The importance of cybersecurity has been on the rise for a while now. In 2024, cybersecurity will make its way into boardrooms, enter the AI battlefield, or change how businesses juggle their trade secrets and sensitive communications.
Here are our top 8 cybersecurity trends to look out for in 2024:
Contents
1. Next-level Zero Trust
2. Identity security and management
3. Next-level secure business communications and collaboration
4. Cybersecurity regulations and compliance
5. OT and IoT cybersecurity
6. Cybersecurity insurance
7. AI and deepfake cyberattacks
8. Quantum computers and data harvesting
How to be cyber-secure in 2024
1. Next-level Zero Trust
Zero Trust is a familiar concept now. But in 2024, we will see Zero Trust truly take over cybersecurity. And it won’t be just about Zero Trust architecture anymore.
Yes, organizations will widely adopt the needed architecture to become perimeter-less and border-less – if they haven’t yet. (Meaning, every internal or external user and device is verified before accessing an organization’s networks, systems, applications, or data – no matter their location within or outside the borders of the organization or its defined perimeter.)
However, as the threat/risk landscape evolves, so does Zero Trust.
The next-level Zero Trust approach will take it even further. Its focus won't be just on being proactive, but also on being holistic and adaptable. Here’s what it means:
- Verifying identities of users and devices before they access any of your resources – that's proactive. It helps you prevent risks.
- Considering your entire, complex ecosystem of various users (third-party vendors, partners, remote workers, etc.) and various devices (BYOD, company devices, IoT, etc.) and implementing the right authentication methods – that's holistic. For example, your privileged users and super admins hold the most power within your ecosystem, thus, they should always and continuously be strongly verified with passwordless, keyless, biometric authentication.
- Utilizing the latest technology (like AI-powered real-time analysis) to continuously monitor your ecosystem, immediately flag any anomalies, and automatically adjust processes accordingly to reduce and mitigate risks – that's adaptable.
2. Identity security and management
Hand in hand with Zero Trust, identity security will gain importance.
Businesses will implement stronger identity verification mechanisms to ensure that employees, partners, vendors, or customers are truly who they say they are. And not just once, e.g. during onboarding, but continuously.
This step toward more identity-focused security is also visible in the roadmaps of some of the tech giants. For example, Microsoft made its entrance into the IAM market last year with its Entra ID.
Continuous identity verification will be necessary especially due to new types of identity-based cyberattacks. Identity theft is nothing new, but identity theft combined with AI-generated audio and video content will complicate identity security.
As a result, we will see a rise in the usage of more bullet-proof identity authentication methods, like biometric authentication. And businesses will be forced to pay more attention to who accesses their ecosystems, how, what resources they access, and with what rights – especially when it comes to critical assets.
3. Next-level secure business communications and collaboration
2024 will only cement what the past few years stirred up – businesses need highly secure tools to share and collaborate on their sensitive business data.
Otherwise, they end up like Wall Street companies after using WhatsApp to discuss deals or several US governmental agencies after Microsoft got hacked. Meaning, they end up with their data leaked and with massive fines to pay.
This year, businesses will start moving away from using regular (and in many cases non-compliant) tools to communicate about business secrets or share sensitive information. Instead, organizations will search for authorized, auditable, and secure business collaboration tools that allow them to, for example:
- utilize end-to-end encrypted messaging or audio/video calls to discuss business secrets in real-time,
- share confidential data within and outside their organization without worrying about data leaks,
- collect sensitive and personal data in a compliant and secure manner,
- or send and sign confidential documents digitally.
All without the risk of data leaks and non-compliance with data security laws and regulations.
4. Cybersecurity regulations and compliance
This year will see two major cybersecurity frameworks coming into force. And they will have a serious impact, especially if companies end up non-compliant.
First, the NIST Cybersecurity Framework (CSF), originally published in 2014, is getting an update. The new version called CSF 2.0 will be published in early 2024 and will reflect the changed cybersecurity landscape of the past ten years. On top of other additions, the updated framework will include detailed guidance for organizations on how to implement CSF 2.0.
Then, on October 17, 2024, the NIS2 Directive will come fully into effect. By that date, the law must be implemented on the EU national level and organizations must be compliant with it. Those who fail to comply will be fined up to €10,000,000 or 2% of the organization’s annual global revenue.
NIS2 is an updated version of the NIS Directive from 2016 and reflects changes in cybersecurity in post-COVID-19 Europe. Its scope is wider – including additional industries and services or more detailed reporting requirements.
5. OT and IoT cybersecurity
In 2024, OT/IoT cybersecurity will be a must for industrial and critical infrastructure sectors.
Remote work and maintenance are becoming more and more common in the industrial and OT sectors. This requires OT/IoT devices to access the internet and allow remote connectivity. With the interconnected nature of these devices, more of them access the internet and “talk” to each other, and without proper cybersecurity – more doors open for cyber-attackers.
In fact, we have already seen this in the past few years with cyberattacks on OT businesses rising in numbers.
For OT businesses, remote access poses a security challenge: They need to modernize their systems and, at the same time, ensure that appropriate security controls are in place.
And it gets more complicated due to the sheer complexity of OT environments – with employees, remote employees, third-party vendors, partners, etc. All of them need access to various targets with various levels of privilege for varying amounts of time.
This will give rise to next-level IT/OT convergence with looser boundaries between IT and OT environments, which will allow OT cybersecurity to “learn” from its IT counterpart. Especially when it comes to access and identity security.
6. Cybersecurity insurance
The importance of cybersecurity has been slowly on the rise for the past few years. Culminating in 2024, we will see an increase in CISOs and other cybersecurity experts joining leadership teams and boards of directors.
Why? C-level and senior executives finally caught up and realized that poor cybersecurity can damage their business. More importantly, accountability is shifting – we will see not only companies but also individual executives being held accountable for cybersecurity attacks and related consequences.
This is also supported by new regulations. For example, the NIS2 directive states that business leaders have personal liability.
All this will ultimately have a positive impact. It will lead to a change of mindset from reactive cybersecurity (reacting to attacks) to predictive and defensive cybersecurity (predicting attacks and preventing them before they even happen).
7. AI and deepfake cyberattacks
In 2024, the battle of AI-powered cyberattacks versus AI-powered threat detection will commence.
On one hand, AI will help cybercriminals create smart, more sophisticated, and adaptive attacks. For example, AI-generated phishing attacks and deepfake social engineering audio and video will become almost impossible to recognize, and intelligent malware will be able to adapt to avoid detection.
On the other hand, AI is already being used to detect and deal with cyberattacks, e.g., by using behavioral predictive analytics, detection of anomalies, or automatic response.
Not only that, but we will also see a higher number of cyberattacks targeting AI and AI businesses.
8. Quantum computers and data harvesting
By now, it is clear that quantum computers are not fiction anymore. With the breaking of the 1000-qubit barrier in 2023, we are one step closer to an extremely powerful machine that will change the technology landscape forever.
And cybercriminals took note of that too. In 2024, malicious actors will double down on harvesting long-term sensitive data, even though they can’t decrypt it yet. But once they get their hands on a powerful enough quantum computer (in the not-so-far future), they will be able to decrypt the stolen data and abuse it.
This only highlights the dire need for protection against such attacks with post-quantum cryptography (PQC). For example, the US government is already making steps towards PQC, and commercial solutions offering PQC protection of sensitive data-in-transit already exist. (Such as our NQX or Tectia Client/Server Quantum-Safe Edition.)
Additionally, the final NIST standardization of preferred PQC algorithms is expected in 2024, which will also increase the adoption of PQC algorithms.
How to be cyber-secure in 2024
Whether these predictions make you hopeful or worried - most likely, you are curious about how to improve your cybersecurity posture for 2024 as well as the upcoming years.
We at SSH Communications Security can assist you with:
- Next-generation Zero Trust secure access and communications and identity security
- Next-level secure business collaboration
- OT cybersecurity and secure remote access for OT
- Quantum-safe security
