AI powered cyber-attacks, deepfakes, supply chain vulnerabilities, resource shortages and increasing regulation will all affect cybersecurity in 2024, writes Kurt Hansen. Here are the top five trends for the year ahead.

1. AI-powered attacks and defence will create a high speed and high stakes game of cyber whack-a-mole in 2024  

Cybercriminals will increase use of AI in 2024 to enhance their attacks. This will include leveraging AI to create highly personalised spear-phishing messages that blend seamlessly with an organisation’s internal communication style. Attackers will also deploy AI to create deepfake voices to impersonate high-ranking executives. These sophisticated attacks may bypass traditional security systems leading to significant disruption. Organisations need to be alert as we head towards 2024.  

AI-powered defences: On the flip side, AI will increasingly be used as a powerful tool for defence. Cybersecurity professionals will harness advanced algorithms for threat detection in 2024, enabling security teams to respond faster than cyber attackers can move. AI’s ability to adaptively learn and detect novel patterns will help accelerate detection, containment, and response, easing the burden on security operations centre (SOC) analysts in 2024.

2. Supply chain attacks will continue to be a major issue 

Cyber attacks that exploit vulnerabilities in an organisation’s supply chain, including third-party software, hardware, and services will accelerate in 2024. Even if an organisation has robust cybersecurity measures, unsecured suppliers or third-party providers may be the gateway for hackers to bypass security controls. These attacks will continue to significantly spike in 2024, highlighting the need for organisations to assess their cyber supply chain risks as a critical defence. 

3. Skills shortages will be exacerbated by knowledge gaps when it comes to detecting and stopping cyber attacks   

The cybersecurity skills shortage will continue to pose multiple challenges for Australian and New Zealand organisations throughout 2024. 

Resource shortage: Demand will continue to increase in 2024 for skilled cybersecurity professionals across all domains of cybersecurity, but the supply will not keep up. This shortage will create additional cyber risks for organisations and will become a board-level priority in 2024. 

Knowledge gaps: Many employees still lack basic knowledge when it comes to cybersecurity awareness. This raises questions around the effectiveness of current security awareness programs. To address this issue, organisations need to ensure that cybersecurity knowledge and enterprise-wide training focused on security culture is firmly on the agenda in 2024. All employees must understand their role in helping keep their organisation cyber secure. In 2024, all employees will have a critical role to play in defence – as it has been for many years, it is no longer just the job of security professionals to secure an organisation. This is why Tesserent has invested in aquiring ALC Training to form the foundation of Tesserent Academy to educate thousands of entry level practicioners in cyber skills and provide certifications the industry desperately needs. 

4. Regulation and compliance will continue to be become more rigorous 

Regulatory risk in cybersecurity is volatile and constantly changing due to the evolving cyber threat landscape. Governments and regulatory bodies will continue to tighten existing compliance requirements and increase penalties in response to increasing cybersecurity threats in 2024. 

Regulatory challenges: Financial services regulators have called cyber risk the foremost risk to financial stability. Given the highly interconnected nature of the financial services sector and its dependencies on critical third-party service providers, all participants in the financial system in 2024 must implement risk mitigation and resilience initiatives relative to both frequency and impact of cyber threats. 

Compliance risks: Increasing legal and regulatory compliance requirements are a key driver for enhancements to cyber security capabilities. The increase in cyber attacks has driven a more stringent underwriting process, which has led to the maturing of the cyber insurance market.  Insurance companies will continue to demand much more from organisations when it comes to risk mitigation in 2024, for instance the requirement to have a 24/7 Security Operations Centre monitoring their environment.   

Tightening access for cybersecurity insurance: There will be a further tightening of access to cybersecurity insurance in 2024, when organisations seek to take out or renew policies. Organisations will spend much more time on providing insurers with independent and third-party cybersecurity audits with details greatly beyond compliance. Cyber insurance is becoming increasingly restrictive, harder to access and more expensive compared to just two years ago in the wake of high profile significant and costly attacks.   

5. Small and medium organisations will have more access to enterprise grade cybersecurity tools  

In 2024 and beyond we will see a democratisation in access to enterprise grade cybersecurity tools, processes, people and methodologies. Enterprise-grade tools will become more available and affordable for smaller organisations including local councils, SMBs and startups. It is no longer the case that only organisations with deep pockets can successfully defend their environments.

*Kurt Hansen is CEO at Tesserent

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter