Virtualization Technology News and Information
Article
RSS
IRONSCALES 2024 Predictions: A Tumultuous 2024 for Enterprise Email Security

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

IRONSCALES Predicts a Tumultuous 2024 for Enterprise Email Security

Generative AI’s Seismic Effects on Cybersec Continue — Threatening to Unleash a Tsunami of Highly-Sophisticated, Highly-Targeted Attacks That Leave Boardrooms Flat Footed

By Eyal Benishti, CEO of IRONSCALES

A year ago, we predicted that the emergence of commercially available generative AI (genAI) technologies would fundamentally reshape the cybersecurity landscape in 2023. Unfortunately, we were right. 

Now, as we head into 2024, it's become clear that our only miscalculation may have been in underestimating the true impact of these technologies. In little more than a year, artificial intelligence has become the single most critical technological asset to parties on both sides of the battlefield.

As hackers use AI to launch ever more sophisticated, targeted attacks - with increasing frequency, volume and precision - security vendors are working overtime to develop new, more advanced detection methods to counter these threats. 

As the AI arms race continues to gather speed, we foresee the following predictions playing out in the year ahead:

Top 3 Cybersecurity Predictions for 2024 from IRONSCALES

1.  Cyber attacks leveraging NLP-evasion techniques, including image-based attacks (QR code phishing or "quishing"), deep fake videos and reverse-text emails, will skyrocket in 2024: With volumes on track to more than triple from 2023 

Just as cybersecurity vendors make significant strides in using AI-based natural language processing (NLP) to detect fishy-sounding text, cybercriminals are already pivoting - this time, to new, image- and video-based strategies - in order to evade detection. From Q1 to Q3 of 2023, IRONSCALES data analysts observed a staggering 215% increase in phishing emails employing malicious images, and as we head into 2024, the trend shows no signs of abating. These image-based attacks, such as QR code phishing (or "quishing"), use QR codes, images, and even reversed-text, in emails in order to sidestep NLP defenses. Enabled by the rise of multimedia generative AI (genAI) platforms like DALL-E and Midjourney, attackers can now produce original, professional-quality imagery in mere seconds, with little-to-no skill or training required. Organizations would be wise to feature these kinds of image-based NLP-evasion attacks as a part of their security awareness training (SAT) efforts heading into the new year.

2.   2024 will mark the beginning of the age of account-based phishing (ABP): Highly-sophisticated, hyper-targeted attacks will give a whole new meaning to the idea of spear phishing

As traditional anti-phishing defenses - such as malicious link and attachment detection - become increasingly difficult to evade, attackers are leveraging genAI to revive the age-old techniques of social engineering. And with all the time and effort genAI is saving them in generating actual text, attackers are taking greater care in refining their targeting. With the help of sites like LinkedIn and The Org, attackers can peer into the inner-workings of an organization - including a potential target's role, who they report to, who their recurring partners or vendors are, and more. Equipped with this inside information - and further enabled by OpenAI's impending roll-out of a "build-your-own-bot" offering - we will most certainly see a rise in more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. 

3.  Cybersecurity expertise will become non-negotiable in the boardroom: As the broader business community wakes up to the gravity of today's threat landscape

A recent study found that, in 2023, just 12% of S&P 500 companies had board directors with relevant cybersecurity credentials. A complementary study from the Wall Street Journal estimated that, as of Aug. 31, those directors made up a paltry 2.3% of all directors on the boards of companies in the S&P 500. However, the same research found that, dismal as those numbers may be, they're a marked increase from just one year prior. As the frequency, volume, and overall financial impact of cyberattacks continue to rise steadily year-over-year, we predict that 2024 will be the year in which the boardrooms will at last make a concerted effort to bolster their cybersecurity expertise, lest they find themselves scrambling to fill the void in the wake of a serious breach.

##

ABOUT THE AUTHOR

Eyal Benishti 

As Chief Executive Officer at IRONSCALES, Eyal Benishti pioneered the development of the world’s first self-learning email security solution that combines AI, machine learning, and human insights to automatically stop advanced phishing, BEC, and account takeover attacks.

Eyal brings to his executive leadership role over 15 years of software industry experience with enterprise and startup companies. Prior to founding IRONSCALES in 2013, he was a security researcher and malware analyst at Radware and worked as technical lead for various information security solutions at Imperva.

Previously, he held a variety of R&D roles with Comverse and Amdocs. A passionate cybersecurity researcher from a young age, Eyal earned his bachelor’s degree in computer science and mathematics from Bar-Ilan University in Israel.

Published Thursday, December 07, 2023 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2023>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456