The start of a new year always initiates a deluge of forecast articles; after a year’s passing, our news feed gets inundated with retrospective pieces. However, we often ponder whether experts made correct predictions in January on the unfolding events of the year. As we approach the end of 2024, let’s reminisce and evaluate if the foresight about cybersecurity events was accurate.
Here are five anticipated trends for 2024.
1. Surge in the utilization of artificial intelligence in cybersecurity
At the onset of the year, it was evident that artificial intelligence (AI) would play a significant role in the year’s proceedings — a prediction that proved to be correct. Many organizations adopted or continued to employ AI in various aspects of their cybersecurity operations. For instance, Microsoft’s internal response teams leveraged a sophisticated language model to streamline requests and tickets based on historical handling, saving 20 hours per personnel weekly.
During the focus on the Paris Olympics over the summer, the squad responsible for safeguarding the data, applications, systems, and infrastructure of the games resorted to AI. Despite 140 cyber attacks traced back to the Olympics, diligent efforts ensured no disruption to the competitions.
Throughout the entire Olympics duration, encompassing pre-ceremony to post-parade, cybersecurity teams used AI to fortify critical systems, safeguard sensitive data, and enhance vigilance within the games’ environment. Furthermore, AI-driven algorithmic video surveillance scrutinized videos to detect deserted bags, weapon presence, aberrant crowd movements, and flare-ups.
2. Increase in AI-based threats and assaults on organizations
Regrettably, the forecast proved accurate as cyber malefactors also embraced AI technology to execute attacks with greater efficacy. Threat actors deployed AI in various capacities for breaches and cyber incursions, including enhanced reconnaissance, precise target profiling, and reduced skill requirements for perpetrating attacks. Through automation of key attack components like vulnerability scanning, exploitation, and data extraction processes, more cyber criminals now possess the means to execute more catastrophic attacks.
“With the advent of gen AI, assailants are increasingly utilizing tools alongside sophisticated language models to orchestrate extensive social engineering endeavors, and Gartner predicts that by 2027, 17% of total cyber attacks/data breaches will involve generative AI,” as mentioned by Gartner in an August 2024 press release.
IBM’s distinguished engineer Jeff Crume firmly believes that the trend of cyber perpetrators harnessing AI for nefarious deeds will persist into 2025. He underscores that cyber professionals must enhance authentication measures since intruders are finding it simpler to gain access rather than hacking through. While the detection of flawed grammar and spelling currently suffices to identify phishing attempts, he anticipates this method’s obsolescence as AI-driven phishing attacks proliferate.
Discover cybersecurity services
3. Escalation in deepfakes and deceitful practices
As projected by experts, the threat of deepfakes intensified in 2024, with perhaps the most striking deepfake incident unfolding. In early 2024, malefactors fabricated a deepfake video call, resulting in an employee transferring $25 million to the cyber criminals, showcasing the damaging potential of deepfakes. The World Economic Forum foresees a continued surge in such occurrences, even labeling AI-driven disinformation as the primary global threat in the upcoming two years.
Throughout the year, additional deepfake-related incidents made headlines. Quantum AI, an AI firm, faced suspicion from the Securities and Exchange Commission for utilizing AI to fabricate deepfakes on social media purporting Elon Musk’s involvement in developing the company’s technology. Even the esteemed Paris Olympics encountered deepfake challenges, with Russian Group Storm-1679 implicated in creating AI content to discredit the International Olympic Committee. As 2024 drew to a close, German citizens observed a surge in AI-propagated misinformation related to the impending German elections in 2025, spanning text, visuals, and videos.
4. Quantum computing’s escalating impact on cybersecurity
Ray Harishankar, IBM Fellow and IBM Quantum Safe expert, foresaw a rise in “harvest now, decrypt later” assaults in 2024. As the year progressed, concerns around quantum computing’s implications heightened, particularly regarding the harvest-now attacks. In July, the Office of Management and Budget issued the Report on Post-Quantum Cryptography, advising organizations to fortify their systems and processes for forthcoming advances in quantum computing.
By fall 2024, apprehensions regarding quantum’s repercussions intensified, as symmetric cryptography was projected to be compromised by 2029, with even asymmetric cryptography vulnerable to quantum technology by 2034.
“Nonetheless, the risks are not a distant concern. The threat of harvest-now, decrypt-later attacks is already looming, necessitating an accelerated transition to post-quantum cryptography,” as detailed by Gartner.
5. Decline in ransomware assaults
John Dwyer, former Head of Research at IBM X-Force, suggested a potential drop in ransomware attacks as more firms vowed to refrain from ransom payments. Although this wishful anticipation remains inconclusive, verdict on its accuracy hinges on comprehensive data analysis into 2024.
Nevertheless, Wired stated in mid-2024 that “ransomware exhibited no signs of deceleration in 2024 — despite escalating law enforcement actions.” By December, Heather Wishart-Smith chronicled in her Forbes piece The Persistent Ransomware Threat: 2024 Trends and High-Profile Attacks the escalating tactic of dual extortion by cyber perpetrators as a prevalent trend in 2024.
Overall, experts were mostly accurate in their 2024 forecasts. As we enter the upcoming year, we shall once again engage in the prediction game, pondering the cybersecurity landscape for 2025.