While the world will always be unpredictable, several strong trends in cybersecurity point to promising and concerning developments in the months ahead. One thing’s for sure: 2024 will be a very significant and interesting year.

Artificial intelligence (AI) has advanced at an incredible pace in recent years, and its implementation in cybersecurity is only going to become more prevalent and important. It could eventually become a game-changer in the industry.
This year, the evolution of AI and quantum computing could lead them to meet head-on. There’s huge potential for some incredible and unwanted results. Quantum computing will make today’s encryption techniques obsolete overnight. This will also impact the current hot topic of identity verification. The security industry is already thinking about and planning how to manage this, how we share information safely, how we manage trust and privacy, and many other worries that could impact society and everyday life.

The Threat of Deep Fakes

The evolution of generative AI and deep fakes will become a real threat to democracy. Advancements in this technology will lead to voice and video phishing attacks becoming much more frequent and more difficult to identify. As yet, we haven’t developed solutions to enable people to identify which videos or voice recordings are genuine and which are fake.

In 2024, around two-thirds of citizens living in the democratic world are eligible to vote in national or presidential elections. Democracy will face its biggest challenge this year and we could see widespread manipulation of the public through misinformation, disinformation, and manipulation of communications and voting procedures.

We’ve already seen governments taking steps to be much more active in cybersecurity and this is sure to accelerate in 2024 as cybercrime is recognized to damage national economies. Governments will bring in tougher regulations and perhaps take other actions to disrupt threat actor operations. This will reduce the damage caused by lesser-skilled cybercriminals.

Harness AI for Good

Cybersecurity professionals will finally have the chance to harness AI for good, and certainly more efficiently and effectively than attackers can adopt it for malicious intent. AI requires a lot of computing power. This is controlled by supply chain issues and large providers who will be able to verify and approve their customers. Defenders will be able to use AI as a force multiplier and make it much harder for cybercriminals to infiltrate IT estates.

We’ve already seen news headlines about AI’s impact on employment and the jobs market. AI will certainly change things in cybersecurity, but we doubt it will relieve the demand for experienced experts. In fact, as threats increase, companies will need more senior and experienced professionals than before to solve even more complex problems. So, the talent shortage at the top levels could be exacerbated. But it’s too early to pinpoint this demand exactly at this point.

For years, the cybersecurity industry has been in a reactive mode, trying to solve problems and repair damage caused by cybercriminals. Prevention is always better than a cure. So, the fast-growing domain of security posture management could finally come into its own. While this has been done across different cloud platforms, the ability to measure security posture management will get more interesting as companies expand the features and toolsets of their services (including third parties) to include preventative controls and extensive exposure management scoring to lower everyone’s security risk profile. We expect to see new dashboards and across-the-board product integrations, all supercharged by AI.

Increased use of LLMs

Large language models (LLMs) have come to the fore in the last 12 months. In the next 12, we expect them to significantly improve information exchange from systems to technical employees through to non-technical employees. LLMs can provide much more machine-led feedback in cybersecurity and raise the quality of incident tickets, thereby accelerating security analysts’ work and enabling better communication with people in other parts of the business.

LLMs are sure to be increasingly used for alert handling, response guidance, vulnerability assessments, designing red teams and tests, plus other areas that will become clear as the industry evolves. And employees who are trained with and comfortable using AI tools will be more productive. The combination of human ingenuity and AI will allow people and organizations to achieve more than ever before.

And it could finally be the year when the use of passwords will slowly but surely begin to decline. Last year, FIDO PassKeys helped to start making the passwordless approach viable for websites whilst being supported by all the major players.

Steven Marandola, VP of innovation at Quorum Cyber, Penny Allen  – solutions director for managed detection and response at Quorum Cyber, and Paul Cullimore  –  solutions director for Microsoft Defender at Quorum Cyber, all contributed to this article.