Small business cybersecurity predictions for 2024 from Avast threat researchers

Luis Corrons 13 Dec 2023

Avast's 2024 guide for small businesses: stay ahead of evolving cyber threats and help secure your organization's digital world.

As we head into 2024, the digital world continues to evolve, bringing with it a host of sophisticated new cyber threats targeting small businesses. Our Avast threat researchers have been hard at work analyzing data from the previous year to predict what might be coming down the line for organizations in the upcoming year and how these organizations can stay better protected online.  

Future advancements in AI and related risks 
 
The coming year will be a pivotal moment in the evolution of artificial intelligence (AI), marking a period of significant transformation and emerging challenges. This era features rapid AI advancements, changing how these tools integrate into our lives. As AI becomes more embedded in our daily routines, its impact extends beyond mere technological innovation, influencing societal norms, privacy considerations and ethical boundaries.

AI will undergo multiple evolutions 

We suspect a significant evolution in AI, especially in Large Language Models (LLMs) in 2024. Historically, LLMs have been cloud-based, relying on extensive server resources to produce text resembling human writing. The upcoming year, however, will see a shift towards more compact LLMs that function directly on users’ devices. This change transcends a simple relocation; it signifies a profound transformation in the integration of AI into our everyday activities and workflows. 

Several key factors drive the move towards device-based LLMs. Firstly, privacy demands are rising and data stored on devices are more private than data stored in the cloud. Local data processing on devices also enhances security, reducing cloud storage risks. Secondly, this shift promises enhanced speed and efficiency. Local processing eliminates latency issues often encountered with cloud-based solutions, leading to a more seamless and responsive user experience. 

Additionally, 2024 will be significant for generative AI, particularly in multi-type conversions. The evolving LLMs are not just limited to text generation; they are branching into more dynamic forms of media conversion. 

The text-to-video feature, allowing synthesized video from text, is a notable advancement. This capability will open up new vistas for content creators, educators and marketers, offering a tool to rapidly produce visually engaging material that resonates with their audience. However, it will also be misused for the creation and spread of scams and disinformation, as it will be progressively harder to recognize a truly recorded video from an AI-generated one. 

The development of text-to-voice AI is equally transformative. This technology goes beyond traditional text-to-speech systems, offering more nuanced and human-like voice generation. It holds immense potential, from creating more interactive and personalized customer service experiences to aiding those with visual impairments or reading difficulties. 

Evolving AI technologies raise questions about ethics, regulation and balancing innovation with user welfare. For small businesses, the upcoming year promises to be a journey of discovery and adaptation, as these lightweight, multi-faceted generative AI solutions redefine our interaction with technology and information in profound ways.

New tools bring new security challenges as generative AI is broadly adopted 

The increasing popularity of generative AI in business will bring new risks and challenges. One significant concern is the phenomenon of "Bring Your Own AI" (BYOAI), where employees use personal AI tools in the workplace, which we predict will become exponentially more popular.

This practice poses a considerable risk of unintentional leakage of sensitive company secrets. Employees using personal AI for work may accidentally expose confidential data to third parties. On the flip side, corporate AI solutions will offer an increasing number of privacy-preserving features, which are frequently not available at the personal level.

Business Email Compromise (BEC) attacks will utilize AI to create more sophisticated Business Communication Compromise (BCC) attacks

In 2024, we will witness a significant evolution in Business Communication Compromise (BCC) attacks (formerly referred to as Business Email Compromise or BEC attacks), as cybercriminals increasingly adopt AI and deepfake technologies to execute more sophisticated and convincing scams.

Cybercriminals will create deepfakes mimicking executives or partners. This will challenge employees in distinguishing legitimate from fraudulent requests, particularly when quick decisions are needed.

These enhanced BEC/BCC attacks will lead to financial losses and erode trust within organizations. Companies could encounter reduced effectiveness in communication and internal mistrust, as employees grow increasingly wary and doubtful of digital interactions.

A two-factor authentication-like solution is expected in response to these threats. These changes will mandate the verification of requests through a separate, independent channel, like a person-to-person interaction or secured phone call.

The dark side of ChatGPT's fame: Malware on the rise

The increasing popularity of AI tools like ChatGPT has attracted the attention of cybercriminals. We expect increased attempts by attackers to exploit AI solution-seekers. This includes deceptive “GPT” apps or plugins used for data theft or malware distribution. Users might think these malicious tools are legitimate AI solutions, downloading them only to compromise their systems and data. 

We also anticipate attempts by malicious entities to "hack" LLMs with the aim of accessing valuable information, such as training data, model configurations, internal algorithms or other sensitive internal details. Furthermore, the threat actors might backdoor public LLMs, potentially stealing user inputs, IP and PII details.

Finally, we foresee the development of new malicious LLMs like "WormGPT." In contrast to commercial models—which include built-in safeguards—these malicious models are designed to support the generation of malicious content.

Digital blackmail will evolve and become more targeted

Digital blackmail is rapidly evolving and becoming more targeted. This change is not limited to ransomware attacks, it encompasses a variety of tactics aimed at high-value targets. Notably, sophisticated data exfiltration shows the shifting nature and severity of these threats. As we move forward, this trend signifies a move towards more intricate and damaging forms of digital extortion.

Ransomware will become more complex and damaging 

Cybercriminals mainly use encrypted or stolen data to demand ransoms or sell it, but we foresee a rise in more harmful data abuse tactics. This may involve data brokers exploiting information for identity theft, targeting both employees and customers, or to steal a company’s assets. This shift points to a more complex and harmful ransomware impact on businesses. 

Evolving attack methods: exploiting VPN and cloud infrastructure 

Expect evolving ransomware delivery methods, including more sophisticated VPN infrastructure exploitation. This tactic presents a formidable challenge for organizations relying on VPNs for remote work and secure communications.  

Recent security incidents are troubling for companies that believe being in a cloud resolves all security concerns. Many of them recently learned a hard lesson that attacks such as cloud authentication token theft are real and impactful. We should expect a significant increase in cloud infrastructure attacks, leading to more extortion.

Diversification of extortion methods beyond encryption 

In addition to the above threats, we predict a rise in extortion emails like sextortion and business threats. These emails, typically disseminated through botnets, use intense scare tactics but are often repetitive. In 2024, expect a surge in creative email extortion. This could include the generation of falsified images or the introduction of new subjects for extortion, further complicating the cybersecurity landscape.

Conclusion

The cybersecurity predictions for 2024 underscore a landscape in flux, dominated by the dual forces of AI's promise and peril. While AI tools can be leveraged for protection, their misuse by cybercriminals presents a significant challenge. 

As we look to the future, it’s clear that a proactive and educated stance on cybersecurity is not just advisable — it is imperative. Our strategies must evolve in tandem with the threats we face, ensuring that we help small businesses remain one step ahead in the ever-escalating cyber arms race. 
 
Gen is a global company dedicated to powering Digital Freedom through its trusted Cyber Safety brands, Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner. To learn more about Gen’s 2024 Predictions, visit our blog.  
 
If you’d like to learn about our cybersecurity solutions for SMBs, visit avast.com/business today. 

--> -->