Top Cyber Risks and Threats for 2024

by Jeffrey Kok, Vice President, Solution Engineers, Asia Pacific & Japan, CyberArk

In the ever-expanding digital landscape, the realm of cybersecurity is undergoing a dynamic transformation, marked by the relentless evolution of cyber threats and the parallel rise of innovative technologies. We expect these trends and challenges that cybersecurity professionals and organisations are likely to face in the coming year.

1) AI & Generative AI Adoption for Cybercrime:
The adoption of AI and generative AI for cybercrime will continue to accelerate. According to the PwC 2024 Global Digital Trust Insights survey, most respondents (52%) indicated that Generative AI will lead to a survey of ‘catastrophic’ cyber attacks within 2024. One key trend for using Generative AI by cyber attacks is the increasing use of real-time deep fake technology to augment social engineering tactics, making it more mainstream in cyberattacks. Attackers are leveraging advanced AI capabilities to create convincing fake identities and manipulate individuals or systems for malicious purposes.

2) Cascading Supply Chain Attacks:
According to CyberArk 2023 Identity Security Threat Landscape Report, 61% of organisations in APAC indicated that they would not be able to stop -or even detect – an attack stemming. We expect supply chain attacks, particularly cascading supply chain attacks, to increase in 2024. Cascading supply chain attacks are a type of supply chain attack where a hacker gains access to one system and then uses that access to compromise other systems that are connected to it. Such attacks are on the rise due to their effectiveness in circumventing hardened targets. Attackers exploit vulnerabilities in interconnected, trusted, but softer targets to infiltrate more secure systems.

3) Session Hijacking and Cookie Theft:
Session hijacking and cookie theft are becoming more commonplace in cyberattacks. These techniques involve stealing user session information and cookies to gain unauthorized access to web services and accounts. These attacks will likely escalate with the increasing reliance on online services and applications.

4) Secure Browser and Web Isolation:
The increase in the adoption of secure browser and web isolation technologies is driven by the need to mitigate the risks associated with session hijacking, cookie theft, and other web-based threats. Many organisations recognise the growing vulnerability of web browsers and are exploring or implementing technologies that isolate web content to enhance security.

5) Passwordless Authentication with Passkeys:
Passwordless authentication is gaining momentum, especially with major technology companies like Google, Apple, and Microsoft integrating passkey technologies into their systems. Organisations planning or preparing for passwordless projects will likely initiate pilots and projects to adopt this more secure authentication method. Passwordless authentication eliminates the vulnerabilities associated with traditional passwords.

6) Legislative Loosening on SaaS Adoption for Regulated Industries:
Regulated industries, such as Financial Services (FSI) and Critical Information Infrastructure (CII), have historically been hesitant to adopt Software-as-a-Service (SaaS) security offerings due to a lack of legislative endorsement or regulatory ambiguity. However, regulatory agencies in many countries in the region are in the process of amending, loosening, or clarifying guidelines related to SaaS adoption for security solutions. This legislative shift will enable more regulated industries to embrace and deploy cutting-edge security offerings, including those based on AI and Big Data, to enhance their cybersecurity posture.