As we do every year, we would like to make a forecast for the coming year 2024 at the end of 2023. Below are the topics that we believe will manifest themselves or even develop further. Regardless of this: Stay healthy!

Ransomware won’t go away

The business model of ransomware attacks has become consistently established in recent years. There are no signs that this risk will decrease in any way. On the contrary, the peak has probably not yet been reached for the next few years. Too many organizations have criminally neglected the issue of cybersecurity in recent years. The ransomware gangs are on the lookout for these in order to make money quickly and easily. It is therefore high time to take the danger seriously and get up to date. New vulnerabilities, especially on exposed systems, must be constantly monitored in order to counteract future compromises.

Triple-extortion against employees and customers

Blackmailing compromised organizations is worthwhile in many cases. But sometimes the victims are unwilling to pay. In this case, double-extortion comes into play, in which the threat is made to publish the data. Sooner or later, however, triple extortion also becomes interesting. In this case, the people concerned, usually staff or customers, are blackmailed with the stolen data. This approach is particularly perfidious, as they are not responsible for the organization’s inadequate security. Payroll data and patient data in particular lend themselves to such blackmail attempts.

Artificial intelligence is changing professions

Probably no other development in artificial intelligence has been so widely recognized in society as ChatGPT. The language understanding is fascinating. It can help with the generation and revision of texts or even automate them completely. The high quality will have a direct impact on certain professions. Many copywriters at media companies will be automated away by such solutions. Shorter texts in particular, which are primarily based on reports from news services, lend themselves to this transformation. It is unclear what will happen to the journalists who have become obsolete, for example whether they will be allowed to invest more time in time-consuming research.

Artificial intelligence is getting dumber

Higher, faster, further. This is also the motto of artificial intelligence. However, more training can also lead to solutions being trained to destruction. The processing and data quality then decreases. This is mainly due to the fact that AI is trained over time on the basis of data that has also been generated by an AI. This feedback loop will lead to the amplification of negative effects, which can probably only be prevented by human intervention in an initial phase.

Artificial intelligence is regulated

In the USA, copyright infringements involving artificial intelligence trained using publicly accessible data are a major talking point. The rights holders want to prevent access or share in the profits. In Europe, the focus is on privacy concerns. The collection, analysis and use of personal data should be restricted. These discussions are important and right. At the same time, they give the Chinese efforts a head start, which can then be expanded unhindered.

Impoverishing social media

People are tired of traditional social media. Facebook is desperately fighting against a user decline. And with Elon Musk’s takeover of Twitter, X’s future prospects have not necessarily improved significantly either. The brazen algorithms and annoying advertisements are making the platforms increasingly unattractive. The absence of an audience inevitably leads to a loss of advertising revenue. The arrogant and condescending behavior of the super-rich owners of these platforms is not necessarily conducive in this respect either.

Military necessity of cyber

With the ongoing tense political situation in Eastern Europe and the escalation in the Middle East, the topic of cyber in the military environment is perceived as important in society at large. Politically and militarily motivated attacks can severely damage a society, even below the threshold of war. The economy and critical infrastructure must strive to be sustainably robust in the face of impending threats.

Cyber threat intelligence as a new tool

Cyber threat intelligence is increasingly seen as a helpful tool for detecting and responding to impending threats at an early stage. The classic analysis of malware and IP access is being expanded by behavior-based approaches. In the coming years, CTI will establish itself as an additional central tool for many organizations that have reached a high level of cybersecurity. Especially in the age of systematic ransomware attacks, which can cause significant damage, this will significantly strengthen the defense.

About the Author

Marc Ruef has been working in information security since the late 1990s. He is well-known for his many publications and books. The last one called The Art of Penetration Testing is discussing security testing in detail. He is a lecturer at several faculties, like ETH, HWZ, HSLU and IKF. (ORCID 0000-0002-1328-6357)