Cybersecurity: trends and forecasts for 2024

Paris 2024 risks “eight to ten times more than the Tokyo Games” confides Bruno Marie-Rose, the event’s technology director. These threats are exacerbated by the cyberwar in Ukraine. During the previous Summer Olympics in Tokyo, 450 million attacks were recorded. Indeed, while these sporting events generate widespread enthusiasm, they are not immune to serious cybersecurity threats. This is precisely what the ANSSI emphasizes in its latest report, highlighting the diversity of information systems that could be targeted.

What are the email security trends / forecasts for 2024?

2023 is drawing to a close, and companies are immersed in drawing up their future action plans and budgets. According to Gartner, by 2026 generative artificial intelligence will significantly alter 70% of IT design and development effort. Cyber-attack techniques are evolving, and hackers are developing increasingly sophisticated methods to counter existing security measures.

Increasingly sophisticated cyberattacks

Several types of cyberattack were highlighted in 2023, and will continue to evolve in 2024. The key issue is the sophistication of these attacks. In effect, it’s the evolution of ransomware, malware and phishing techniques.

• Growing use of artificial intelligence: In 2023, Chat GPT will be at the forefront of computer exploits, and the use of artificial intelligence is booming. However, this platform is not only used for positive purposes. Many hackers are learning how to exploit it maliciously and are developing their attack techniques by creating more and more pirated content. Thanks to Large Language Models, they exploit advanced AI systems designed to understand, generate and interact with human language in highly sophisticated ways. According to Google Cloud, these platforms risk becoming an active business for cybercriminals.
• Exploitation of zero-day vulnerabilities: As the name suggests, this flaw exploits unknown vulnerabilities, giving companies “zero days” to counter the threat. The development of this cyberattack can be explained by the increased complexity of software, the advancement of hackers’ methods and the expansion of the Internet of Things (IoT). In 2021, some hospitals in Paris were attacked through the exploitation of this vulnerability by internal software. This type of vulnerability makes cyberattacks virtually unstoppable and increasingly difficult to counter.
• Advanced Persistent Threat (APT): This is the most complex and sophisticated of all targeted cyberattacks. This fast-growing method is mainly characterized by its aim of penetrating deep into the networks of a targeted organization and remaining hidden there for a long period. In 2020, attackers succeeded in inserting malicious code into Orion software updates. This malicious code was distributed to thousands of SolarWinds customers. This cyberattack is considered to be one of the most sophisticated and widespread, underlining the vulnerability of software supply chains and the increasing sophistication of cyberattacks.
• Malware and ransomware: In 2024, certain categories of malware will stand out for their tendency to evolve. These are polymorphic malware, metamorphic malware, cryptojacking, ransomware as a service and AI malware. Polymorphic and metamorphic malware are similar in the way they evolve. Polymorphic malware changes its code from victim to victim, while metamorphic malware rewrites its code with each new infection. In both cases, they are difficult to spot. As far as cryptojacking is concerned, this malware integrates a device to extract crypto-currencies, generally resulting in financial losses. It’s a threat that’s becoming increasingly widespread due to the popularity of crypto-currencies. In addition, ransomware as a service (RaaS) is often marketed on underground forums or dark web markets. This is malware created by hackers and rented out to other cybercriminals. As for artificial intelligence (AI)-assisted malware, it will be able to evolve while avoiding detection.
• Advanced phishing can refer to several types of attack, such as fake QR Codes, spear-phishing, social engineering, etc… QR codes, originally designed to facilitate access to information, have now been hijacked by cybercriminals to deceive users. As for spear-phishing, its principle is almost identical to phishing, but is a much more elaborate technique. Finally, social engineering is an attack approach based on the manipulation and deception of individuals to obtain sensitive information or gain access to computer systems. As cyberattacks continue to evolve, they are likely to become more complex to counter.

How to anticipate the risks of cyberattacks in 2024?

Threat detection is essential to protect organizations, especially VSEs, SMEs and ETIs, against evolving cyberattack trends. There are a number of tools and technologies designed to detect and counter these attacks. By combining advanced e-mail security solutions with training and awareness programs, companies can strengthen their security against the hidden tactics of hackers. Continuous vigilance is essential.

In 2024, organizations will invest more in e-mail security training and awareness programs to educate their staff on the latest e-mail threats and best practices. This will enable teams to identify and report suspicious e-mails more quickly.

Who are the targets of evolving cyberattacks?

Before countering these threats, it’s important to know who they’re targeting. This question remains crucial, even if current events prove that cyber attacks can affect any type of business. Just as the question of whether the cost of a cyber attack is greater for an SME than for a global corporation is complex, and depends on a number of factors. Risks therefore include the healthcare and energy sectors, SMEs, companies dependent on the cloud, and those with access and identity management problems.

Growing responsibilities for ISRs, CIOs and CISOs

The risk of saturation is high among these professionals. Between burnout and data loss, IT and cybersecurity managers are the first victims. According to a study on the state of cybersecurity, 73% of employees will have resigned due to burnout in 2022, compared to 81% in 2023. This increase highlights the considerable weight these players carry on a daily basis.

Their responsibilities are increasing further, particularly with the implementation of the NIS 2 directive (Network and Information Security, second version). Adopted in January 2023, companies have until October 17, 2024 to bring themselves up to date. It succeeds the NIS 1 directive and introduces new measures to ensure a high level of security for networks and information systems.

In 2024, the sanity of these professionals is increasingly put to the test due to the constant evolution and sophistication of cyber attacks. Managers not only have to protect their organization’s critical infrastructures, but also ensure compliance with ever-changing security standards, significantly increasing pressure and stress at work.

What solutions can we expect?

By 2024, e-mail authentication methods will have undergone significant improvements. Technologies such as Domain Based Authentication, Reporting and Compliance (DMARC) and Domain Key Identified Mail (DKIM) will continue to evolve to provide stronger authentication and better protection against e-mail spoofing and spoofing. The aim is to help organizations build trust in e-mail communications and reduce the chances of falling victim to phishing attacks.

To protect your business against these growing threats, you need to :

• Strengthen your software security
• Improve your detection tools (e.g. e-mail filtering)
• Educate and raise awareness among your staff
• Collaborate and share information
• Adopt multi-layered security

By anticipating these developments, you can strengthen your messaging security for years to come. Companies need to adapt by raising security awareness, training staff and implementing robust security measures to deal with these threats. This includes using advanced security solutions and regularly reviewing security policies to stay one step ahead of cybercriminals.

In 2024, protection against cyber attacks requires a comprehensive approach, combining awareness, advanced technologies, and proactive strategies. Advanced solutions like Altospam’s Mailsafe (anti-phishing, anti-spear phishing, anti-malware and anti-ransomware), play a key role in securing businesses against increasingly sophisticated threats. By adopting these measures, companies can not only adapt quickly but also defend themselves against the evolution of cyber-attacks.