Read on to explore this and six other cybersecurity trends possibly making headlines next year.

In 2024, our experts predict the following cybersecurity trends as follows.

First, the adoption of AI and generative AI for cybercrime will continue to accelerate. One key trend will be the increasing use of real-time deep fake technology to augment social engineering tactics. Attackers will be leveraging advanced AI capabilities to create convincing fake identities and manipulate individuals or systems for malicious purposes. 

Second, with more organizations migrating to cloud infrastructure, Tier-0 assets such as Azure Active Directory, AWS Identity and Access Management, and Identity-as-a-Service will be emerging as the new “keys to the kingdom”. As a result, they will become increasingly attractive targets for cyberattacks. We can expect to see a surge in attacks and attempts aimed at compromising these cloud assets. Additionally, attackers may employ cascading supply chain attacks to access these assets.

Jeffrey Kok, Vice President, Solution Engineer, Asia Pacific & Japan, CyberArk

Other predictions

Thirdly, we expect supply chain attacks, particularly cascading supply chain attacks, to increase in 2024. Such attacks are on the rise due to their effectiveness in circumventing hardened targets. Attackers will exploit vulnerabilities in interconnected, trusted, but softer targets — to infiltrate more secure systems. Also:

    1. More session hijacking and cookie theft attempts
      These tactics are becoming more commonplace in cyberattacks, and involve stealing user session information and cookies to gain unauthorized access to web services and accounts. With the increasing reliance on online services and applications these attacks will likely escalate.
    2. Greater interest in securing and isolating web content
      The need to mitigate the risks associated with session hijacking, cookie theft and other web-based threats will lead to the adoption of secure browser and web isolation technologies. Many organizations will explore or implementing technologies that isolate web content.
    3. Passkeys will gain momentum
      With major technology firms like Google, Apple, and Microsoft integrating passkey technologies into their systems, organizations planning or preparing for passwordless projects will likely initiate pilots and projects to adopt this more secure authentication method. Passwordless authentication eliminates the vulnerabilities associated with traditional passwords.
    4. Sanctioned SaaS adoption in regulated industries
      Regulated industries such as those in the financial services and critical information infrastructure have historically been hesitant to adopt Software-as-a-Service (SaaS) security offerings due to a lack of legislative endorsement or regulatory ambiguity. However, regulatory agencies in the region are in the process of amending, loosening, or clarifying guidelines related to SaaS adoption for security solutions. This legislative shift will enable more regulated industries to embrace and deploy cutting-edge security offerings, including those based on AI and Big Data, to enhance their cybersecurity posture.