A major trend in cybersecurity is the speed and adeptness with which hackers adapt their techniques to leverage technological advances. Attacks making use of social engineering have become more frequent and more expensive in 2023. The profitability and the simplicity of launching social engineering-related cyber attacks will drive an even higher volume of these incidents in 2024, according to GlobalData, a leading data and analytics company.
In the new year, GlobalData Advisory Report “2024 Enterprise Predictions: Secure by Design,” reveals that cybercriminals will be quick to innovate and expand their use of methods like social engineering, and deceptive practices for influencing people to release sensitive or personal data for illegal purposes.
Amy Larsen DeCarlo, principal analyst, Enterprise Technology and Services, at GlobalData, comments: “Cybercriminals are exploiting the biggest vulnerability within any organization: humans. As progress in artificial intelligence (AI) and analytics continues to advance, hackers will find more inventive and effective ways to capitalize on human weakness in areas of (mis)trust, the desire for expediency, and convenient rewards.”
During 2023, apprehensions regarding the misuse of AI for malicious purposes heightened due to the advancements in generative and synthetic AI. Threat actors can employ AI to rapidly alter malware algorithms, rendering security software incapable of promptly recognizing potential dangers posed by tactics such as deepfakes.
Larsen DeCarlo adds: “But it is not all bad news. More vendors and managed security services providers (MSSPs) are outlining plans to incorporate generative and other forms of AI in their solutions as a means to not only expedite and improve threat identification but also to streamline and optimize incident remediation.”
As employees, especially those in IT and security, grow more accustomed to utilizing AI in their roles, they will likely become more open to considering it a crucial tool in the fight against cyberattacks. Vendors must provide evidence of successful AI outcomes in trials and production to instill confidence in their clients, demonstrating that AI can indeed be a highly effective defensive measure.
Larsen DeCarlo concludes: “In 2024, enterprises contending with challenged markets will need to tighten IT budgets. This will jeopardize some cybersecurity investments at a time when organizations can’t afford to not prioritize fortifying their defenses.
“Enterprises will continue to work toward deploying Zero Trust Architectures that apply the “never trust, always verify” principle to each access request. Enterprises will also continue to work on better integrating security into all of their network services via wider secure access service (SASE) implementations.”