SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
AI-driven cyberattacks and defences to create a battle of algorithms in 2024
Tue, 23rd Jan 2024

In 2024, it’s clear that cybersecurity will remain a top priority for organisations and governments worldwide. The evolving threat landscape demands constant vigilance and adaptation to emerging risks. Developing and implementing proactive cybersecurity strategies will be critical to staying ahead of cyber adversaries and safeguarding digital assets in the years to come. 

But before I give you my predictions for 2024, it’s also a good time to reflect on the significant developments in cybersecurity over the past year. 2023 was marked by both a continuous escalation of cyber threats as well as innovation and improvements in cybersecurity technology. Specifically, there were notable advancements in Cloud Security, modernisation of Privileged Access Security, an authentication evolution with Passkeys, and improved API Security. 
Ransomware continues to cause disruption 

Ransomware has continued to evolve into a persistent and highly disruptive cyber threat. Despite significant efforts to combat this menace, 2023 saw ransomware attacks continue to escalate, affecting individuals, businesses and critical infrastructure. Ransomware remains a significant threat and the evolving tactics employed by cybercriminals resulted in major organisations becoming victims of ransomware, costing them tens of millions of dollars. 
Some governments have stepped up efforts to crack down on ransomware gangs, leading to arrests and prosecutions. Unfortunately, some governments continue to provide safe havens for cybercriminals to operate beyond the reach of authorities. The targets of ransomware gangs also evolved to focus on countries with less cyber capabilities and fewer laws around ransomware payments. 
One evolution in ransomware is that cybercriminals are looking to stay stealthy and hidden, meaning the older tactics of encrypting data and demanding a ransom have changed. Cybercriminals are focusing on data theft and not causing business disruptions or downtime, and demanding the ransom for not disclosing the security incident or disclosing sensitive data on the public internet. This way, the victim does not get the public attention from disruptive ransom techniques, and it makes it easier to make payments to the cybercriminals away from public view. This just might be one of the reasons why ransomware did not make the news as often as in previous years. 

The cloud’s unstoppable rise 

Cloud computing continues to shape the modern business landscape, with organisations increasingly relying on cloud services and infrastructure. This transition has not gone unnoticed by cybercriminals. In 2023, we witnessed an uptick in cloud-based cyberattacks targeting misconfigured cloud resources and insecure APIs. These breaches highlighted the importance of implementing robust cloud security measures, including access controls, encryption and continuous monitoring. 
Cloud services offer enhanced cybersecurity through expert security teams, scalability and redundancy. They provide strict access controls and handle regular updates. However, they can pose challenges related to data privacy, potential data breaches, compliance, provider dependency and the shared responsibility model. Implementing cloud security measures may also incur additional costs. Careful consideration of these factors is essential for organisations evaluating cloud service adoption. 
Check out this blog for more information about Cloud Security Best Practices: Ethical Hacker Tips for Securing the Cloud
Increased threats to critical infrastructure 

The cybersecurity community was alarmed by the increasing threats to critical infrastructure, including power grids, water treatment plants and transportation systems. Ransomware attacks on these systems and their suppliers underscore the importance of securing privileged access to critical infrastructure assets. 
Protecting these systems requires a comprehensive Privileged Access Management (PAM) strategy that ensures only authorised personnel can control, manage and monitor critical components. 
The era of passkeys and passwordless authentication 

2023 marked a turning point in authentication methods. Passkeys, also known as WebAuthn or FIDO2, gained prominence as a more secure and convenient alternative to traditional passwords. These passkeys can be hardware tokens, biometric identifiers or mobile devices, reducing the risk of phishing and credential theft. 
Many organisations started implementing passwordless authentication as a way to enhance security and improve the user experience. The more we move passwords into the background and the less humans need to interact with them, the better and safer our digital world will become.  
Another major development was Google announcing that they would be making passkeys the default sign-in option across Google accounts, so users are no longer required to remember or choose passwords. This is a massive step in improving security in the authentication process.    
Rise in API-related cyberattacks 

APIs have become the backbone of modern applications, facilitating communication between different software components and services. However, they also serve as a prime target for cyberattacks. 
In 2023, we observed a surge in API-related security breaches, with attackers exploiting vulnerabilities in API endpoints to gain unauthorised access to data and systems. Ensuring API security through regular testing, monitoring and access controls became a top priority for organisations. 
Predictions for 2024 

So, what are my predictions for this year? 
AI-Driven Attacks and Defences: Cybercriminals will increasingly use artificial intelligence (AI) to automate and enhance their attacks in 2024. In response, cybersecurity defences will also have to rely more on AI and machine learning for threat detection and automated incident response, creating a continuous battle of algorithms. 
Increased Demand for Cyber Insurance: The demand for cyber insurance will surge as organisations recognise the financial risks associated with cyberattacks. Insurance providers will refine their offerings and assess premiums based on cybersecurity maturity. 
Geopolitical Tensions in Cyberspace: Geopolitical tensions will continue to spill over into cyberspace, leading to nation-state-sponsored cyber espionage and disruptive attacks. Cybersecurity professionals will need to monitor and respond to evolving geopolitical threats. 
Passkeys Pave the Way for Passwordless Authentication: Multi-Factor Authentication (MFA) will become a standard requirement for most online services and applications in 2024. Traditional methods like SMS-based MFA will decline in favour of more secure options, such as time-based one-time passwords (TOTP) generated by authenticator apps. The move toward passwordless authentication will continue, reducing reliance on traditional passwords. Methods like passkeys, biometrics, hardware tokens or public-key cryptography will replace or supplement passwords for access to accounts and systems. 
AI Compliance Accelerates: In 2024, the landscape of cybersecurity compliance will evolve significantly, driven by emerging technologies, evolving threat landscapes and changing regulatory frameworks. Privacy regulations like the GDPR and CCPA have set the stage for stricter data protection requirements. We can expect more regions and countries to adopt similar regulations, expanding the scope of compliance requirements for organisations that handle personal data.  
Artificial intelligence and machine learning will play a more prominent role in cybersecurity compliance. These technologies will be used to automate threat detection, analyse vast datasets for compliance violations, and provide real-time insights, making it easier for organisations to stay compliant.