December 23, 2024 By Jennifer Gregory 4 min read

The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.

Here are five trends that were often predicted for 2024.

1. The use of artificial intelligence in cybersecurity will increase

As the year began, there was no doubt that artificial intelligence (AI) would be a main character in the year’s events — and that was right on the money. Many organizations began to use or continue using AI in their cybersecurity operations in a wide range of ways. For example, Microsoft’s internal response teams use a large language model to manage requests and tickets based on how they were handled previously, saving 20 hours per person each week.

As the world turned its attention over the summer to the Paris Olympics, the team responsible for keeping the Paris Olympics data, apps, systems and even physical buildings protected turned to AI. While 140 cyberattacks were linked to the Olympics, the teams’ efforts resulted in no disruption of the competitions.

Throughout the entire life cycle of the games, from before the opening ceremony to after the torch left Paris, cybersecurity teams used AI to secure critical information systems, protect sensitive data and raise awareness within the games’ ecosystem. Additionally, algorithmic video surveillance based in AI scanned video to detect abandoned bags, the presence of weapons, unusual crowd movements and fires.

2. Organizations will see more AI-based threats and attacks

Unfortunately, experts were right about cyber criminals also turning to AI technology to more effectively conduct attacks. Threat actors are using AI in a wide range of ways for data breaches and cyberattacks, including improved reconnaissance, better target profiling and lowering expertise required for conducting an attack. Because AI can automate many processes required for an attack, such as vulnerability scanning, exploitation and data exfiltration processes, more cyber criminals now have the skills for even more damaging attacks.

“Since the release of gen AI, attackers are increasingly employing tools along with large language models to carry out large-scale social engineering attacks, and Gartner predicts that by 2027, 17% of total cyberattacks/data leaks will involve generative AI,” wrote Gartner in an August 2024 press release.

IBM distinguished engineer Jeff Crume has no doubt that the trend of cyber criminals using AI for attacks will continue in 2025. He says that cyber professionals do a better job of authentication because attackers are finding it easier to log in than to hack in. While looking for bad grammar and spelling errors now works to spot phishing attacks, he expects that this will no longer work as AI-based phishing attacks hit mass distribution.

Explore cybersecurity services

3. An increase in deepfakes and deceptions

While experts correctly predicted that deepfakes would become more of a threat in 2024, it’s likely no one expected the scale of arguably the most shocking deepfake story of the year. At the beginning of 2024, attackers created a deepfake video call that led to an employee giving the cyber criminals $25 million, which showed the power and damage that deepfakes can cause. But the World Economic Forum expects that the trend will only increase, even declaring that over the next two years, AI-fueled disinformation will be the number one threat in the world.

Throughout the year, other deepfake incidents made headlines. Quantum AI, an AI company, was suspected by the Securities and Exchange Commission of using AI to generate deepfakes on social media to deceive the public that Elon Musk developed the company’s technology. Even the well-received Paris Olympics were not immune to deepfakes, with Russian Group Storm-1679 suspected of creating AI content to discredit the International Olympic Committee. As the year closed out, German citizens saw an increase in AI-based propaganda regarding the upcoming German elections in 2025, including text, images and video.

4. A growing impact of quantum computing on cybersecurity

Ray Harishankar, IBM Fellow, IBM Quantum Safe, predicted that in 2024, “harvest now, decrypt later” attacks would become more common. As the year moved forward, quantum computing became an increasingly top concern, especially the harvest-now attacks. In July, the Office of Management and Budget released the Report on Post-Quantum Cryptography, which urged organizations to prepare their systems and processes for advancements in quantum computing.

During the fall of 2024, the predictions of the quantum’s impact became even more urgent, as symmetric cryptography would be unsafe by 2029, with even asymmetric cryptography fully breakable by quantum technology by 2034.

“That does not mean, however, that the risks are five years away. The prospect of harvest-now, decrypt-later attacks is already a concern, making the post-quantum cryptography transition an urgent priority,” wrote Gartner.

 5. Recession of ransomware attacks

John Dwyer, former Head of Research at IBM X-Force, predicted we might face a ransomware recession as more companies pledged not to pay the ransom. While we wish we could declare this came true, the jury is still out, and likely, we won’t know for sure until all the data is collected from 2024.

However, Wired declared in the summer of 2024 that “ransomware showed no signs of slowing down in 2024 — despite increasing police crackdowns.” In December, Heather Wishart-Smith wrote in her Forbes article The Persistent Ransomware Threat: 2024 Trends and High-Profile Attacks about the increasing dual extortion technique of cyber criminals as an increasing trend in 2024.

All in all, the experts were largely on target with their 2024 predictions. And in the next few weeks, we will start the prediction game all over again as we wonder what’s in the cards for cybersecurity in 2025.

More from Risk Management

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

How cyberattacks on grocery stores could threaten food security

4 min read - Grocery store shoppers at many chains recently ran into an unwelcome surprise: empty shelves and delayed prescriptions. In early November, Ahold Delhaize USA was the victim of a cyberattack that significantly disrupted operations at more than 2,000 stores, including Hannaford, Food Lion and Stop and Shop. Specific details of the nature of the attack have not yet been publicly released.Because the attack affected many digital systems, some stores were not able to accept credit/debit cards, while others had to shut…

Taking the fight to the enemy: Cyber persistence strategy gains momentum

4 min read - The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.The momentum behind this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today