What does 2024 have in store for the world of cybersecurity?

• An article by Aleksandr Yampolskiy, Co-Founder and Chief Executive Officer, SecurityScorecard

• Cybersecurity will see the adoption of specialized language models that provide more tailored and actionable insights to adapt swiftly to evolving threats.

• The landscape of cyber threats will include more sophisticated artificial intelligence techniques, such as advanced phishing campaigns and deepfakes, for which organizations must prepare.

• New regulations require and will galvanize more cybersecurity expertise in the boardroom plus strategic risk management and third-party risk assessment to enhance cyber resilience.

As the world navigates the ever-evolving landscape of cyber threats and attack surfaces, it’s important to remember that being proactive is better than being reactive. As the leader of a cybersecurity company, I know this firsthand. With that in mind, I’m sharing some of my key cybersecurity predictions for 2024 based on the trends I’ve observed this past year.

Rise of specialized language models

One thing I can safely predict is that artificial intelligence (AI) isn’t going anywhere. A case in point: large language models have transformed organizational cybersecurity. Large language models arm security teams with the incredible power to sift large amounts of data into actionable insights through simple queries. These sophisticated models have demonstrated remarkable capabilities in understanding and generating human-like text, fostering advancements across various domains.

Yet, while large language models have certainly had a huge impact, they are still limited in their ability to understand and interpret the intricacies of specialized cybersecurity datasets. Therefore, in 2024, security teams will transition to small language models. These agile, specialized models will offer security teams access to tailored and actionable insights. Real-time data training will be the secret weapon, empowering security teams to adapt swiftly to the ever-shifting threat landscape.

Threat actors will use AI to get ahead

As mentioned, AI will likely be a permanent fixture in our lives; it’s how cybersecurity defenders respond to it that matters. The emergence of generative AI has sparked a heated debate concerning its uses and the ethical dilemma it presents.

Organizations must work quickly to harness generative AI before threat actors can exploit it to their advantage. From where I’m standing now, however, it appears that threat actors will take the upper hand in 2024.

What will this look like? It may take the form of sophisticated phishing campaigns, a barrage of deepfakes and hackers gaining access to detailed information about their targets while also getting around endpoint security defences. I advise security leaders to prepare for the coming wave of AI-generated threats.

Spike in third-party data breaches

Beyond AI, 2024 could see record-breaking data breaches. In 2023, the landscape of global data breaches significantly intensified from previous years, including a 72% increase in the number of data compromises over the previous high in 2022.

Future breaches will primarily affect major tech companies with vast amounts of customers (and, by extension, sensitive data). This targeting is due to a number of factors, including API proliferation, data digitization and undetected zero-day vulnerabilities. Organizations should establish and enforce clear and actionable key performance indicators to manage and measure these risks effectively.

Cyber expertise is coming to the boardroom

Earlier this year, the US Securities and Exchange Commission released a set of regulations requiring publicly traded companies to disclose new details about cyberattacks as well as cybersecurity oversight at the board level. These disclosure requirements will empower chief information security officers (CISOs) to engage in meaningful discussions with their board members, cultivating a culture of cybersecurity literacy.

These regulations highlight the importance for executive boards to approach and address cybersecurity risks like any other material business risk. It is a timely reminder of the importance of boards, the C-suite and other business leaders aligning on specific metrics for cyber risk and increasing the cadence and substance of ongoing strategic risk management.

As a former CISO myself, I know that they and other security professionals generally communicate in highly technical detail, whereas board members prefer exchanging financial concepts such as gross margins. This new governance is an opportunity for both the CISO and board members to refine their communication skills in order to bring cyber-literacy to the boardroom and increase their organization’s cyber resilience.

Managing third-party risk to stay resilient

Threat actors will continue evolving their tactics, techniques and procedures and organizations must pivot accordingly. This year, we witnessed several massive supply chain attacks whose effects are still being felt today. As a result, organizations must re-examine not only their own security practices but also those of their vendors and third-party suppliers. Staying proactive is the key to staying cyber resilient.

As we look towards a cybersecure 2024, it’s important to remember that there are as many opportunities as challenges and we are presented with more tools to combat the threats at our door. Leveraging advanced technologies, fostering global collaboration and prioritizing cybersecurity education and awareness can mitigate risks and ensure a secure digital future.

What is very clear is that it is increasingly important to stay ahead in the ever-evolving world of cybersecurity.