Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
IRONSCALES Predicts a Tumultuous 2024 for Enterprise Email Security
Generative AI’s Seismic Effects on Cybersec Continue — Threatening to Unleash a Tsunami of Highly-Sophisticated, Highly-Targeted Attacks That Leave Boardrooms Flat Footed
By Eyal
Benishti, CEO of IRONSCALES
A year ago, we predicted that the emergence of commercially
available generative AI (genAI) technologies would fundamentally reshape the
cybersecurity landscape in 2023. Unfortunately, we were right.
Now, as we head into 2024, it's become clear that our only
miscalculation may have been in underestimating the true impact of these
technologies. In little more than a year, artificial intelligence has become
the single most critical technological asset to parties on both sides of the
battlefield.
As hackers use AI to launch ever more sophisticated, targeted
attacks - with increasing frequency, volume and precision - security vendors
are working overtime to develop new, more advanced detection methods to counter
these threats.
As the AI arms race continues to gather speed, we foresee the
following predictions playing out in the year ahead:
Top 3
Cybersecurity Predictions for 2024 from IRONSCALES
1. Cyber
attacks leveraging NLP-evasion techniques, including image-based attacks
(QR code phishing or "quishing"), deep fake videos and
reverse-text emails, will skyrocket in 2024: With
volumes on track to more than triple from 2023
Just as cybersecurity
vendors make significant strides in using AI-based natural language processing
(NLP) to detect fishy-sounding text, cybercriminals are already pivoting - this
time, to new, image- and video-based strategies - in order to evade detection.
From Q1 to Q3 of 2023, IRONSCALES data analysts observed a
staggering 215% increase in phishing emails employing malicious images,
and as we head into 2024, the trend shows no signs of abating. These
image-based attacks, such as QR code phishing (or "quishing"), use QR codes,
images, and even reversed-text, in emails in order to sidestep NLP defenses.
Enabled by the rise of multimedia generative AI (genAI) platforms like DALL-E
and Midjourney, attackers can now produce original, professional-quality
imagery in mere seconds, with little-to-no skill or training required.
Organizations would be wise to feature these kinds of image-based NLP-evasion
attacks as a part of their security awareness training (SAT) efforts heading
into the new year.
2.
2024 will mark the beginning
of the age of account-based phishing (ABP): Highly-sophisticated, hyper-targeted attacks will give a whole new
meaning to the idea of spear phishing
As
traditional anti-phishing defenses - such as malicious link and attachment
detection - become increasingly difficult to evade, attackers are leveraging
genAI to revive the age-old techniques of social engineering. And with all the
time and effort genAI is saving them in generating actual text, attackers are
taking greater care in refining their targeting. With the help of sites like
LinkedIn and The Org, attackers can peer into the inner-workings of an
organization - including a potential target's role, who they report to, who
their recurring partners or vendors are, and more. Equipped with this inside
information - and further enabled by OpenAI's impending roll-out of a
"build-your-own-bot" offering - we will most certainly see a rise in more
targeted, sophisticated business email compromise (BEC) attacks, including VIP
impersonation, vendor email compromise (VEC), and autonomous agents used for
malicious purposes.
3. Cybersecurity expertise will
become non-negotiable in the boardroom: As the
broader business community wakes up to the gravity of today's threat landscape
A recent study found that, in 2023, just 12% of S&P 500 companies
had board directors with relevant cybersecurity credentials. A complementary study from the Wall Street Journal estimated
that, as of Aug.
31, those directors made up a paltry 2.3% of all directors on the boards of
companies in the S&P 500. However, the same research found that, dismal as
those numbers may be, they're a marked increase from just one year prior. As
the frequency, volume, and overall financial impact of cyberattacks continue to
rise steadily year-over-year, we predict that 2024 will be the year in which
the boardrooms will at last make a concerted effort to bolster their cybersecurity
expertise, lest they find themselves scrambling to fill the void in the wake of
a serious breach.
##
ABOUT THE AUTHOR
As Chief Executive Officer at IRONSCALES, Eyal Benishti pioneered the development of the world’s first self-learning email security solution that combines AI, machine learning, and human insights to automatically stop advanced phishing, BEC, and account takeover attacks.
Eyal brings to his executive leadership role over 15 years of software industry experience with enterprise and startup companies. Prior to founding IRONSCALES in 2013, he was a security researcher and malware analyst at Radware and worked as technical lead for various information security solutions at Imperva.
Previously, he held a variety of R&D roles with Comverse and Amdocs. A passionate cybersecurity researcher from a young age, Eyal earned his bachelor’s degree in computer science and mathematics from Bar-Ilan University in Israel.