As we anticipate the cybersecurity challenges of 2024, it's important to reflect on the shifts and priorities that have shaped the past year. Driven by evolving perspectives on the significance of cyber risk and government-led legislation, organisations have redefined strategies, emphasising the need to encourage communications between business functions and work together to create a shared business objective for managing cyber risk. To embrace a shared business objective promotes and facilitates resilience against emerging threats, understanding threat actor motivations is crucial for making informed predictions about future cyber risks. Looking ahead to 2024, the dynamic landscape will usher in new priorities and trends, guiding organisations towards heightened resilience in the face of evolving cyber challenges.

Prediction 1: Large Language Models accelerating the time to ransom

In the on-going arms race between cybercriminals and defenders, adversaries are leveraging Large Language Models (LLMs), such as Chat GPT, to expedite the time to ransom, crafting nuanced and convincing attacks.

Despite safeguards, a NordVPN report indicates a 145% increase in ChatGPT-related DarkWeb forum posts, highlighting the growing interest in exploiting these models. This trend poses a heightened risk of social engineering and phishing attacks, with LLMs enabling adversaries to craft more convincing schemes.

The acceleration in time to ransom demands that organisations enhance their threat detection capabilities, invest in incident response plans, and fortify their overall cybersecurity posture. Vigilance and adaptability will be key in staying ahead of this emerging threat.

Prediction 2: Escalation of identify provider attacks

Identity providers are increasingly becoming prime targets for cyber adversaries. The 2023 Global Threat Report by Crowdstrike shows that threat actors are ‘doubling down on stolen credentials’, with a 112% year-over-year surge in advertisements for access-broker services in the criminal underground. This increase is attributed to the expansion of cloud usage and remote work seen in most organisations today.

Okta's October 2023 breach exposed the vulnerability of identity providers. Thousands of organisations and millions of individuals were impacted as sensitive files were stolen from Okta's customer support ticket system.

The Okta incident serves as a cautionary tale, prompting organisations to remain agile in adapting security strategies to counter evolving threat actor tactics, particularly those targeting identity.

Prediction 3: Third-party vendors in the crossfire

Resilience’s claims data reveals a substantial increase in cyber threat actors targeting third-party vendors to fund cybercriminal activities. Big game hunting, focusing on high-profile targets, is gaining prominence.

Businesses must scrutinise and secure their extended ecosystem of vendors, managing vendor risk as seriously as internal risk. Ensuring vendors meet rigorous security standards is crucial for defence against supply chain breaches. Businesses must vigilantly vet, employ resilient cybersecurity, and continuously monitor their extended vendor ecosystem.

Prediction 4: Top ransomware gang dominance to continue

LockBit’s supremacy in ransomware is expected to persist, marking its fourth consecutive year as the dominant ransomware gang. Considered as the most well-organised ransomware group in the world, they are responsible for 27.93% of all known attacks from July 2022 to June 2023.

The malicious software is secretly deployed inside organisations, to find valuable data, steal it, and then encrypt it, rendering it inaccessible to the legitimate users. This data is then held to ransom, leaving no choice but for businesses to pay or they risk never seeing the data again. LockBit victims in 2023 include the UK’s Royal Mail, Ministry of Defence, and aerospace company Boeing.

Organisations should prepare for Lockbit’s continued reign by focusing on proactive defence measures, including backup strategies, network segmentation and heightened security awareness training to mitigate the impact of potential threats.

Prediction 5: Zero-day vulnerabilities in the spotlight

State-backed threat actors will maintain their stronghold, leveraging zero-day vulnerabilities to advance their sophisticated campaigns. These targeted attacks are carried out by a state-sponsored actor against another government, individual or organisation, on a vulnerability in software that is unknown to those responsible for patching or fixing the flaw.

The Cybersecurity and Infrastructure Security Agency (CISA) officials have noted an increase in zero-day attacks in the past six months. Most notably, the conflict against Ukraine led to a surge in cyber warfare, with cyberattacks aimed at advancing political agendas or infiltrating strategic war tactics against a nation. Such attacks pose a significant threat to national security, targeting sectors such as IT and education.

The evolving threat landscape necessitates the need to prioritise vulnerability management, sharing threat intelligence and implementing rapid response measures, particularly within critical infrastructure.

Prediction 6: Increased data privacy challenges from underdeveloped LLMs and SaaS products

The introduction of LLMs in Software as a Service (SaaS) products raises concerns about potential data privacy breaches. The incorporation of advanced AI capabilities into digital and SaaS platforms is reshaping the online consumer experience. Yet, amidst the rapid adoption of cutting-edge AI technology, there is a considerable oversight concerning the vulnerability to cyber attacks that could inadvertently expose sensitive data.

Notably, LLMs like OpenAI's ChatGPT have data retention policies that may diverge from organisations' data handling strategies, leaving a security gap. Safeguarding the privacy of data processed by LLMs is a unique challenge, requiring innovative measures such as data encryption, creating secure isolated environments, and refining datasets to exclude confidential information.

Predication 7: Political disinformation campaigns

As the US and UK elections loom, Resilience predicts a surge in politically motivated disinformation campaigns manipulated through AI. This dual-threat scenario may prompt hacktivist attacks against state institutes, creating a complex and multifaceted cybersecurity challenge.

Effective disinformation campaigns exploit preexisting divides within target societies and groups, as witnessed in the 2020 US election. With the 2024 elections nearing, AI advancements could intensify disinformation tactics.

As of late, no legislation exists regarding AI, but an innovation framework was introduced in June to encourage domestic AI innovation with plans for drafting legislation within the next few months following discussions at AI Insight Forums.