When was the last “easy” year for security teams? Certainly not last year, this decade or even this century. Every year in recent memory has seen its share of noteworthy and novel cyberattacks.
It doesn’t take a crystal ball to predict 2024 will be more of the same. If anything, the pace and scale at which threats and challenges compound will only expand the threat landscape further and overwhelm current enterprise defenses more quickly than ever. Cybercriminals aren’t going to let up, and neither should enterprise security teams’ efforts to protect networks, systems, applications and data.
Cyberthreats aren’t the only security challenge for 2024, however. Newly adopted technologies bring their own vulnerabilities to address, and perennial issues make “top challenges” lists year after year.
Here’s a look at the top seven trends and challenges security teams and organizations need to be aware of in 2024.
AI experienced a banner year in 2023 with the introduction of generative AI (GenAI) platforms, such as ChatGPT. With their release came a slew of security challenges, especially when it comes to phishing.
This article is part of
Download this entire guide for FREE now!
GenAI can improve grammar and spelling to help attackers craft more convincing social engineering and phishing scams. But it can also gather information about people and companies from social media and other websites to conduct targeted spear phishing and business email compromise (BEC) campaigns.
A major AI phishing concern is deepfakes. This type of AI creates fake yet convincing audio, image and video content to fool people into believing their legitimacy. Deepfakes can lead to misinformation campaigns, blackmail, reputational damage, election interference, fraud and more.
Learn more about AI phishing attacks and how to prevent them:
AI and GenAI are such big topics that they warrant two entries in our 2024 list of security challenges. Beyond attackers using AI in phishing and other types of attacks, organizations face the following concerns related to the increasingly popular technologies:
Learn more about the security challenges of AI and GenAI and how to overcome them:
Many called 2020 the “year of ransomware.” Then came 2021 and 2022 and 2023. The trend isn’t waning. Verizon’s “2023 Data Breach Investigations Report” (DBIR) found that ransomware was involved in 24% of all breaches. Sophos’ “The State of Ransomware 2023” found 66% of organizations experienced a ransomware attack in the past year. Simply put, the threat cannot be ignored, especially as attackers are evolving their tactics into double and triple extortion attacks.
Learn how to protect against ransomware:
Increases in inflation, recession fears, geopolitical uncertainty, interest rates and gross domestic product continue to plague the IT industry. In response, many organizations are taking a hard look at budgets and spending less.
While security is often viewed as safe from budget and staff cuts due to its importance, it’s not immune to them. Plus, security has historically been viewed as a cost center because its ROI isn’t easily calculated. CISOs and security teams facing budget cuts and spending reductions must plan carefully to maintain the security of their company and colleagues while getting more done with less — and without burning themselves out.
Learn more about working with a constrained budget security:
The security industry is no stranger to the skills shortage. For years, report after report has concluded the industry needs more security employees than there are applicants. To make matters worse, budget cuts and layoffs often equate to fewer staff members on a team that must get the same amount of work completed no matter what.
The most recent “ISC2 Cybersecurity Workforce Study” found that although the cybersecurity workforce is now the largest the nonprofit has ever recorded at 5.5 million people, a worldwide security gap still increased year over year. The industry needs an additional 4 million people to properly protect and defend today’s organizations. Yet hiring employees with the necessary skills and retaining those employees is still a challenge. That is the reality even before considering potential budget cuts and layoffs.
Learn more about cybersecurity staffing issues:
Phishing isn’t solely an AI issue. It’s a never-ending challenge faced by organizations of all shapes and sizes, and no company nor employee is immune to attack. According to the 2023 DBIR, 18% of all breaches involved phishing.
These attacks, which involve malicious actors tricking employees into revealing passwords, credit card numbers and other sensitive data, come in many forms. Those forms include email phishing and the more sophisticated and targeted spear phishing, BEC, whaling, and vishing attacks.
The following are some notable phishing attacks:
Learn more on phishing attacks and prevention:
Organizations must be mindful of the third-party vendors and suppliers they work with. Trust is an inherent value here, but organizations should also do their due diligence in vetting third parties.
Software- and hardware-based supply chain attacks can devastate a company — just look at the SolarWinds hack reported in December 2020. It involved nation-state actors exploiting an IT performance monitoring system and gaining access to more than 30,000 SolarWinds customers and partners.
Also be aware of what software and software components third parties and services providers use, as evidenced during the 2021 Log4Shell exploit. A defect in the Java-based Apache Log4j library let malicious actors launch remote code execution attacks and potentially take control of target systems. While companies could quickly update the library version they used, the libraries used by their suppliers and partners — and in turn their suppliers and partners, and their suppliers and partners and so on — needed to be updated to avoid being vulnerable to attack.
Most companies are unsure of the components in their own software, let alone others’ components their software connects to. If one link in the software supply chain is vulnerable, everyone is at risk.
Follow proper patch management to ensure all software is secure and up to date. Use software bills of materials (SBOMs) and request them from third parties to know if components in partners’ software are secure.
Learn more about software supply chain security and SBOMs:
AI, ransomware, budget and staffing issues, phishing and supply chains are far from the only information security challenges enterprises will face in 2024.
Beware and prepare for the following issues that increase the attack surface and present cybersecurity risks as the year progresses:
Cybersecurity best practices and tips for businesses
How to develop a cybersecurity strategy: Step-by-step guide
How to perform a cybersecurity risk assessment
Equinix markets its Fabric Cloud Router as a monthly subscription service that organizations can access and configure quickly. It…
Prepare for the CCST Networking exam with this network hardware quiz from Chapter 10 of ‘Cisco Certified Support Technician CCST …
This excerpt from ‘Cisco Certified Support Technician CCST Networking 100-150 Official Cert Guide’ provides beginners with …
Many organizations recognize the importance of edge computing. Discover the latest insights on spending, device capabilities and …
Trends reshaping risk management include use of GRC platforms, risk maturity models, risk appetite statements and AI tools, plus …
This year, look for digital transformation trends to revolve around AI, cost containment, revamped delivery methods and a bigger …
Copilot Pro, a faster version of Microsoft’s AI tool, debuts with features such as ‘roll your own GPT,’ where users can build …
It can be difficult for Apple admins to adapt to every new OS release and the respective compliance changes. That’s where the …
Making changes to the Windows registry presents numerous risks for desktop administrators. Find out when to tweak the registry …
Deploying containerized 5G workloads in a cloud environment offers benefits like portability, optimized resource usage and …
Open source PaaS is a good option for developers who want control over application hosting and simplified app deployment, but not…
AWS, Google, IBM and Microsoft offer machine learning certifications that can further your career. Learn what to expect from each…
Are replication and snapshots the same? Can you replace backup with replication or snapshots? We look into the key planks of data…
Gartner’s latest spending forecast shows IT services is set to become the largest segment of IT spending in 2024
It is not just the UK government that has been forced to act quickly amid public anger, as a wounded Fujitsu stalls government …
All Rights Reserved, Copyright 2000 – 2024, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information
