Join our daily and weekly newsletters for the latest updates and exclusive content on leading AI industry coverage. Learn More
IBM predicts that attackers will utilize generative AI to enhance their tactics, reaching a more dangerous level in 2024. The new year heralds an era of deception and identity abuse, with attackers using fake and stolen privileged access credentials to penetrate networks.
According to Gartner, 75% of security failures stem from poorly managed privileged access credentials and identities, a significant increase from 50% three years ago. A report from Unit 42’s Cloud Threat team found that 99% of identities across 18,000 cloud accounts from over 200 organizations had at least one misconfiguration, revealing gaps in Identity Access Management (IAM) protection. Similarly, CrowdStrike’s 2023 Threat Hunting Report noted that 80% of cyberattacks used identity-based techniques to compromise legitimate credentials and avoid detection. The report highlighted a 112% year-over-year rise in advertisements for access-broker services in the criminal underground.
Generative AI is becoming central to cyberattacks, with attackers exploiting vulnerabilities across threat surfaces. IBM suggests that attack strategies will become more multidimensional, employing sophisticated social engineering tactics created using generative AI.
Here are IBM’s ten cybersecurity predictions for 2024:
1. 2024 will be the year of deception. Charles Henderson, global head of IBM X-Force, predicts a busy year for cybercriminals due to geopolitical tensions, major US and EU elections, and the Paris Olympics. This perfect storm will elevate disinformation campaigns.
2. Cybercriminals are poised to use AI for improved deep fakes, audio fakes, and convincing AI-crafted phishing emails as part of their deception tactics.
3. Generative AI will simplify “customer acquisition” for cybercriminals by efficiently filtering, correlating, and categorizing exfiltrated data, transforming attack strategies into a customer acquisition process.
4. Enterprises will see an influx of “Doppelgänger Users” as identity-based attacks increase. Chief Architect Dustin Heywood predicts unusual user behavior as a sign of compromise, driven by the abundance of valid enterprise credentials on the Dark Web.
5. An AI version of the Morris Worm will mark a new era of cyberattacks. Head of Research John Dwyer foresees a significant attack event leveraging AI platforms as they become widely available.
6. Ransomware is headed for a makeover amid its midlife crisis. Dwyer predicts a decline in ransomware effectiveness in 2024, with more enterprises refusing to pay and opting to rebuild systems instead.
7. Generative AI adoption will shift CISOs’ focus to critical data. Vice President Akiba Saeedi highlights the importance of data security, protection, and privacy in AI-driven business models, pushing CISOs to reassess security and access controls.
8. Generative AI will elevate the role of security analysts. Chris Meenan, Vice President of Product Management, IBM Security, predicts that generative AI will handle tedious tasks, allowing analysts to focus on higher-level challenges and alleviating workforce pressures.
9. Cybersecurity will move from threat prevention to prediction. CTO Sridhar Muppidi envisions a transformative impact of generative AI, enhancing threat detection and response into predictive and protective measures.
10. A new approach to managing identities is coming. Wes Gyure, Director of Identity and Access Management, IBM Security, anticipates organizations adopting an “identity fabric” approach to integrate and enhance existing identity solutions rather than replacing them.
Additionally, “Harvest Now, Decrypt Later” attacks are expected to rise with advancements in quantum computing. Ray Harishankar, IBM Fellow, IBM Quantum Safe, warns of future quantum computers breaking security protocols. The U.S. National Institute of Standards and Technology (NIST) is developing new quantum-safe cryptography standards, expected in early 2024.