Over the past 12 months, we have seen rapid changes in the cybersecurity landscape—and there are no signs of it slowing down in 2024. In fact, in our most recent Cyber Threat Report, we found that the total number of ransomware victims in 2023 increased significantly, with more victims in the first half of 2023 than in all of 2022.
Attacks themselves were also more disruptive—the MOVEit data breach leaked the personal information of up to 11 million people while the FBI struggled to stop the cybergang behind the attacks on MGM and Caesars Entertainment. With sophisticated cyberattacks and techniques like ransomware, zero-day exploits, and other never-before-seen threats increasing, the status quo, “assume breach” mindset needs to get crushed in 2024.
As we kick off 2024, members of our executive leadership team, including CEO Lane Bess, CPO Yariv Fishman, and CIO Carl Froggett, share their outlook on the new year and the relevant themes to keep a close eye on. This includes the shift to a prevention-first mindset, the impacts of AI on security, and a heightened awareness of vulnerable attack vectors.
The Year of the Prevention-first Mindset
TechTarget shared Fishman’s perspective that this year we’ll see the “assume breach” mindset finally shift to prevention first.
“Since the dawn of cybersecurity, organizations have operated with a ‘detect and respond’ approach to breaches. This also meant that they had an ‘assume breach’ mentality. The rapid advances in AI mark a turning point for organizations and the end of the Endpoint Detection and Response (EDR) honeymoon period, making way for a focus on prevention. It's high time to eliminate the ‘assume breach’ status quo. In 2024, organizations will start shifting towards a prevention-first mindset, utilizing Deep Learning (DL), the most advanced form of AI, which allows for increased prevention capabilities, reduction of Total Cost of Ownership (TCO), and tools to block and prevent future adversarial AI cyber-attacks.”
Bess predicts that prevention will become a board-level imperative.
“As cybersecurity becomes a critical topic amongst the C-suite in 2024, boards will prioritize threat prevention. There’s currently a board-level mandate for organizations to have detection and response capabilities within their security plans and portfolios; however, in the coming years, there will also be a prevention strategy mandate.”
Bess strongly believes prevention against cyber attacks is possible, and agrees with Fishman that it requires a shift away from the status quo, “assume breach” mentality that has plagued the industry for far too long.
The Impacts of AI on the Security Industry
Fishman foresees that adversarial AI will skyrocket in the new year.
“Large Language Models (LLMs) hold a lot of promise—but they are nowhere near their maximum potential. In 2024, as public LLMs become more accurate and powerful, we'll simultaneously see an uptick in adversarial AI. LLMs can already perform standalone vulnerability research, exploit implementation, and execute attacks, including custom obfuscation and malware builders like never before. Existing tools have proven they cannot address zero-day threats, creating the need to fight AI with AI—specifically, a more advanced form of it, deep learning (DL). Only DL, the most sophisticated form of AI, is best positioned to combat these zero-day Adversarial AI threats.”
Furthermore, the cybersecurity market will continue to consolidate, with AI being a catalyst for increased M&A investments and innovation, as predicted by Bess.
“The cybersecurity market is overcrowded with point solutions. In 2024, we’ll continue to see the larger platform players extend their capabilities via acquisition. The ideal targets are smaller security companies with great technology, especially advanced AI and ML capabilities that aren’t scaling year over year. Cybersecurity companies that solve significant problems in the industry will continue to thrive.”
Lastly, quantum computing will continue to collide with AI, causing destruction, according to Froggett in a conversation with BetaNews.
“While there are still a lot of unknowns, the intersection of quantum computing and AI will take the cybersecurity and tech industry by storm
A Heightened Awareness of Vulnerable Attack Vectors
According to Bess, a heightened awareness of data in motion and at rest as a vulnerable attack vector will emerge.
“Storage and cloud solution vendors will become more ambitious in ensuring their solutions offer adequate protection. Up until now, this has been the focus of the CISO within the enterprise. Moving forward, storage-focused decision-makers will join forces with their security counterparts to ensure the enterprise is secure from data breaches, and storage providers will shift to focus on offering security solutions.”
Furthermore, Froggett predicts bad actors will leverage hyper-realistic deepfakes to breach organizations.
“In 2023, threat actors manipulated AI to deploy more sophisticated malware and ransomware, as well as hyper-realistic deepfake and phishing campaigns. We’ve seen this in action with the MGM breach involving social engineering, as well as high-profile figure Kelly Clarkson being mimicked through deepfake technology. In 2024, bad actors will take these attack techniques to a new level, enacting more holistic end-to-end campaigns through AI and automation. As a result, traditional cybersecurity approaches to defend against these campaigns, including information security training and awareness, will need to be significantly updated, refreshed, or totally revamped.”
While the road to an optimal security posture presents challenges in the year ahead, it also reveals solutions to protect a company’s greatest assets. By facing these challenges head-on and working to achieve a prevention-first approach to cybersecurity, companies can successfully work to protect against malicious actors and keep themselves safe and secure this new year.
Be sure to follow the Deep Instinct blog for additional insights on emerging threats and solutions to overcome them as highlighted by the threat research team.