2024 cybersecurity predictions: GenAI edition

Unless you have lived under a rock for the past year, you know that generative artificial intelligence applications, such as ChatGPT, have penetrated many aspects of our online lives. From generating marketing content, creating images for advertisements and blogs, or even writing malicious code, we are all interacting with the results of generative AI in some ways daily.

So, when I was thinking about writing about 2024 predictions, I thought, why not give Gen AI a shot at making some predictions for the upcoming year? So, I did just that. I will provide the raw ChatGPT results and then give each of its predictions a grade. Let’s see how it did.

First prediction: Ransomware evolution and targeting of critical infrastructure

Ransomware attacks will likely evolve in sophistication and intensity. Threat actors may increasingly target critical infrastructure sectors such as energy, healthcare, transportation, or finance, aiming to disrupt essential services and demand high ransom payments. They might utilize advanced tactics like double extortion, where stolen data is threatened to be published or sold, in addition to encrypting the victim’s files.

Steve’s grade: B+

While I cannot say this is the most unique prediction for 2024, I give it a B+ in applicability. It’s hard to debate that ransomware won’t continue to be a huge issue for organizations in 2024. Just last month, MGM Grand got hit with a massive ransomware attack that disrupted normal business operations to a $100 million loss.

Attackers will undoubtedly continue to deploy these sorts of attacks across all industries in the coming year. The key for organizations is to continue to shore up their defenses. The sad fact is that, in many cases, a ransomware attack could be averted with more cybersecurity training for employees, patching known vulnerabilities when they arise, and ensuring proper network segmentation.

Second prediction: AI-driven cyberattacks

Artificial intelligence (AI) and machine learning (ML) could be employed by malicious actors to enhance the capabilities and efficiency of cyberattacks. AI-powered attacks may include more convincing phishing attempts, automated malware creation, evasion of security measures, and personalized social engineering attacks, making it harder for traditional defense mechanisms to detect and prevent them.

Steve’s grade: A++

This prediction immediately brought to mind the famous scene from 2001: A Space Odyssey, where HAL, the onboard AI, tells Dave that he knows about the plan to disable him and won’t let him do it. he fact that ChatGPT, a GenAI app, predicts that GenAI will make attacks harder to stop by traditional means is certainly ironic, if not indicative of the power of AI in today’s world.

I am sure most organizations are trying to strategize how to combat AI-driven attacks in the future, but there is no clear leading approach. Without a doubt, vendors will introduce new products and capabilities attempting to identify and thwart AI-driven attacks in 2024 that use AI to identify AI attacks, which brings to mind another famous movie scene from the cult classic War Games.

In the movie’s ultimate scene, the WOPR takes control of the nuclear missile codes and attempts to start World War III. Our hero turns the computer against itself in a game of Tic-Tac-Toe, eventually leading it to the ultimate decision that the only winning move is not to play the game or start a global thermonuclear war (lucky for us).

All kidding aside, there is a real chance that the near-term future threat landscape might look wildly different than it does today once attackers incorporate the full power of AI. Forward-leaning security teams need to be vigilant in seeking out new technologies to augment their existing security controls; otherwise, the battlefield they have worked hard to even might quickly become one-sided – and not in the direction they want it to be.

Third prediction: Exploitation of IoT devices and smart infrastructure

With the increasing adoption of IoT devices and the development of smart cities and homes, cybercriminals may exploit vulnerabilities in these interconnected systems. Attacks could range from IoT-based botnets for DDoS attacks to unauthorized access to sensitive data through compromised smart devices, emphasizing the need for robust security measures and IoT-specific defense strategies.

Steve’s grade: A

The barriers between traditional IT infrastructure and the expanding IoT world are quickly vanishing, and attackers know it. Recently, there was a not-so-publicized attack where the attacker penetrated an organization’s environment through – wait for it – an internet-enabled fish tank thermometer. Once they owned the thermometer, they could hop to the internal network and deploy their attack.

Now, who am I to say only some appliances we use need to be connected to the internet? I enjoy that my new washer and dryer send notifications to my phone when their cycles are complete. However, the conveniences we enjoy that make everyday tasks a little less annoying come with a price.

For security teams, the best way to protect the entire environment is to ensure that those IoT devices used by employees and contractors are appropriately partitioned off from the intranet, minimizing the chance for a creative attacker to turn your internet-enabled espresso machine into their initial attack vector.

Fourth prediction: Supply chain attacks and third-party risk

Supply chain attacks might become more prevalent as attackers target software vendors and suppliers to compromise their products, affecting a broader range of organizations. Third-party risks could be exploited to gain unauthorized access to networks, inject malicious code, or steal sensitive data. Organizations will need to focus on securing their supply chains and closely vetting the security measures of third-party providers.

Steve’s grade: A+

The dreaded third-party risk can keep even the most confident security professional up at night. As your organization expands and your use of contractors grows, the risk that one of them could unwittingly be patient zero of an attack becomes very real. We all remember the Target hack of 2013, where a third-party contractor that fell victim to a phishing attack led to a multimillion-dollar breach with losses that exceeded $200 million.

While that attack was a wake-up call for many organizations to be more vigilant regarding their network segmentation, third-party access, and more, only some have taken the appropriate steps to ensure they are protected from a similar attack.

Security solutions like our Open XDR Platform, which automatically correlates security-relevant alerts and data from any number of security products, are a great way to ensure that anomalous behaviors most certainly did occur during the Target breach, do not go unnoticed. Since this prediction focuses on supply chains, let’s briefly discuss it.

We know that when supply chains are disrupted, we all feel it. Remember when many shelves in our favorite stores were suddenly empty due to COVID? Now imagine supply chain disruptions due to a successful cyberattack impacting multiple suppliers of products we depend on, with no easy resolution. Talk about pandemonium.

The good news is that the risk of a widespread supply chain disruption due to a cyberattack can be mitigated with good network hygiene and following architecture best practices. While eliminating the potential of an attack is unrealistic, ensuring proper network segmentation, adopting new automation capabilities regarding security analytics, and (yes, again) proper cybersecurity training for everyone, including contractors, can go a long way.

ChatGPT ends its predictions with this statement: “It’s essential to stay updated with the latest developments in the cybersecurity field and adapt to emerging threats as they evolve. Organizations should invest in proactive cybersecurity strategies, employee training, and robust incident response plans to mitigate potential risks.”

I couldn’t agree more. Well said.

Overall, I have to admit that ChatGPT came up with some pretty decent and applicable predictions for 2024. The fact of the matter, though, is that no one knows what the new year has to offer, aside from the fact that attackers will continue to attack, defenders will continue to defend, and vendors and service providers will be here to help.

Thanks again to ChatGPT for collaborating with me on this article. Well done, my AI friend.