Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Cyber Threats to Watch Out for in 2024

As cyber threats evolve in 2024, organizations must prepare for deepfakes, extortion, cloud targeting, supply chain compromises, and zero day exploits. Robust security capabilities, employee training, and incident response plans are key.

Google Cloud

November 27, 2023

2 Min Read
Thunderstorm inside clouds.
Source: FelixMittermeier via Pixabay

As technology continues to evolve and expand its reach into every facet of our lives, so do the threats posed by cyber criminals and nation-state actors. In our Google Cloud Cybersecurity Forecast 2024, we note several cybersecurity trends that organizations should prepare for in the coming year.

The rapid advancement of AI technologies will enable attackers to create more convincing fake audio, video, and images to conduct large-scale phishing and disinformation campaigns. These operations will likely involve impersonating executives in fraud schemes, spreading political misinformation, and sowing social discord. Defenders will need to stay sharp to identify manipulated media and mitigate the risks.

The forecast also warns that ransomware and extortion operations will continue to plague enterprises worldwide. Despite a stagnation in ransomware growth in 2022, numbers are quickly climbing in 2023. The profitability of these attacks means threat actors have strong incentives to continue compromising networks and stealing sensitive data. Organizations should ensure they have offline backups, incident response plans, and employee cybersecurity training to limit the business disruption caused by ransomware.

Threat actors will increasingly target cloud environments to establish persistence and move laterally between hybrid or multicloud segments of victim environments. Misconfigurations and identity flaws will be exploited to jump across cloud boundaries and escalate access. Companies need to properly secure cloud resources, manage identities, and monitor for suspicious internal activity.

Supply chain compromises affecting software and dependencies are also expected to persist. Developers are increasingly targets for threat actors seeking to initiate compromises via widely used open source packages. Rigorous vetting of third-party code and monitoring of package registries can help reduce this risk.

We have observed an increase in zero-day vulnerability exploitation since 2012, and 2023 is on track to beat the current record, set in 2021. We expect to see more zero-day use in 2024 by both nation-state attackers as well as cyber criminal groups. Organizations can implement zero-trust policies to limit the potential impact of a zero day prior to patch release. Once available, companies should prioritize implementing recommended mitigations and patches for actively exploited vulnerabilities.

Paying attention to trends in threat activity from industry experts can help security teams anticipate risks, prioritize internal plans for IT infrastructure and policy changes based on a holistic understanding of their organization’s unique threat profile, and proactively strengthen defenses before disaster strikes. With proper preparation, companies can effectively manage cyber risks even as the threat environment grows more complex.

About the Author(s)

Google Cloud

About Google Cloud: Google Cloud accelerates every organization's ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google's cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights