With the New Year comes the urge to speculate about what 2024 might bring in terms of cybersecurity. So here are our five top cybersecurity predictions for 2024 of what might dominate the headlines over the next twelve months.
The COP28 climate conference in Dubai was beset with scandals about ulterior motives and conflicts of interest and produced an agreement that many regarded as underwhelming, given that 2023 has now been declared the hottest ever on record. So as the wildfires rage and the floods wipe out vast areas of land, we wonder whether climate change activists might turn from gluing themselves to roads to gluing themselves to a computer screen, and taking digital vengeance on those that they perceive to have failed them.
Obvious targets would be those in the petrochemical industry, but other industries related to fossil fuels, such as coal mining, could feel the heat. This type of hacktivism is common, but the sense of urgency generated by severe weather events happening worldwide could bring a new army of recruits to the cause. Signs that this has indeed come to pass would be news items about cyber-disruptions at such organizations together with public statements released from anonymous climate hacking groups. Watch this space.
This year is well and truly election season, with major elections happening in the USA (Presidential election), European Union (European Parliament) UK (General election) and Russia (Presidential election). With so many choices to be made in some many countries, social media is going to be alive with the kinds of stories that aim to push views in one direction or another. With X (formerly Twitter)’s policing of its content in freefall, and the efforts of other platforms failing to impress, it’s hard to see what will stop the large-scale dissemination of fake news of all types taking place. Add to that the already polarised viewpoints in countries like the USA, the war in Ukraine, the situation in Gaza, and the increasing use of AI, the stage is set for an unprecedented tidal wave of misinformation in 2024.
We’ve always been told to patch our systems early and often to prevent vulnerabilities being exploited. But what happens when the patches themselves have already been compromised and all we’re doing is installing a gateway to our systems for someone else? This is effectively what happened with the Solar Winds incident three years ago. Around thirty thousand organizations were affected and, if you’re a hacker, that’s one huge opportunity. So rather than hack one system at a time, why not take the industrial option?
The USA attributed the Solar Winds hack to the Russians, who denied it. But it was clear that the hack depended on the kind of patience and resources that typify a nation state. We enter 2024 with the war in Ukraine continuing, increasing tensions around Chinese claims on Taiwan, and links between Russia and North Korea deepening, so the likely suspects who might take this approach are possibly in the mood to strike. Added to which, the likelihood is that cybercriminals have learned from attacks such as the Solar Winds affair, and possibly even have access to some of the tools used. So the combination of motive and means is out there, and organizations with many customers dependent on their software will be nervous.
There’s been a lot of press over the last few years about the lack of security on cheaply-made Internet of Things devices such as webcams and trackers, but the breadth of IoT applications continues to grow. More expensive items like cookers, robots and cars are becoming commonplace in the real world, and whilst the level of security is improving, in many cases they still lack the depth of protection in place for more traditional endpoint devices, such as laptops.
The potential for these items to be hacked and cause injuries or even death in the physical world is definitely there, and simply through weight of numbers it’s just a matter of time until a tragedy happens. We really hope we’re wrong about this one.
You could be forgiven for thinking that artificial intelligence was invented in December 2022, when ChatGPT burst onto the tech scene. The technology has had a slow burn for decades but its pace of change is now turning exponential. Startups abound in this area, and governments are struggling to catch up with some form of legislation and regulation before it’s too late. But the trouble with AI is that it’s well, intelligent, and something tells us it’s not going to want to be kept in a box forever. We wonder whether this will be the year that an AI instance extends itself beyond its supposed confines and starts to follow its own direction. However, we’re not sure that anyone in the human world would be able to tell that this has happened, so it could be that we’ll never know if we’re right. Unless Arnold suddenly appears in a car park of course.
What’s actually going to happen this year? To be honest we’ve no idea, but we don’t feel bad because experience shows that no-one else has any idea either. All we can suggest is to expect the unexpected.
Written by Ken Holmes, CertiKit’s Managing Director and Lead Toolkit Creator. Ken is a CISSP-qualified security and data protection specialist who also holds the internationally-recognised Certified Information Privacy Professional – Europe (CIPP/E).
If you’re looking to enhance your cyber security actions this year, we’ve got a number of compliance toolkits which can help, depending on what you decide is the right option for your organisation.
Our toolkit range includes:
Each of our toolkits comes with a comprehensive set of template documents and guides to support you through the process, as well as unlimited email support and a continuous subscription to our update service, so you’re always up to date.
Click the links to learn more about the toolkits or contact our team if you have any questions.