Threatlocker video featuring Chase Cunningham, known as Dr. Zero Trust, from G2:
They lead with election security against China and Russia for the U.S.

Excellent Threatlocker solution resources are here.

24) FTI Consulting — An excellent set of 10 Global Cybersecurity Predictions for 2024 that has solid references. Here are their items, but see the details at their website:

• Election Security Making Headlines
• A Two-Sided Approach to Artificial Intelligence
• Widespread Adoption of Zero-Trust Architecture
• Cities Integrating IoT into Critical Infrastructure
• Increasing Cybersecurity Supply Chain Risks
• Third Party Scrutiny Taking Priority for Compliance Officers
• The Start of Significant Fines From Australian Regulator
• Corporate Responsibility Shifting to Individuals
• Organizational Transparency Surrounding Cybersecurity
• Emergence of Incentivized Cybersecurity

BONUS: SIX MORE CYBER TRENDS AND SECURITY PREDICTION REPORTS

25) SolutionsReview.com — 2024 Cybersecurity Predictions from Industry Experts

Here are the beginnings of three of their industry expert predictions:
John Stringer, head of product at Next DLP: “In 2024, AI will better inform cybersecurity risk prevention decision-making. Elsewhere, disgruntled employees may lash out at stricter working-from-home policies as insider threats loom. …"

Steve Wilson, chief product officer at Exabeam: “Companies are under constant assault and frankly, the cybersecurity sector is failing customers. Businesses, government agencies, healthcare installations and more are in the unfair position of being attacked from the outside by nation state actors, while employees exfiltrate and sell company data from the inside. …”

Darren Shou, chief strategy officer at RSA Conference: “While not new for 2024, mental health challenges will continue for many in the cybersecurity industry who are overworked and underappreciated. The stress that cyber employees endure day in and day out to secure vital systems, companies and individuals is only compounded and exacerbated by the skills gap shortage that our industry faces. …”

26) F5 — F5 2024 Technology Outlook: A duo of trends is converging and promises to drive significant change in security in 2024:

• The Convergence of Security and Observability
• The Rise of AISecOps

But more interesting, perhaps, are the technologies that are enabling observability, security, and AI. These are the technologies that make new capabilities and use cases possible and are driving us toward convergence much faster than would otherwise be possible:

1. eBPF
2. APIs
3. GraphQL
4. DPUs

27) Barracuda — Cyberthreat predictions for 2024 from Barracuda’s security frontline

A very good roundup of top Barracuda experts in a different format with Q&A. Here’s how they begin: “Predicting the future is difficult, but you can anticipate what is likely to happen by looking at how things have evolved over the past year. This year again, Barracuda asked colleagues who work on the security frontline, from XDR and offensive security to international product experts, our own security operations team, and more, about the things they witnessed in 2023 and expect to see in 2024.”

Predictions of note:

• “Attackers are shifting toward small and mid-market businesses as they are aware of the increased digitization and lack of cybersecurity professionals in the market.
• Attackers will keep exploiting the weakest links within businesses. As always, cybercriminals are interested in the path of least resistance. This means organizations need to make sure they have an overarching strategy ready to deal with all vectors rather than focus on one.
• I see two trends. The first one is the continuation of the usual threat vectors as attackers know that companies are both understaffed with inexperienced IT teams and grappling with possibly legacy, outdated, or misconfigured solutions. The second one is the natural evolution of technology — as we enhance our security assets with AI-based solutions, we are automatically creating new attack vectors that are crafted based on the quality of results of generative AI itself.”
  

28) FastCompany — 5 cybersecurity predictions for 2024 — The topics are common, but the explanations are unique and worth reading.

• Advanced phishing
• AI-powered scams
• Increase in supply chain attacks
• Deployment of malicious browser extensions
• Changing demographics brings more threats

29) Security Scorecard — Predictions for AI and Cybersecurity in 2024 Looking Ahead to the New Year

• The rise of specialized language models in cybersecurity
• Threat actors will use AI to get ahead
• AI governance will dominate legislative agendas
  

You can also view this video from Security Scorecard and Help Net Security.

30) Bernard Marr in Forbes — “The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now”
Here are his top five items:

• The Cyber Security Skills Crunch
• Generative AI Adopted on Both Sides of the Battle
• Next-Level Phishing Attacks
• Cybersecurity in the Board Room
• Cyber Resilience — Beyond Cybersecurity
  

HONORABLE MENTION SECURITY PREDICITONS

ITBrief Australia: Eight vendor AI security predictions for 2024

Here’s one of these items from Bernd Greifeneder, chief technology officer at Dynatrace:

“In 2024, next-generation threat intelligence and analytics solutions will phase out security information and event management (SIEM) systems. These modern solutions enable security teams to extend capabilities beyond log analytics to access the context provided by a broader range of data modalities and different types of AI, including generative, causal and predictive techniques, working together. As a result, organizations will gain access to deeper and more accurate, intelligent, and automated threat analysis, helping to protect their applications and data from increasingly sophisticated threats.

“In 2024, organizations will also increasingly appoint senior executives to their leadership teams to ensure readiness for AI's security, compliance and governance implications. As employees become more accustomed to using AI in their personal lives, through exposure to tools such as ChatGPT, they will increasingly look to use AI to boost their productivity at work. Organizations have already realized that if they don't empower their employees to use AI tools officially, they will do so without consent. Organizations will, therefore, appoint a chief AI officer (CAIO) to oversee their use of these technologies in the same way many have a security executive, or CISO, on their leadership teams. The CAIO will center on developing policies and educating and empowering the workforce to use AI safely to protect the organization from accidental noncompliance, intellectual property leakage or security threats. These practices will pave the way for widespread adoption of AI across organizations.”

Raconteur: Five cybersecurity predictions for 2024

Item No. 5: Plugging software holes will become more difficult

GetApp: GetApp's 5th Annual Data Security Report: U.S. Businesses Gaining Ground Amid Ongoing Threats

Note: This report is more current facts than predictions, but there are a few projections thrown in. One item: “IT security spending is up at 70 percent of businesses.”

KnowBe4: Top Five 2024 Cybersecurity Predictions by KnowBe4 Cybersecurity Experts

Item No. 3: A cooling economy that will impact security programs and business continuity plans.

Spiceworks: Experts Talk: Predicting the Cybersecurity Landscape in 2024

Scott Kannry, CEO and co-founder of Axio, on the role of CISOs: “The reality is that cybersecurity will take its place in an organization’s fiduciary responsibilities in 2024, making the individual ultimately responsible for cybersecurity on the same plane as CFOs, CEOs and the other directors and officers of the organization (who are covered by D&O liability insurance).”

Jersusalem Post, with Cybersixgill: 5 cybersecurity trends to look out for in 2024

Item No. 5: Expanding motivations for cyber attacks:

“In its fifth prediction, Cybersixgill highlights the broadening motivations behind cyber attacks in 2024. As geopolitical tensions and other issues come to the forefront, threat actors are predicted to target entities beyond financial gain.

"With 40 national elections worldwide, the motivations of threat actors are expected to broaden beyond financial gain. Cybersixgill anticipates an uptick in attacks targeting entities without profit centers, such as schools, hospitals, public utilities and other essential services. This shift in motivation may also manifest through the growing trend of cyber criminals offering their skills and expertise for hire through ransomware-as-a-service, malware-as-a-service and DDoS-as-a-service offerings.

Affiliate programs are predicted to flourish as powerful cyber criminal gangs franchise their ransomware technology, making the extortion business accessible and profitable to a larger pool of threat actors.”

CIO Magazine: Generative AI: 5 enterprise predictions for AI and security — for 2023, 2024, and beyond

Item No. 1: Enterprise use of AI tools will only grow, with industries like manufacturing leading the charge.

GBhackers: Open Source Security: Trends and Predictions for 2024

Item No. 1: Increased scrutiny and analysis along with dedicated open source security teams.

Medium.com, The Generator: The 3 AI Security Trends You CANNOT Ignore in 2024

Item No. 1: GenAI video and audio adoption to increase.

CPO Magazine: Top Security & Risk Management Trends in 2024

First, an overall increase in cybersecurity attacks and data breaches: “Hardly a day or week goes by without the mention of a high-profile cyber attack in the news — and those are just the ones we hear about. The numbers are staggering: Around the world, 30,000 websites are hacked every day with a new attack occurring online every 39 seconds. In general, the cost of global cyber crime is expected to increase 15 percent over the next five years, reaching $10.5 trillion per year by 2025.”

SecurityWeek: Five Cybersecurity Predictions for 2024

Up first, "A Never-Ending Story: Compromised Credentials."

Interface Systems: Interface Shares its 2024 Technology Predictions

The list begins with, “AI and Automation Will Improve Monitoring Operations.”

Comcast Technology Solutions: Nicole Bucala, vice president and general manager at Comcast Technology Solutions, offers "Three security data predictions for 2024."

Here are the first two:

• Big data insights won’t be just for data scientists anymore.
• Cybersecurity teams will make the jump into data lakes to wrangle siloed data sets and decrease security data storage costs.
  

Stratosphpere Networks: Your 2024 IT forecast: 4 technology predictions for the upcoming year

Like others, they lead with AI risk management will become a pressing concern.

BigID: 2024 Data Security Predictions and Beyond

I really like No. 3 on their list: A Progression Toward Security Tool Consolidation.

“Did you know organizations use an average of 47 cybersecurity tools to identify and contain threats?

"It’s no surprise that IT staff often have difficulty tracking and monitoring each tool, meaning security risks might slip through. Moreover, maintaining so many tools is resource-intensive and increases overhead costs.”

Also, pay attention to No. 5, Quantum Computing to Break Traditional Encryption Methods.

Abnormal Security: Defensive AI, Deepfakes, and the Rise of AGI: Cybersecurity Predictions and What to Expect in 2024

Jade Hill leads with three AI items, and offers this surprising, but likely, prediction: "Social engineering attacks will remain responsible for billions in losses, with federal grant funding becoming an increasingly attractive target."

SimpliLearn: Top 20 Cybersecurity Trends to Watch Out for in 2024

The most original item on their list comes first:

"Rise of Automotive Hacking — Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and Wi-Fi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.”

DigiCERT: DigiCert Unveils APAC Predictions for Digital Trust in 2024

• "Senior executives will become more knowledgeable about post-quantum computing, and companies will start accelerating their investments.
• Identity and provenance become the foundation for content authenticity.
• Software supply chains will see trust embedded in building blocks: inspect before you sign, check packages, provide Software Bill of Materials (SBOM) transparency.
• IoT trust will enable real-world use cases such as EV chargers and medical devices.
• We will see chief digital trust officers emerge as a key participant on the executive team leading the business.
• Zero trust as an architecture will proliferate. Its foundation will rest on digital trust."
  

Direct Defense: The Top Cyber Security Threats for 2024: Expect More Sophisticated Attacks, More Cunning Bad Actors

Here are three of their forecasts:

• Going around endpoints to attack on-premise cloud environments
• Increased investment in attack campaigns
• Ransomware attacks shift to a "calling card" after the network has been breached

Security Week: Five Cybersecurity Predictions for 2024

Item No. 4: White House Cybersecurity Strategy Triggers Revival of Vulnerability Management

Cloud Security Guy: Cloud Security Trends in 2024 (Youtube video)

Item No. 1: GenAI in the cloud

Amazon via Forbes: Amazon CTO's Tech Predictions For 2024 (video)

Focus on AI and training LLMs.

Fortra: After AI: Cyber Predictions for 2024 (YouTube video)

Vendor consolidation will accelerate, with emphasis on interoperability and automation.

Optiv: What Lies Ahead? Cyber Trends to Watch in 2024 and Beyond (YouTube video)

Focus on AI and increased cyber threats.

Cisco/Talos: Talos December APJC Update: Talos Year in Review highlights and 2024 cybersecurity predictions (video)

How global conflicts influence cybersecurity trends and new threats.

UC Today: Navigating the Future: Microsoft Teams Predictions 2024 (video)

“As we delve into the possibilities for Microsoft Teams in 2024, a variety of expert insights suggest an exciting year ahead. Patrick Watson from Cavell Group hints at significant developments in mobility solutions, sparking curiosity about potential revelations from Microsoft regarding Teams Phone Mobile. Tom Arbuthnot foresees further enhancements in Teams, with a particular emphasis on AI, suggesting a more immersive end-user experience through premium features.

“Graham Walsh sheds light on the challenges faced by small and medium-sized businesses in adopting new technologies like Copilot, with cost being a primary barrier. Meanwhile, Dan Balitewicz anticipates a bold move from Microsoft, potentially introducing a comprehensive contact center solution, expanding beyond the existing framework of Teams.

“Kevin Kieller expects significant advancements in Copilot, hinting at transformative changes that could redefine the functionality of Teams Premium. Josh Blalock’s vision suggests a blurring of lines between professional and social networking, with Teams possibly integrating more closely with various social apps.”

Cofense: 6 Email Security Predictions for 2024: Cofense Experts Weigh-in 

Top two items:

1. Joshua Bartolomie, vice president of Global Threat Services —  “Organizations will shift to focusing on what they don’t know about their cybersecurity risks, leaning on threat intelligence more than ever. …”
2. Dawn Creter, director of product management — Email security reporting will be front in center in the boardroom — “Today, more than ever, cybersecurity is a main agenda item for every board meeting. Organizations are starting to hire cyber experts to sit on boards to ensure the right questions are being asked to security leaders about business and cyber risk. This spotlight on cybersecurity will only grow in 2024 as threats, especially those related to email, continue to increase. ...”
   

Veritas Live: Veritas L!VE: 2024 Cyber Risk Predictions (YouTube video)

They lead with AI advances and phishing attack emails (10-minute mark). How do you protect your data?

Cloudflare: 2024 vision: 10 predictions for technology leaders

Top three:

• Starlink will bypass national Internet policy.
• The front-end developer role will be permanently redefined.
• The first AI model breach will take place.

Netskope: 2024 Predictions podcast

Sherron Burgess, senior vice president and CISO for BCD Travel: “The thing that I’m always worried about from an AI standpoint is the implications societally and what that may mean. I’m concerned that society will lose its responsibility to check machines and to really understand what’s real and what isn’t. And so I think that’s the ethos that we have to think about as we go into this new world and the promise of what AI is. …”

Frontier Enterprise: The 2024 technology predictions bonanza

Long list of predictions on many topics (most not security, but a lot of AI). In cyber, they lead with: “Safe AI will be a primary focus for leaders. Currently, there is no universal AI regulatory standard, but governments in the region are proactively establishing trusted AI frameworks that emphasize privacy, security and ethical data handling practices. For example, Singapore’s Infocomm Media Development Authority (IMDA) and the AI Verify Foundation have launched the Gen AI Evaluation Sandbox to set new benchmarks for evaluating generative AI.”

American City & County: 2024: 12 predictions for cities and counties (AI stars in all 12)

From my friend Alan Shark: “AI in cybersecurity will enhance or supplement the ability to protect sensitive data, infrastructure and systems from cyber threats. Local governments will also use AI to better monitor network systems and seek out anomalies and intrusions and at the same time take immediate remedial action to mitigate any cyber incident. AI can and will implement robust cybersecurity measures and ensure compliance with data protection regulations.”

Strobes: Cybersecurity Trends 2024: Lessons from 2023 & Predictions to Watch Out for!

They lead with: “Increased Sophistication in Attack Vectors — From advanced phishing schemes to polymorphic malware, the breadth and depth of attack vectors are expanding with organizations’ growing digital footprint.”

NordVPN: Predicting the biggest cybersecurity risks of 2024 — according to hackers

Nice infographic. Unique item: Hackers will find new ways to bypass biometric authentication. Biometric authentication won’t be the answer.

Edgio: AI, Security Culture and Rising Threats: Cybersecurity Predictions for 2024 

The top two items here are “AI bridges the cyber skills gap”  and “DDoS and ransomware attacks reach a new level of maturity.”   

Security Today: Five Cybersecurity Trends Predictions for 2024

Here is their fifth prediction: “Geopolitical and other issues will broaden attackers’ motivations beyond financial gain, resulting in a growing pool of targets, attack vectors and tactics.”

Splashtop: Top 10 Cyber Security Trends And Predictions For 2024

Trend 9: "Blockchain and Cybersecurity — As we progress through 2024, blockchain technology is increasingly being recognized for its potential to significantly enhance cybersecurity measures. Blockchain, at its core, is a decentralized ledger technology known for its inherent security features like immutability, transparency and resistance to tampering. These characteristics make it an appealing option for securing digital transactions and protecting data from cyber threats.”

HashiCorp: Three Voices, One Future — Cloud and Security Trends for 2024 (YouTube video)

Great discussion on AI, data and the future of the cloud.

Security Magazine: Top physical security predictions for 2024

Dean Phillips, director of public sector programs at Noname Security: “In 2024, I predict that there will be a persisting division between the private and public sectors as government AI policy implementation takes shape. Government agencies, along with private companies outside government, such as critical infrastructure, that are impacted by proceeding policies, will be forced to comply. However, a pronounced divide will emerge in cases where there are no government-mandated policies concerning private companies. These private entities will adhere to a wide range of AI approaches, and many will choose to create their own policies. I expect that this lack of consistency, in contrast to the structured government approach, will persist into the foreseeable future.”

2024 SECURITY PREDICTION INDUSTRY REPORT AWARDS   

Best and Most Comprehensive Vendor Report Overall: Google Cloud/Mandiant wins top prize for the first time ever with Cybersecurity Forecast 2024: Insights for Future Planning. Well done for taking the spot from Trend Micro, who falls to a close second with Critical Scalability: Trend Micro Security Predictions for 2024.

Most Creative Report: WatchGuard — Their 443 Podcast on YouTube video, along with their 2024 prediction blooper real, is always fun and creative and different than others. Great work, guys. For their actual prediction list, see their six items:

• Prompt Engineering Tricks Large Language Models
• MSPs Double Security Services via Automated Platforms
• AI Spear Phishing Tool Sales Boom on the Dark Web
• AI-Based Vishing Takes Off in 2024
• VR/MR Headsets Allow the Re-Creation of User Environments
• Rampant QR Code Usage Results in a Headline Hack

Favorite Overall Unique Prediction: Forrester — “Bring your own AI (BYOAI) for 60 percent of us, as enterprise solutions lag.”  

Scariest, but Still Practical, Prediciton: Gartner — “7 Disruptions You Might Not See Coming: 2023-2028.”

The items are (but please watch the video):

• What If Geomagnetic Storms Knocked Out Your Internet Access?
• AI-Driven Legacy Modernization.
• Regulation: Limit the Evolution of AI, laws rights, (Trust AI providers will emerge).
• AI Creates a Golden Age for “Silver Workers” (helps solve tech talent crunch).
• Laggards Leapfrog Leaders — Startups for Sale.
• “Engineering Innovation Pace” — No pain, no gain.
• Space Race 2.0.

Most Common Prediction: AI and GenAI brings good, bad and ugly to the world (almost every list includes AI predictions).

FINAL THOUGHTS

I took a slightly different approach this year to get you some more outstanding free cyber prediction content that is not packaged as a single annual report. Free content from Gartner, Forrester, IBM and IDC comes from recent risk management and cybersecurity conferences, online seminars, podcasts and other free YouTube content that offers very helpful forecast material. This is deeper-dive material that is worth watching and learning from on AI and many other security topics.

What’s missing? After the lessons learned over the past five years from COVID-19 and from wars, like Ukraine-Russia and Hamas-Israel, there needs to be a way to discuss big things that are unknown but could still happen to disrupt the world, our technology and cybersecurity in a major way.

So for example, no report that I read predicts China will invade Taiwan, but everyone realizes that a major event like that would rock our world, if it did happen. Therefore, I admire the approach Daryl Plummer takes to discuss “7 Disruptions You Might Not See Coming,” which urges viewers to think outside the normal box placed around predictions. Still, I was surprised to not see any scary “Cyber 9/11” or a “Cyber Pear Harbor” predictions, such as the electric grid or financial system being hacked.

In closing, I predict more cybersecurity predictions than ever before December 2024. Many people will offer “25 security predictions” because of the significance of the year 2025, as we are one-fourth of the way through this century.

And, no doubt, GenAI will be used to come up with many security predictions next year. (Indeed, AI may have been used this year for some of these 2024 predictions, but no one I read admitted to that — yet.)

In fact, by 2030 or 2035, this entire report will likely be assembled using GenAI. But in the meantime, don’t be fooled by deepfake imitations or lookalikes. There is only one genuine source that aggregates most of these cyber industry predictions for the new year in one place.

Finally, I’d like to wish you a happy New Year, and thank you for following “Lohrmann on Cybersecurity.” I hope you will come back next December for “The Top 25 Security Predictions for 2025.”