Threat actors tap social engineering and AI to drive more cyber attacks in 2024, says GlobalData

In the new year, GlobalData Advisory Report “2024 Enterprise Predictions: Secure by Design,” predicts that cybercriminals will be quick to innovate and expand their use of methods like social engineering, and deceptive practices used to influence people to release sensitive or personal data for illegal purposes.

Amy Larsen DeCarlo, principal analyst, Enterprise Technology and Services, at GlobalData, comments: “Cybercriminals are exploiting the biggest vulnerability within any organization: humans. As progress in artificial intelligence (AI) and analytics continues to advance, hackers will find more inventive and effective ways to capitalize on human weakness in areas of (mis)trust, the desire for expediency, and convenient rewards.”

In 2023, concern about AI being used for nefarious purposes increased with the unprecedented developmental progress in areas like generative and synthetic AI. Threat actors can apply AI to change up malware algorithms so quickly that security software doesn’t recognize the potential danger associated with tactics like deepfakes.

Larsen DeCarlo adds: “But it is not all bad news. More vendors and managed security services providers (MSSPs) are outlining plans to incorporate generative and other forms of AI in their solutions as a means to not only expedite and improve threat identification but also to streamline and optimize incident remediation.”

As employees, particularly those in IT and security,  become more comfortable with AI use in their job functions, they will be more receptive to it as an important tool in the defense against cyberattacks. Vendors will need to offer proof points of effective AI outcomes in trials and production to reassure their clients that it can potentially be a very effective defensive measure.

Larsen DeCarlo concludes: “In 2024, enterprises contending with challenged markets will need to tighten IT budgets.  This will jeopardize some cybersecurity investments at a time when organizations can’t afford to not prioritize fortifying their defenses.

“Enterprises will continue to work toward deploying Zero Trust Architectures that apply the “never trust, always verify” principle to each access request.  Enterprises will also continue to work on better integrating security into all of their network services via wider secure access service (SASE) implementations.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here