The State of Security in 2024: The Bad Guys Love AI Too

You can’t talk about the state of security without talking about artificial intelligence. Just as it’s giving people and organizations more power for food (we hope), AI is allowing the bad guys to scale their attack campaigns. AI is also opening the door for newbie attackers who need little knowledge of coding to launch effective campaigns.  Here’s what’s happening right now in security, and why these trends will likely dominate the rest of this year. They are our thoughts on security in 2024. 

1. “Connected” or “smart” buildings could be new targets. Building access systems have already been in the sightlines of hackers, and security professionals have already pointed out serious vulnerabilities in smart building control systems that hackers could exploit. The convenience of having lighting and window blinds controlled by IoT sensors could easily become a point of entry for online criminals.
2. The deep fakes are getting better–and scarier. President Biden, Taylor Swift, and a long-dead Indonesian dictator have all been the subject of recent deepfake videos. Deep Fakes are one of those most sinister and worrisome uses of artificial intelligence, and as we get closer to a key U.S. election, they’ll become more common. Then there are deepfake chatbots–yes, that’s now a thing–creating the threat of very personalized, one-to-one scams. 
3. Thanks to AI, “ransomware as a service” will only get more creative and effective. Attackers are on to ChatGPT and the ease of generating content in a few clicks. Take phishing and ransomware attacks: As Dark Reading explains, beginning attackers don’t need to know much to get started in cyber warfare. They can create convincing phishing emails in ChatGPT, based on personal and company data they gather using generative AI. Novice attackers even use ChatGPT to write malware. 
4. Be wary of “wiperware,” the ransom-free version of ransomware. Not everyone who wants to steal your data wants you to pay off. Wiperware, used recently to damage critical IT systems in Ukraine, dispenses with the demand for money–it destroys data and systems. It’s also called “pseudo ransomware” because the attack may present messages similar to ransomware, buying time while it infiltrates more systems and kills as much data as possible. 
5. Supply chain disruption reaches even more industries. Watch supply-chain attackers hit software providers in a broader range of market segments besides manufacturing and government. In late 2023, cultural institutions such as the British Library and the Museum of Fine Arts Boston were victims when a collection management software provider was hit by ransomware. 

No industry can get lazy about the potential for attacks–they’re all at risk. The “Citrix Bleed” vulnerability, related to Citrix’s remote access technology, hurt companies ranging from Boeing, Toyota Financial Services, and ICBC, China’s massive state-owned bank, as Forbes reported. 

6. State-sponsored cyber espionage is on the rise. Cyber espionage is a new spin on ransomware in that the attackers who seize data don’t usually want money—they want your data so they can expose it publicly. Hackers do homework to identify the biggest payloads from their targets, such as classified, sensitive data, or proprietary, intellectual property. They want publicity for their message, not ransom money. Hacktivists are popping up to use their black-hat skills in connection with the Israel-Hamas war and in Ukraine.  
7. We’ll learn to treat data as a first-class citizen. If data is so valuable, why aren’t we working harder to keep it safe? Apparently, we’re on the way to getting better at it. As IDC notes, “By 2024, due to an explosion of edge data, 65% of G2000 will embed edge-first data stewardship, security, and network practices into data protection plans to integrate edge data into relevant processes.”

And why do we need to be smarter and more skilled stewards of our data? In addition to all of the reasons cited above, the bad guys are as innovative as the good guys. We need better visibility into data, and we need fail-proof backup and recovery systems that keep business going even if attackers do get a foot in the door.

8. Government oversight might throw a wrench into security strategy. Your best-laid security strategy plans could go awry if you have to adhere to compliance and government regulations. Data compliance rules have become tighter—and depending on the business you’re in, so have government regulations around the use and retention of sensitive personal information.
9. Quantum computing could crack encryption—eventually. Quantum computing could accelerate dramatic breakthroughs in science and health. In the wrong hands, quantum computing could also accelerate the likelihood of damaging hacker attacks since bad actors would be able to crack encryption much faster and with far less effort. It’s still a ways off but a fascinating one to watch.
10. Cyber insurance could get shaky. Risk assessment in the cyber insurance world is a moving target, something that underwriters don’t like very much. The worry is that the unpredictability of cyber attacks and their impact could shake up the financial stability of cyber insurers, like a disastrous global cyber attack that could cause billions in damage. 

This year certainly isn’t shaping up to be boring from a security standpoint. But then again, when was the last time we had a dull year in security? In the spirit of controlling what we can control, a big part of readiness and responsiveness is having the right data security infrastructure to bounce back quickly from any threat. Before we get too far into 2024, study up on resilience and why it’s your best bet for the predictable and the unpredictable.