It's that time of the year again, so while we wait for the final tick of the clock, let's look back over the past 365 days in the world of cybersecurity and predict what's coming next.
Throughout 2023 we saw the use of VPN services remain high as internet restrictions increased across the world, new privacy threats loomed, and governments enforced VPN censorship. The same goes for local and national-scale internet shutdowns, with Iran being the biggest perpetrator in the past 12 months.
It's not possible to talk about this year's cybersecurity landscape without mentioning AI. The boom of ChatGPT and similar tools have presented new challenges for online privacy, scams, and disinformation, but they certainly opened up new possibilities within the security software industry as well. At the same time, the race to bring encryption protections up to the post-quantum world has never been so fierce.
So, with these past events in mind, let's dive into our top 7 cybersecurity predictions to look out for in 2024.
1. VPNs become even more relevant for consumers
As mentioned, in 2023, everyday people have increasingly turned to VPNs to access censored sites and apps, enjoy better online privacy, or simply boost their overall internet performance.
Short for virtual private network, a VPN is a security software that encrypts internet connections and spoofs IP addresses. As a result, VPNs are an incredibly versatile tool—and they've never been more commercially accessible.
Experts expect this trend to consolidate during 2024, as censorship and privacy threats are on the rise. On this topic, Head of Product at Private Internet Access (PIA) Himmat Bains told me: "With the increasing of online scams and governments becoming more and more interested in people's data and what they do online, I think now than ever before VPNs are incredibly useful for customers to protect their most important access: their own digital privacy."
2. Bad actors keep using generative AI tools
We already mentioned how generative AI shook the security industry this year, presenting it with a series of new threats to internet privacy and security.
Hackers have been using ChatGPT to write more effective malware, for example. Data-scraping practices behind these Large Language Models (LLMs) have also been worrying privacy experts. Online disinformation, deepfakes, and online scams are becoming more sophisticated, too, all thanks to AI tools.
Again, experts foresee this worsening throughout 2024—especially considering that we still don't have proper AI regulations in place.
Andrew Whaley, the Senior Technical Director at Norwegian security firm Promon, said: "The emergence of advanced AI-assisted attacks, including deep fakes for social engineering and bypassing ID controls, can be anticipated. This raises the threat of AI being exploited for disinformation campaigns, with potentially major consequences for the upcoming US election."
3. A step closer to a passwordless world
As the name might suggest, passwordless authentication refers to the act of signing into a service without using a password. Instead, sign-in can be done with certificates, security tokens, one-time passwords (OTPs), or biometrics.
With data breaches on the rise, the industry has increasingly been moving in this more secure direction over the past few years, including the big tech giant Microsoft. Experts now expect a consolidation of the passwordless market in 2024.
Bassam Al-Khalidi, co-founder and co-CEO of passwordless solutions firm Axiad, said: "Next year, we’ll start to see mergers between passwordless and credential management companies, which will create a new category in the authentication space: think passwordless plus. This movement will be similar to the consolidation we saw a few years back between identity management and access management companies, which resulted in the identity and access management (IAM) industry."
4. Security providers to harvest the power of AI
If, on the one hand, AI brought huge issues to people's privacy and security online, these powerful tools also have huge potential for doing good. That's why cybersecurity experts and software engineers will undoubtedly begin to harness their power more and more in 2024.
In August, NordVPN launched a new initiative aiming to do exactly this. NordLabs wants to provide a platform for engineers and developers to test new ideas and approaches to ever-changing online security and privacy issues. A month later, the team launched Sonar, an AI-enabled tool to fight back against increasingly sophisticated phishing attacks.
"New emerging technologies raise challenges for cybersecurity, privacy, and internet freedom, but at the same time, they bring new opportunities. NordLabs will allow us to have additional flexibility when it comes to the development of experimental tools and services," said Vykintas Maknickas, the head of product strategy at Nord Security.
We are sure the new year will bring even more of these innovative AI-powered solutions.
NordLabs by NordVPN is here! NordLabs is a place where cutting-edge cybersecurity tools are born. It will let you try and experience new online security tools, evaluate them, and contribute to overall safety online. Sign up today: https://t.co/hwAScsenEv pic.twitter.com/vGHBylXpzOAugust 28, 2023
5. The internet becomes more and more regulated
The year of policymakers has been characterized by worldwide governments trying to regulate new technologies and the internet at large.
The long-awaited Online Safety Bill became law, despite heated debates. Similar proposed legislation, introducing stricter age verification rules and more power to check on people's communications in an attempt to protect children online, is also on the table elsewhere. So, we expect that we'll see new policies in 2024.
The race for a comprehensive AI Act has been fierce, too. The UK AI Summit ended with a world-first signed agreement among the UK, the US, China, and 25 more countries to develop safe and responsible AI software. The EU also managed to agree on the backbone of the future law, which is likely to become the go-to model for the West.
When it comes to data protection and privacy laws, the US took positive steps in Colorado and Virginia, finally enforcing privacy laws, but the ADPPA is still stalled at the time of writing. What's certain is that organizations will need to adapt their internal practice to keep up with an ever-changing environment.
6. Internet shutdowns likely to rise
Once again, internet shutdowns surged across the world in 2023. VPN provider Surfshark counted 42 instances affecting over 4 billion people in the first half of the year.
At the time, researchers pointed out how there was a 31% reduction in new internet restrictions compared to the same period in 2022. However, the decrease in new restrictions (from 42 in the first half of 2023 to 61 in the same period the year before) primarily resulted from the drop in cases across Jammu and Kashmir (from 35 to only 2). Excluding this region, global restrictions suddenly increased by 54% compared to 2022, suggesting that digital freedoms across the world "may have worsened."
While it's not possible to say for sure, the data collected from 2015 onwards indicate that a spike in internet and social media shutdowns is, sadly, a very likely scenario we'll need to cope with next year.
7. Spread of quantum-resistant cryptography
Despite being a few years away from becoming commonplace, the threat of quantum computing to current encryption models is looming. That's because hackers in 2023 began to perform attacks deemed as "harvest now, decrypt later."
It's in this context that providers have been racing to implement quantum-resistant cryptography in their services. The list so far includes the encrypted messaging app Signal, secure email provider Tuta (previously Tutanota), and some VPN services, including ExpressVPN and PureVPN.
Again, we expect this trend to consolidate throughout 2024.
