The Cyber Security Shakeup Continues in 2024

Cyber threats and cybercrime show no signs of slowing. The growing risk makes it imperative that organizations constantly evaluate their security posture and take steps to harden their defenses, protect internal networks, and secure data from the barrage of threats. So, let's explore what to expect in 2024 and beyond.

Cyberattacks and Ransomware

The latest Verizon DBIR report found that 95% of attacks observed in the past year were financially motivated. And the financial toll of breaches continues to grow, with IBM reporting that the average cost in 2023 was USD $4.45 million.

Ransomware accounts for 24% of cybersecurity incidents, and the median impact of an attack has more than doubled over the past two years to $26,000. In addition, ransomware tactics are shifting to data theft and extortion, which are less likely to be detected. This, coupled with the increasing availability of ransomware-as-a-service, means it will remain a leading threat vector.

Cybersecurity attacks will continue to wreak havoc in 2024. Therefore, organizations must implement a plan for when, rather than if, they will fall victim to a cyberattack to help mitigate the risks, costs, and impact of a breach. It should detail steps for identification, containment, eradication, recovery, and lessons learned and must be updated to consider new threats and technologies. In addition to integrating more threat intelligence technology, it's critical to reduce human error through regular training.

AI: Friend & Foe

Generative AI dominated headlines in 2023, with a range of new intelligent solutions released, including ones to help improve cybersecurity. However, cybercriminals are also harnessing AI's power for nefarious purposes. For example, an AI-powered bot can send phishing emails to millions of targets instantaneously. Applications such as ChatGPT make it easy to build malware attack scripts and create multiple variants, fueling more cybercriminal activity and making it more challenging to stop and this doesn’t even take into account generative AI on the dark web. The weaponization of AI by bad actors will continue in 2024, giving rise to new autonomous attacks.

IoT Attacks Expand

As the volume of connected devices keeps growing, so does their popularity as an attack vector. To mitigate the risk of malware and DDoS incidents, these products will increasingly have more security embedded in every layer. Initiatives, including the White House Cyber Trust Mark IoT labeling program, have been implemented to address some concerns and build consumer confidence in smart devices. Keysight is pleased to be part of this initiative, providing a framework for manufacturers to standardize and scale IoT security. In 2024, I expect to see similar programs adopted across the globe.

Zero Trust: Here to Stay

Organizations use the zero-trust security protocol to eliminate insider threats. This approach views internal users as high risk and undeserving of trust. By adopting a zero-trust security footprint, companies give users the minimum permissions to do their jobs. This helps ensure that the cybercriminal has limited access if an account is compromised. In addition, zero trust protects all connected devices on the network. As businesses' technology footprint continues to expand and cloud applications dominate, embracing zero trust will become essential.

Given zero trust’s broader business benefits, every organization would do well to embrace the philosophy. Forrester provides a framework for companies looking to adopt the approach, and it wisely advises, “enterprises realize the zero trust journey never ends and will use its principles for continuous improvement in the same spirit as total quality management.”

The Talent Gap Grows

Cybersecurity Ventures predicts that there will be 3.5 million vacant cybersecurity jobs by 2025 as the demand for talent continues to be immune to economic pressures. This is not a new trend, but it continues to be a significant problem as organizations look to address cyber concerns.

The above are just a few of the trends I expect to take shape in the year ahead. In 2024, the cyber landscape will continue to evolve and require constant vigilance from organizations. Keysight has various solutions to help businesses validate their security posture and stay safe from the latest threats. And with cybersecurity, there is no magic bullet, setting up 2024 as another challenging year for security teams.