A CISO's View: Top 4 Cybersecurity Issues for 2024

As the year comes to an end, it's time to look into the crystal ball. Here is my list of the top four cyber security issues for 2024.

Generative AI

For cyber defenders, AI will increasingly be used to identify cybersecurity vulnerabilities and for preventing cyberattacks; however, this technology will cut both ways. As generative AI matures and is linked with Generative Adversarial Networks (GANs), advanced, cost-effective audio and video content will drive a new wave of phishing and business email compromise (BEC) attacks. Read more here.

Ransomware

Ransomware is not going away, but the focus on targets will shift. In the last few weeks, multiple critical infrastructure entities have responded to ransomware. In one example, a large water district in the Dallas area, the North Texas Municipal Water District, was crippled by a ransomware attack. In another instance, a ransomware attack forced a chain of 30 hospitals in six states to divert patients from some of its emergency rooms to others.

Hacktivists

Hacktivists typically state a political reason as the motive for their attacks, and these are commonly related to major, global conflicts. One of the most common is a distributed denial of service (DDoS). These attacks are easy to launch and hard to prevent. A few weeks ago, humanitarian nonprofit organizations conducting relief operations in both Israel and Gaza were targeted, and a water treatment plan in Pennsylvania was impacted.

Governance

First, the U.S. Securities and Exchange Commission (SEC) filing charges against the CISO of SolarWinds highlights the fact that CISOs will be held accountable. This will have far-reaching impacts in 2024. Next up is data privacy. With the expansion of privacy regulation efforts around the world, look for companies to create roles for privacy officers. Compliance will be a key driver in 2024. One example is new rules by the SEC requiring disclosure of cyber security incidents. Threat actors are already leveraging these reporting requirements. One of the world's most active ransomware groups reported the victim of their attack to the SEC.

~~~

Michael Gregg is CISO for the State of North Dakota, and a SecureWorld speaker and Advisory Council member. This post appeared originally on his LinkedIn here.