The cybersecurity landscape witnessed significant shifts in 2023, marked by economic challenges, the rise of generative AI, high-profile cyberespionage incidents, and major software supply chain breaches. Expect more this year!
Here are some key trends to watch (out) in 2024, regarding the email security landscape:
Advanced Ransomware Tactics Leveraging AI and Deepfakes:
Cybercriminals will employ generative AI tools to craft highly convincing phishing emails and calls, evading detection in social engineering campaigns. AI is anticipated to empower less-skilled ransomware-as-a-service actors, making them more effective in their malicious endeavors.
Human Risk Management for Enhanced Security:
Enterprises will focus on human risk management to identify employees with high-risk scores and develop targeted security mitigation programs, such as employee phishing attack simulation. Anomalous behavior detection within systems and networks will take precedence over blind trust in employee actions.
Intensification of Attacks on Third-Party Suppliers:
Cyber threats will target organizations through attacks on third-party software and hardware providers, necessitating prioritized third-party cybersecurity audits. This will lead to the intensifying of relations with suppliers and vendors who can support quickly, maintain up-to-date systems, and do not have records of data breaches or software slow patching cadence.
Rising Threats Against Mobile Devices:
Mobile devices, integral to businesses and government agencies, will face increased cyber threats exploiting vulnerabilities in operating systems and apps. Advanced toolkits, like those used by the NSO Group, pose risks to mobile security.
Increased adoption of dedicated cybersecurity systems
As dangers intensify, expect companies to search for systems built exclusively for security purposes, instead of relying (just) on general purpose. Exemples includes using VPNs and other Identity and Access Management tools to access all services, adding web and email security gateways before email servers, web browsers, and messaging tools, and adding fraud protection to e-commerce tools and payment systems.
Combining Stolen Data for Identity Theft:
Cybercriminals will aggregate stolen data from the dark web, executing targeted spear-phishing attacks to construct complete identities for fraudulent activities. Generative AI is expected to play a role in contextualized attacks, particularly against high-profile targets.
A wider gap between high-volume/low success simple attacks and highly sophisticated localized Activities:
While the traditional fraudulent, phishing and spam attacks keep going, looking for the 1% victim success rate. the attacks on critical infrastructure will increase due to geopolitical conflicts and financial motives, with smaller organizations and government branches being particularly vulnerable. Attacks will be very sophisticated in understanding the habits and pressure-points of organizations and individuals and will predominately use individuals from the same country as the victim organization.