It’s that time of year again! As we emerge, blinking and bewildered, from the whirlwind of Christmas and New Year celebrations into 2024, it’s once again time for us to ask our vendors for their predictions for what this year holds. You can jump to certain topic areas that interest you most using the links below or feel free to read on as it is.
- Quantum computing
- The rising risk for SMEs
- Complexities of the digital age
- The importance of observability
- Lookalike Domains
- Supply chain attacks
- AI & social engineering
- AI to increase cyberattacks
- Human risk
- Digital certificate lifespans
- Deployment & automation
Let’s delve into what our vendors are predicting for 2024.
“Quantum computing stands at the forefront of technological evolution, poised to redefine the boundaries of processing power and problem-solving. As we approach 2024, the emergence of quantum-ready enterprises is inevitable. These organisations will leverage the immense capabilities of quantum computing to tackle complex tasks that are currently beyond the reach of classical computers.”
“However, this leap forward brings its own set of challenges, particularly in the realm of cybersecurity. The advent of quantum-safe cryptography is essential to protect sensitive data against the superior capabilities of quantum computers. Businesses must become crypto-agile and implement quantum-resistant algorithms to safeguard their digital assets.”
“The implications for business are profound. Quantum computing will not only enhance the efficiency and capability of operations but also necessitate a significant overhaul in cybersecurity strategies. Forward-thinking organisations must begin preparing for this quantum leap, ensuring their systems are resilient against emerging threats and capable of harnessing the full potential of quantum technologies.”
2.) SMEs will face recognisable risks – at unprecedented scale
Executives face a challenge: enhancing cybersecurity without expanding costs. While AI’s potential in cybersecurity isn’t new, recent trends differ from earlier predictions. Around this time last year, speculation was abundant that adversaries would weaponize GenAI to invent never-before-seen malware with the click of a button. That didn’t happen. Instead of GenAI is amplifying existing threats on a larger scale, a trend expected to continue in 2024. A parallel effect of GenAI is that rookie hackers will wreak havoc in 2024, aided by tools like FraudGPT, that will exploit loopholes, making automated attacks more common.
Small to medium-sized enterprises (SMEs) will be hit hardest. Despite Gartner forecasting a 14% increase in cybersecurity spending due to rising threats, one in five organisations plans to cut or freeze their security budgets according to PwC. Lean security teams must guard against the same threats facing large enterprises – but with a fraction of the personnel, budget or bandwidth.
Company culture can bridge this gap. Incentivising employees with risk-linked bonuses can raise awareness and resilience. For guidance, the 2024 SME security plan checklist highlights essential components for SMEs to enhance employee awareness and deploy all-in-one security platforms.
3.) A Year of Innovation
“As we embark on the journey through 2024, the intersection of identity, AI, and cybersecurity will define the technological landscape. From changes in how we view identity to the regulatory surge in AI and the ongoing challenges of phishing and post-quantum cryptography, businesses and individuals alike must stay vigilant and adapt to these transformative trends. It’s a year of innovation, adaptation, and collaboration as we navigate the complexities of the digital age.”
4.) Full Stack Observability to become a priority
According to SolarWinds research, the typical enterprise loses more than $13M annually to costs associated with the nine brownouts or outages experienced each month. Despite this, nearly half of IT professionals surveyed lack visibility into the majority of their organisation’s apps and infrastructure. AI-powered observability solutions address this by collecting data to provide information on what’s not performing as expected and why – allowing teams to take a proactive approach to eliminating downtime, innovating, and exceeding customer expectations.
5.) The Evolution of Lookalike Domains
As the digital world continues to evolve, the threat of ‘lookalike’ domains in phishing attacks has taken a sinister turn. No longer the clumsy attempts of the past, these sophisticated schemes create countless domains that are visually indistinguishable from legitimate ones to deceive users. Attackers use techniques like homographs, typosquats, and combosquats, exploiting the smallest oversights in our digital interactions. It’s clear that basic awareness isn’t enough; the sophistication of lookalike domains demands a robust, proactive response. By integrating real-time DNS data and threat intelligence into their cybersecurity arsenal, businesses are finding that not only can they detect these threats, but they can actively dismantle them, safeguarding their brand reputation and preserving consumer trust.
6.) Threat actors to continue to direct their attention to the supply chain
Among the global customers and partners we work with at Skyhigh Security, the requirement and push for “sovereign” capabilities stands out as an emerging area of great importance. There’s a growing push for collaboration between governments and private sectors worldwide to identify and combat threat groups.
Threat actors continue to direct their attention toward the supply chain, aiming to breach trusted vendors and suppliers while organizations enhance protection elsewhere. Supply chain breaches have extensive ramifications, potentially affecting multiple entities via a single compromise. Consequently, safeguarding the entire supply chain is becoming an even more critical and burgeoning challenge.
7.) AI adoption in the early stages of an incident
2024 will be the year of AI – we predict it will be adopted and massively used by attackers in the early stages of any incident, where social engineering is a critical part of the attack, such as in phishing and spear phishing attacks. This new capability will change the already-large asymmetry between attackers and defenders, making rapid detection of these attacks a key priority in any security strategy. Improving the signal-to-noise detection ratio will be a key priority, and technologies that can impose cost to attackers, like deception, will play a vital role in the upcoming year.
8.) AI to increase the volume of Cyberattacks
The emergence of AI fuelled by large language models (LLMs) became one of the most prevalent topics in technology in 2023. Immediately upon release of AI chatbots, cybercriminals exploited these tools to aid in their illicit activities. In 2023 we saw this manifest primarily in improved phishing attacks. Threat actors used these tools to create more convincing emails with proper language translations and grammar indistinguishable from a real human being, making them much more effective at fooling even the most discerning of targets. For 2024, expect threat actors to continue to use AI to make mundane tasks easier, rather than develop revolutionary new attack tactics. With the help of AI, the sheer volume of cyberattacks will increase, reaching levels previously unseen.
9.) Organisations to be increasingly scrutinised
Regulatory bodies and cyber insurers will stop looking at ticked boxes and start to really scrutinise the performance of your cybersecurity systems and tooling. This will include security awareness, phishing, and behaviour change training as the human layer continues to be the chief source of breaches leading to supply chain, ransomware and BEC attacks.
10.) Digital certificate lifespans to exponentially shrink
Next year businesses will have the rug pulled from underneath them as digital certificate lifespans exponentially shrink. As leading web browsers continue to reduce the lifespan of digital certificates, businesses will face a major headache in replacing foundational elements of security. The impending shift will mean that foundational elements crucial to businesses will become notably challenging to replace once the new policy takes effect. In 2024 businesses must brace for a game-changing reassessment of security fundamentals that have long lingered in the shadows.
11.) Deployment and automation are front and centre
“Coming from my perspective as the cCloud Product Manager, it’s safe to say that deployment, along with tightly coupled automation, are among the first concerns customers usually ask about when considering a cloud observability solution. Customers need a solution which co-exists with their cloud deployments which often already have various deployment & automation tools in place. Examples might include customers who have organisational process and procedure for repaving infrastructure – where virtual instances are terminated and recreated regularly for security purposes – or deploying cloud workloads using Infrastructure-as-Code solutions such as Terraform or Azure Bicep code.”
Trey Moczygemba, Senior Cloud Product Manager
So there you have it, the Kite & Vendor predictions done for another year. Will these predictions come to fruition or will they miss the mark? Only time will tell, but until then we hope they have provided you with some insight into what to expect in the year ahead and help you prepare.
You can find out more about all of our vendors, such as the products they sell and helpful resources via their vendor page on our website here. You can also check out our company portfolio below.