NCC Group cyber security predictions and trends - 2024 and beyond

With the new year just around the corner, experts from across the cyber security sector are making their predictions for industry, clients, and wider society in 2024 and beyond.

After asking experts for their opinion, NCC Group shares thoughts on key areas of technology developments and advancements that are challenging the way in which we must approach cyber security and resilience.

From the ever-present AI conversation, preparing for Post Quantum Cryptography, the increasing threat to operational technology, what’s next for blockchain, election year challenges and the converging landscape of net zero and cyber security – NCC Group’s thoughts are as follows:

Commercialisation of AI – Chris Anley, Chief Scientist

We are likely to see a steady increase in the use of LLMs and AI assistants in business; by the end of 2024, using AI assistants to help draft documentation, summarise documents, or reformat data, will be as natural as using a spelling or grammar checker today.

The growing use of AI as a security control also presents a huge challenge – the efficacy of such solutions demands robust testing, evaluation and assurance, lest we become too trusting of automated decision making in security governance that we believe to be optimal but renders our systems more vulnerable.   

Operational technologies - Sean Arrowsmith, Head of Industrials

We will see a continued growth of malware specifically targeting IACS, SCADA, manufacturing, and robotics as businesses converge and internet-enable their environments/facilities. Attackers will see the ability to take a manufacturing production line offline as a lucrative source of potential ransom. This type of disruption is also an effective supply chain attack, where multiple manufacturers are very reliant on a specific supplier, this could be a means to cause significant chaos across an industry.

Cryptography - Javed Samuel, Practice Director

We are seeing more frequent and sophisticated attacks that result in deprecating less secure cryptography algorithms, further improvements to existing algorithms and the design and development of new cryptography algorithms. Therefore, the importance of cryptography agility is rapidly increasing.

Currently deployed solutions need to address this change, and near-future deployments should have plans in place to address issues. Thought should also be given to the post-quantum landscape. 

Blockchain – Chris Thomas, Executive Principal Security Consultant

Both governmental, community standards, and regulations are starting to emerge, addressing the need for security and standardisation. Examples of which being the EU’s Markets in Crypto-Assets (MiCA) Regulation, and Enterprise Ethereum Alliance (EEA) EthTrust Security Levels Specification.  This will result in an eventual maturing of the smart contract space, with less opportunity for exploitation.

To ensure a secure Web3 future, the Web3 experience and user education would need to mature, this will require the collaboration of both blockchain and security professionals to identify risks and educate on a massive scale.

Election year – Katharina Sommer, Global Head of Government Affairs

As the political campaign trails intensify, we could see a hostile cyber attack on election infrastructure or a successful deepfake on a prominent politician that could move polls or put people in jeopardy, with a hostile cyber attack or a widely disruptive political deepfake having the potential to reinvigorate the push for proper safeguarding against dis- and misinformation.

In the case of deepfakes and misinformation we need to question how we are educating and empowering the public to understand politics and spot disinformation. While we have seen the acceleration of online literacy, online safety has become the poor relation, we could pay the price for neglecting it.

Criminal gangs – continuing to evolve - Matt Hull, Global Head of Threat Intelligence

The pervasive threat from organised crime groups should still be at the forefront of minds in 2024. We have seen a gradual increase in the activities of Initial Access Brokers, the deployment of info-stealer malware, and of course extortion in the form of Ransomware. 

The big cyber security challenges for the next year and beyond relate to ever-evolving technology and threat landscapes, and the need for agility to keep pace in line with these evolutions against the backdrop of a volatile geopolitical landscape. Research has never been more important to help us in our endeavor to achieve security and resilience in these times.

For more information, download our “Cyber security predictions and trends - 2024 and beyond” e-book, or listen to our Talking Cyber podcast “2024 and beyond” with CTO Sian John.