As we usher in the new year of 2024, technology enthusiasts and experts are eagerly sharing their visions for the future. For the past decade, I have been compiling an annual Top Ten list, distilling the insights of brilliant minds. Building on the positive feedback received over the years, I am excited to uphold this tradition and present the meticulously curated Top 10 Predictions for 2024. This year’s edition is brought to you by Ericom, the Cybersecurity Unit at Cradlepoint.
In anticipation of the evolving tech landscape, these predictions offer a glimpse into the trends and innovations that may shape the coming year. As we look forward to the advancements ahead, the collaboration with Ericom adds a cybersecurity perspective, ensuring a comprehensive outlook on the developments that lie ahead in 2024.
Exploring the landscape of cybersecurity in 2024 reveals a myriad of challenges and opportunities that individuals and businesses must grapple with. At the forefront of these concerns is the pervasive threat of cyberattacks, which have an astonishing $10.5 trillion impact on the global economy. Compounding this issue is the escalating skills shortage within the cybersecurity industry, heightening the urgency for proactive measures.
A pivotal player in this dynamic cybersecurity landscape is artificial intelligence (AI). Remarkably, AI serves as both a boon and a bane for organizations seeking to fortify their defenses. On the positive side, AI empowers organizations to proactively detect and thwart threats in real time. It facilitates real-time authentication and activity monitoring, providing a foundation for companies to embrace a Zero Trust access model.
Conversely, cybercriminals are increasingly harnessing the power of AI to orchestrate sophisticated attacks. Machine learning algorithms, wielded by malicious actors, craft intricate phishing scams that can deceive even the most vigilant individuals. Moreover, these malevolent forces employ AI to outsmart security systems and devise automated malware capable of eluding detection. Complicating matters further, employees inadvertently expose company secrets by inputting sensitive information into generative AI applications, driven by a quest for enhanced productivity.
For cybersecurity professionals, whether seasoned experts or newcomers to the field, the imperative is clear: upskill and prepare for the impending challenges. The symbiotic relationship between AI and cybersecurity necessitates a continuous commitment to staying abreast of developments, adopting innovative strategies, and fortifying defenses against the ever-evolving landscape of cyber threats.
The menace of phishing attacks continues to loom large over organizational data security, with a staggering 90% of corporate security breaches attributed to phishing incidents. Despite concerted efforts in employee training, approximately 7% of users still succumb to the perils of malicious links. The prevalence and sophistication of phishing attacks are disconcerting, exemplified by the creation of a new phishing website every 20 seconds on average, and a troubling 70% of newly registered domains being repurposed for malicious activities.
Particularly alarming is the targeting of events such as Amazon Prime Day, a prime playground for phishing attacks. In the 90 days leading up to last year’s sale, a concerning 1,633 fake sites aimed at the event were identified. Adding to the apprehension is the fact that 61% of survey respondents struggled to discern between Amazon’s authentic login page and a phishing site expertly designed to replicate it.
Email continues to serve as the primary conduit for phishing attacks, contributing to a staggering 90% of ransomware incidents. Given the exorbitant average cost of a data breach, which stands at $4.35 million, organizations are under increasing pressure to fortify their defenses. The financial sector, in particular, finds itself in the crosshairs, accounting for 23% of all successful phishing attacks. These compelling statistics underscore the critical necessity for implementing robust cybersecurity measures, such as browser isolation, to safeguard against the pervasive and evolving threats posed by phishing attacks.
The presence of unmanaged devices further complicates incident investigations, especially when Internet of Things (IoT) devices like IP cameras establish connections with command-and-control servers. This challenge is exacerbated by the potential disruption to the governance of security controls, particularly in the absence of a comprehensive asset inventory. The complexity is heightened in environments where Information Technology and Operational Technology are distinct, as rogue devices can create network bridges that circumvent firewalls, compromising the isolation crucial for securing these network segments.
The imperative is clear: comprehensive organization of networked technology and the elimination of vulnerabilities are essential to safeguard against potential threats originating from unmanaged devices. Proactive measures must be taken to address this security gap and fortify defenses against the ever-evolving landscape of cyber threats.
Information Age has recently reviewed Check Point Research’s 2024 cybersecurity predictions, aligning with the ongoing industry trends. The forecast identifies seven key focus areas that are expected to shape the cybersecurity landscape in the coming years. These domains include AI and machine learning, supply chain and critical infrastructure attacks, cyber insurance, nation-state activities, weaponized deepfakes, phishing, and ransomware.
A notable prediction anticipates a surge in threat actors leveraging AI to enhance their attack capabilities, paving the way for what is termed as an AI battlefield. As adversaries embrace AI for more sophisticated and widespread attacks, security teams are projected to harness the same technology to counter AI-powered threats. The issuance of an Executive Order by the White House signals a shared acknowledgment by the EU and the U.S. regarding the imperative need for AI regulation.
The vulnerability of the supply chain, identified as one of the weakest security links, is driving organizations toward adopting a Zero Trust model. This model mandates verification for anyone seeking to connect to a system, irrespective of their status as an employee, third-party individual, or server, whether inside or outside the network.
Cyber insurance continues to be a focal point in boardroom discussions, with an evolving emphasis on the cyber resilience of potential customers. The persisting concerns around cyberwarfare and deepfakes take on a new dimension with the integration of AI-enhanced phishing tactics that are increasingly personalized and effective. Recognizing the limitations of user training in countering these evolving threats, the cybersecurity landscape is poised for dynamic changes in the years ahead.
CRN has spotlighted “Zero Trust” as a prevailing trend in the cybersecurity landscape. Despite the widespread attention, there are notable challenges in its implementation. According to a survey by CyberRisk Alliance, nearly 25% of IT security leaders face difficulties in garnering support from other departments for their Zero Trust initiatives. Moreover, a study by Gartner revealed that only 10% of large enterprises are projected to have a mature and measurable Zero Trust program in place by 2026. In essence, while Zero Trust is generating buzz, achieving broad adoption is a gradual process, given that it is not a standalone product but a holistic security approach requiring a comprehensive program and architecture tailored to modern systems.
Some industry professionals express skepticism about the term “Zero Trust” due to its overuse. Cloudflare CEO Matthew Prince suggests the term “total control” as an alternative label. Regardless of the terminology used, the fundamental concept remains crucial: the implementation of a robust security strategy emphasizing least privilege access and continuous validation.
John Kindervag, the originator of the term “Zero Trust,” advises against hasty implementations. Rushing into Zero Trust initiatives on a broad scale can lead to stumbling blocks. Instead, he recommends a phased approach, starting with the protection of the most critical or sensitive data and IT systems.
In the realm of contemporary distributed architectures, Zero Trust Network Access (ZTNA) is gaining traction as a more secure alternative to traditional Virtual Private Networks (VPNs). ZTNA provides access exclusively to the necessary resources users require, in contrast to offering unrestricted network access once a user is in.
Analytics Insight has shifted its focus to the cloud landscape expected in 2024, acknowledging its crucial role in enhancing operational efficiency and facilitating revolutionary technological advancements such as AI and IoT. While certain organizations may choose hybrid models or even repatriate systems from the cloud, the undeniable surge in edge computing underscores the imperative for reduced latency, more efficient data processing, and heightened security.
A notable aspect is the heightened emphasis of cloud providers on investing in security and resilience, recognizing these as critical considerations in light of the increasing migration of organizations to the cloud. The Top 10 discussion covers a range of transformative technologies, including IoT, ML, AI, and Blockchain.
Adding an intriguing dimension to the evolving landscape is the emergence of citizen developers—individuals proficient in connecting to APIs and crafting customized automation without requiring extensive coding expertise. This trend highlights the dynamic and multifaceted impact of the cloud on businesses and technological innovation.
In Gartner’s latest forecast, the global expenditure on IT is projected to reach $5.14 trillion in 2024, reflecting a 4% increase from this year’s $4.72 trillion. The predominant tech markets are expected to be IT services, software, and communications services. The spotlight for 2024 is predicted to be on Generative AI, as it becomes more accessible and widespread for workers globally. Gartner anticipates a substantial growth in the adoption of Generative AI, with over 80% of enterprises utilizing GenAI APIs and models or deploying GenAI-enabled applications in production environments by 2026, a significant jump from less than 5% in the current year. However, a noteworthy concern is the observed trend of organizations embracing AI without conducting thorough due diligence and risk assessments, posing potential risks in the future.
Gartner’s insights extend to industry cloud platforms, envisioning that by 2028, the standard will be industry-specific whole product offerings equipped with packaged vertical nuances tailored for individual customers. Another intriguing prediction involves linking the environmental impact of increased IT-related energy consumption to executive pay. Gartner foresees that by 2027, a quarter of CIOs will witness their personal compensation tied to their sustainable technology impact.
The article delves into seven additional predictions covering topics such as continuous threat exposure management, machine customers, and the augmented-connected workforce. This in-depth exploration offers insights into the transformative trends that will shape the IT landscape in the coming years.
The digital landscape is constantly evolving, and with it comes an array of emerging threats that demand our attention. One of the most significant vulnerabilities lies in the supply chain, which too often is compromised through trusted vendors. As organizations rely heavily on open-source libraries and fast software release cycles, the likelihood of supply chain breaches increases. Third-party contractors pose another substantial risk, with 96% of companies granting external individuals access to critical systems, potentially providing hackers with an easy entry point into sensitive data.
To address this issue, implementing application isolation solutions can secure contractor access in a Zero Trust environment. However, this alone may not suffice, as AI-powered malware is becoming increasingly sophisticated and capable of evading detection, identifying vulnerable targets, and customizing attack strategies. Traditional, detection-based security measures will need to be reinforced with preventative measures that can counter even unknown advanced threats.
Another concerning trend is the surge in vulnerabilities within cloud systems, which has increased by 150% over the past five years. Investing in robust security and resilience measures is crucial to protecting data. Unfortunately, security misconfigurations are commonplace due to the shortage of skilled professionals and errors during deployment. In fact, Rapid7 found that 80% of external penetration tests revealed exploitable misconfigurations.
The attack surface continues to expand, with zero-day exploits and Advanced Persistent Threats (APTs) relentlessly seeking out fresh vulnerabilities to exploit. Adding to the concern are insider threats and the evolution of ransomware, now dubbed Ransomware 2.0. It’s clear that the threat landscape is becoming increasingly complex, making it imperative for organizations to stay vigilant and proactive in their security efforts.
In the swiftly evolving digital landscape, Mindflow, like other industry experts, highlight the enduring significance of cybersecurity as a paramount concern for global businesses and emphasize the need for a forward-thinking approach to the ever-growing challenges in this realm.
Compounding these challenges is the impact of work-related stressors, an issue that is already making its presence felt and is anticipated to further escalate. Contrary to expectations, the skill shortage in cybersecurity is unlikely to improve. Projections indicate that by 2025, almost half of all cybersecurity leaders will not merely change companies or positions but will undergo a complete shift into entirely different roles. This trend underscores the urgency for organizations to initiate cultural shifts that foster supportive environments for managing stressful jobs.
Amidst the challenges, there is a silver lining in the inclusion of cybersecurity expertise on corporate boards. This development elevates the role of cybersecurity professionals to critical positions in corporate governance and risk management. As a result, Chief Information Security Officers (CISOs) are transitioning from mere control owners to facilitators of risk decisions, marking a positive evolution in the cybersecurity landscape.
Ericsson, our parent company, has unveiled significant findings in the realm of mobile data, offering key insights into the future landscape. Notably, 5G is poised to be the driving force behind all mobile data growth within the next five years. Projections indicate that by 2028, 5G’s share of mobile data traffic will surge to an impressive 66%.
The study underscores the dominant role of video traffic in the mobile data arena. Currently accounting for 71% of all mobile data traffic, this figure is anticipated to escalate to 80% by 2028. The report delves into regional variations in mobile data growth, with North America projected to reach an average monthly mobile data usage of 58 GB per smartphone by 2028.
Factors such as unlimited data plans, expanded 5G network coverage, and increased capacity are expected to attract a surge in new subscribers for both mobile and Fixed Wireless Access 5G services. These developments align well with Cradlepoint’s innovative 5G solutions, positioning the company favorably in the evolving landscape.
Curious about how well last years’ prognoses came true? Check out my Top 10 Top 10 Predictions for 2023 and previous years.
Contact us today for more information on how your organization can guard against generative AI security threats, ransomware, phishing, unmanaged device risk and other internet- delivered dangers likely to impact your business today and in the year to come.