Cybersecurity “Predictions” – Let’s Talk about 2024

Cybersecurity “Predictions” – Let’s Talk about 2024
7 minute read

It’s that time of year again! When everyone talks about the future and tries to predict what threats will persist or grow versus those that may shrink or fade away entirely. Just as last year, we decided to evaluate future threats with an eye on what we consider to be “Always On,” “On the Horizon,” or “Overhyped.”

  • Always On: These items demand attention because they are as enduring as death and taxes. They’re equally inevitable, ubiquitous, unexciting, and scary, too.
  • On the Horizon: This is the most interesting set of considerations because the threats are here but not fully formed. They are likely to grow and will need to be taken seriously now and in the year ahead.

Overhyped: These are topics everyone discusses even though most have yet to learn why (or if) we should be expending energy on them.

Always On

Ransomware & Digital Extortion still aren’t going anywhere.

  • Ransomware continues to succeed in part because the primary delivery method remains phishing emails, and those will continue to improve as generative AI keeps improving those campaigns.
  • Ransomware and digital extortion will likely account for more than half of all global cyber attacks next year.
  • Double-extortion in 2022 and triple-extortion in 2023 demonstrate how criminals continue to evolve this winning criminal strategy.

Source: ZeroFox Intelligence

Social Engineering keeps growing.

The steady stream of phishing campaigns observed in 2023, combined with growing maturity and access to generative AI tools, ChatGPT, and competing tools for generating text to make phishing lures more convincing, means this threat is here to stay.

Source: ZeroFox Intelligence

The Deep and Dark Web continues to be critical real estate for cybercriminals.


Mis/Dis/Malinformation (MDM) is the existential threat of our times.


On the Horizon

Artificial Intelligence (AI) Enabled Cyber Threats are only going to grow.

  • Synthetically generated text tools (ChatGPT, Google Bard, Microsoft Bing Chat, and more) improve the efficiency and effectiveness of authoring phishing campaign lures.
  • Free and easy-to-use tools for generating synthetic audio and video have the power to greatly improve the believability of scams like business email compromise (BEC).
  • Adversaries may seek to poison source data used by AI, resulting in organizations that are over-reliant on AI being systematically misled in their decision-making.

Cryptocurrency-Related Threats appear to be on the rebound

Social Media use continues to grow, albeit only slightly

  • The average internet user in 2023 spends 151 minutes per day on social media sites, up four minutes from the previous year.


Nation-State Threats remain scary—and are STILL not likely your top concern.

Source: Microsoft Digital Defense Report 2023

Metaverse continues to have interest beyond its current impact.

What Can You Do?

An effective security program isn’t about addressing the biggest, scariest threats making headlines. It’s about fundamentally understanding and assessing your risk profile and prioritizing your defenses in the following ways.

  1. Know Yourself: Identify and work with stakeholders to codify intelligence requirements to maximize the value of time and effort expended defending the organization. Additionally, document and monitor your internal environment (i.e., CMDB and Crown Jewels) and external attack surface, including social media.
  2. Know Your Adversaries: Invest in intelligence on adversaries most likely to have the desire and capability to do you harm, including their tactics, techniques, and procedures (TTPs), motives, and previous actions.
  3. Know the Shared Terrain: Capitalize on intelligence to proactively understand the planning, facilitation, and execution of attacks within the deep, dark, and open web, and implement security strategies and policies that reduce exposure to those threats, and compensate for remaining risks.

To learn more about he current threat landscape and what types of threats security teams can use to plan for 2024 and beyond, download the full report for the full debrief on 2024 cybersecurity trends.

See ZeroFox in action