We’ve reflected on the most important trends in 2023 to determine what organizations should expect in 2024 and beyond. Use this in consideration when preparing your organization’s top strategies and priorities for the year ahead.
AI was the defining trend of the past year, and there is every reason to believe it will be a dominating force in 2024. It will impact every aspect of your organization — from how you scale operational efficiency to what attackers will target within your organization. We also expect to see novel forms of Internet connectivity, increasing compliance complexity, and large changes to IT and security stemming from tightened budgets. Here are the top 10 predictions for the future of cyber security and IT.
Starlink, which provides Internet access to 60+ countries via satellite, currently requires a local downlink to operate, subjecting it to restrictions by national telecom regulators. In 2024, SpaceX will launch Starship, accelerating the pace of satellite deployment and permitting the introduction of optical links between them. These developments make it possible for a customer with a terminal to use the Internet without a local downlink - the signal can be transmitted between satellites and downlink somewhere else in the world. As a result, some countries will lose their leverage to impose restrictions on Internet access. We expect at least one country will have their national policy bypassed due to Starlink availability. Organizations will need to consider both national policy and practical political realities when considering deployment of their applications to a given locale.
As AI gets better at delivering code for app development and websites, basic frontend development will become fast, easy, and commoditized. To stay with the pack, frontend developers will need to work side by side with AI. And to truly stand out, successful frontend developers will need to bring more unique skills to the table — creativity, problem-solving, business acumen, or unique expertise. Those who utilize newer frameworks will have a leg up compared to more established frameworks that AI has been deeply trained on. Which frameworks frontend devs choose to use and the unique skills they bring to the table will impact the job market and how development processes change.
Threat actors frequently target new technology that becomes a crucial piece of organizational success, and AI is no exception. While we’ve already had major AI security issues such as data leakage, 2024 will be the year actors go after the AI models themselves. Organizations should be prepared for data breaches, model replication and theft, and even model tampering – attempts to manipulate AI outputs by changing the inputs the model is trained on. Those looking to secure their organization’s AI models should look at the National Cyber Security Centre’s (NCSC) and Cybersecurity and Infrastructure Security Agency’s (CISA) guidelines for secure AI system development.
2024 will be the year that organizations aggressively implementing generative AI will realize that it doesn’t come cheap. Between supply chain issues with AI chips, limited AI-optimized colocation space, and rising energy prices, we see a multitude of reasons to expect high costs in the coming year. And that’s not even counting the cost of carbon emissions to society. CFOs won’t allow unmetered costs much longer without a clear path to a return on investment.
To that end, we expect organizations to implement developer tooling that can provide insights, guardrails, and monitoring for AI deployments, especially in the experimentation phase, to ensure that costs stay under control. Developers will also be pressured to accomplish more with fewer computational resources. Task-specific models, trained from foundational models, will be key to reducing the computational footprint required. Solutions must be achievable with smaller compute footprints, such as single GPUs on a server, CPU-only servers, laptops, cellphones, etc.
The Internet is now critical infrastructure, and it’s not controversial to say next year it will become more targeted than ever before. As more zero-days, flaws in popular software, supply chain issues, and threat actor tactics evolve and come to fruition, organizations must remain hyper vigilant on the steps they can take to remain resilient. In 2024, security leaders will begin the mindset shift towards turning incident management, patching, and evolving security protections into ongoing processes. Responsible disclosure will be a critical pillar in upholding resilience – no matter the priorities or style of the CISO. Managing incidents like zero-days isn’t as simple as “run the patch, now you’re done.” Mitigations like patches for each variant of a vulnerability may reduce your risk, but they never fully eliminate it.
Implementing Zero Trust has been a frustrating exercise for organizations attempting to secure an insecure network. It's a challenge to eliminate excess access within the network and deal with permutations of locations among data, applications, and users. We expect to see an inflection point in 2024, where Zero Trust projects shift away from inserting products into the network path and elevate into security controls and contextual policies enforced through Secure access service edge (SASE). This, in effect, creates a control plane for Zero Trust that lies above, rather than within, the network connectivity between users and data.
In 2023, IPv6 adoption was between 45-50%. In 2024, adoption will grow past 50%. And yet today, many network and security vendors don’t fully support IPv6. Even worse, the software-based connectors for end-user devices, app servers, and local networks that security vendors offer to customers to get traffic to their cloud enforcement points will be increasingly bypassed without explicit IPv6-only support. As more ISPs enable IPv6 access for subscribers due to ongoing challenges with IPv4 exhaustion and the increasing limitations of Network Address Translation, now is the time to start asking your vendors about when, where, and how they will support IPv6.
Organizations of all types are aggressively investing in and relying on AI models to carry out critical business functions. Moreover, organizations are pushing AI to maintain a competitive edge, with Wall Street upgrading the stocks of companies that mention AI and punishing those who are seemingly behind the technology curve. To stay ahead of the rapid effects of AI, organizations will appoint a Chief AI Officer to drive AI strategy and consolidate responsibilities. AI's increasingly essential influence on business operations, product development, and user experience necessitates dedicated leadership overseeing its use, ethics, and managing the associated risks.
Generative AI makes creating personalized text easy. Placed in the hands of attackers, this magnifies the capacity of attackers to mount widespread, personalized phishing attacks. 2024 is the year when AI becomes a standard part of the toolkit for attackers. We are already seeing this trend in action, with AI generated messages used in business email compromise (BEC) attacks, where executives and employees are targeted in an attempt to extract fraudulent payments. Voice deep fakes are also expected to increase as the tools to create them become more commonplace, and the amount of recorded material from any given person grows to train the models.
Phishing and social engineering attacks aren’t new. The real change here is the increase in volume and quality. Advanced email security capabilities like ML-driven message analysis and adaptive link isolation, alongside phishing-resistant hard keys used for multi-factor authentication (MFA), are becoming essential in the fight against phishing. AI-powered social engineering attacks will disproportionately hurt smaller organizations that have fewer processes, resources, and tooling in place.
Adhering to data privacy and information security laws and requirements has never been easy, and new regulations and increased scrutiny in 2024 will only increase that challenge. Major regulatory changes are underway across the globe, with new SEC cybersecurity rules coming into effect in the US in Dec 2023, implementation of the expanded Network and Information Systems Directive (NIS2) in the EU, and the development of a groundbreaking European framework to address AI in 2024. Compliance teams will need to optimize existing privacy and security technologies and processes to help with these growing regulatory compliance obligations while being strategic with their investment in niche tooling like compliance-specific AI software.
On the security certification side, organizations will need to optimize security controls to achieve compliance with increasingly popular (and often table stakes) security certifications, as well as updates to existing standards. We anticipate security standards will shift towards a more risk-based, rather than prescriptive, approach to meet requirements. We are already seeing this approach with several security certifications, including the Payment Card Industry Data Security Standard (PCI-DSS) update to PCI 4.0. Despite some progress on regional certification efforts such as the European Union Cybersecurity Certification Scheme on Cloud Services (EUCS), we anticipate that the government compliance space will nevertheless expand with an increase in country-specific certifications.
In 2024, IT and security teams will contend with new technologies, threats, regulations, and rising costs. AI, in particular, is too important for organizations to ignore. Those that aren’t able to radically transform quickly will find themselves lagging behind their competitors. But innovating quickly is easier said than done when 39% of IT and security decision-makers believe that their organizations have lost control over their digital environments.
How do you take back control, ensuring your organization has the agility and efficiency it needs to innovate while staying secure? A connectivity cloud – a unified platform that consolidates tools and connects all your domains so you can regain control, lower costs, and reduce the risks of securing an expanded network environment.
Cloudflare is the leading connectivity cloud company. It empowers organizations to make their employees, applications, and networks faster and more secure everywhere while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control it needs to work, develop, and accelerate its business.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Grant Bourzikas — @grantbourzikas
Chief Security Officer, Cloudflare
John Engates — @jengates
Technology Officer, Cloudflare
After reading this article you will be able to understand:
Why AI adoption will face steep challenges
Where organizations should consider investing in IT and security
How new threats and compliance mandates will affect your organization