It’s officially Cybersecurity Awareness Month 2023, and let’s just say there’s a lot to be aware of this year. If one thing is certain, the emerging technologies of today are sure to impact the cybersecurity trends of tomorrow.
Whether it’s the rising adoption of artificial intelligence or shifting tactics on the dark web, there are cyber threats originating that are less a question of how or what, but when. CISOs will need to be proactive in educating their people on how these threats manifest, as they will be the first line of defense against new exploits.
In this blog, we’re looking at 5 cybersecurity trends (some old, some new) that you need to be prepared for in 2024. Let’s get into it.
1. Poorly Developed Generative AI Apps
Artificial intelligence (AI) and large language models in particular, have dominated the headlines since ChatGPT came onto the stage as the fastest-growing app in history. Over 60% of business owners say AI will increase productivity, leading to a gold rush of new players trying to capitalize on the hype around niche, generative AI applications for the workplace. And with the help of LLMs in the software development process, companies have been able to pump out new generative AI apps at breakneck speed.
The issue? This prioritization of speed has potentially come at the cost of the usual controls over user security and privacy in the development process. Comments from Adrian Volenik, founder of aigear.io, support this:
“It’s incredibly easy to disguise an AI app as a genuine product or service when in reality, it’s been put together in one afternoon with little or no oversight or care about the user’s privacy, security, or even anonymity.”
Further, people who trust these apps are often entering or giving access to sensitive information regarding their company that may not be as secure as they’re led to believe. And with AI expected to grow at an annual rate of 37.3%, this will be one of the cybersecurity trends to watch well into the future.
One of the fastest-growing cybersecurity trends in recent years has been the use of deepfakes as a social engineering tactic for malicious actors to impersonate privileged personnel. Deepfakes have been around for at least as long as vishing scams have been a threat, but advancements in video technology will make them harder to detect than ever.
There are already multiple forums offering source code for deepfake technology, where all a malicious actor would need to do is scrape enough high-quality images and videos of someone off the internet to recreate their identity on video. In the near future, face recognition authentication and conference calls could even become new attack vectors.
3. Chatbot Hijacking
As AI chatbots become more prevalent in our web browsing experiences, people will need to become aware of cybersecurity trends around their vulnerabilities.
A recent study at Cornell proved that hackers can solicit personal information from chatbot users through text prompts embedded on web pages in zero-point (effectively invisible) font. If a user were to ask the chatbot about a specific page in their open tabs, it could then reference the page with the hidden prompt and adhere to the instructions laid out by the prospective hacker.
Kai Greshake, a lead author of the study, warned of the need to take this new attack vector seriously:
“The importance of security boundaries between trusted and untrusted inputs for LLMs was underestimated. We show that prompt injection is a serious security threat that needs to be addressed as models are deployed to new use cases and interface with more systems.”
4. Ransomware as a Service (RaaS)
The business models of organized crime syndicates on the dark web are evolving to grow in scale and become harder to trace. Cybercriminals no longer need to develop their own malware to carry out attacks anymore. They can simply purchase it from a seller, opening the ability to carry out these attacks to anyone willing to pay.
Sellers of RaaS operate not too differently from legitimate businesses, allowing affiliates to purchase and customize their ransomware from a customer portal, with a percentage of profits from successful attacks going back to the seller.
Organizations will need to prioritize good cyber hygiene as a baseline to keep up with these cybersecurity trends.
5. Phishing and Social Engineering Remain Top Threats
Cybersecurity trends indicate that phishing and social engineering attacks are still a primary threat. With 8% of users causing 80% of security incidents, hackers know that launching enough attacks on the human element is more effective than trying to break through a firewall—and their methods are becoming more sophisticated.
It will be near impossible to anticipate all of the new tactics hackers will try in 2024 and beyond as we continue to grapple with the unknowns of emerging technologies. Our best defense against these unknowns is our own people.
Cybersecurity trends are evolving in real time and the only way we can truly counter new threats is by assessing where our people are at and helping them to adopt better security practices.
Elevate Security helps you do this by providing real-time visibility into the behaviors of all your users with hyper-personalized risk response controls. If you’re ready to ditch those one-size-fits-all training videos and meet each of your people where they’re at, let’s talk. We’d love to help you improve your security posture.