PART 1: 5 Predictions Shaping Digital Security in 2024 - From the Market Side
Despite following the greatest wave of fraud losses in history between 2020 and 2022, 2023 was no picnic. Its ranks swollen with new recruits lured by easy money from the pandemic, the cybercrime ecosystem was ‘all-in’ on attacking organizations and consumers with threat vectors both new and old. From check fraud to scams, as well as a never-ending stream of ransomware attacks, they kept their wallets fat and the good guys off kilter throughout the year. Unfortunately, 2024 will no better as technology and the regulatory atmosphere are set to create an environment that is immensely conducive to cyberattacks, fraud, identity theft, and scams.
The following five predictions consider what has already come to pass while applying an honest assessment of what it means for our collective future. We’re not without options in protecting ourselves, our customers, and other key stakeholders, but it won’t be easy. Having a plan in place that takes a proactive approach will be critical for avoiding the pain every type of organization has experienced over the last several years.
It’s only going to get harder from here.
Trend #1: A Failure to Ban Ransomware Payments Precipitates a Social Engineering Explosion
Ransomware attacks are cost businesses billions of dollars every year as they often pay the ransom to avoid disruption and hope to recover their data. However, this only fuels the cybercrime industry and has never guaranteed the safe return or access to affected data. Some countries have proposed a ban on ransom payments, but legislators will be unable to muster the political will to do so in 2024 citing to legal and ethical issues. This will make businesses even more dependent on cyberinsurance, and ultimately more vulnerable to phishing and other attacks that target the weakest link in any organization’s security: their employees.
Trend #2: The Adoption of FedNow Will Normalize High-Loss Fraud and Scams
FedNow is a new instant payment service developed by the Federal Reserve to enhance the U.S. payment system. And much like P2P payments deployed over the last decade, there is a considerable likelihood that fraudsters and scammers will use the service to quickly and irreversibly transfer money from unsuspecting victims, who may not have enough time or means to stop or reverse the transactions. With FedNow’s higher limits and subsequent applicability to commercial payments, the potential for losses here will far exceeds what has been experienced thus far with consumer-oriented payment channels. And that is a scary thought, indeed.
Trend #3: Passkeys as Planned Won’t Necessarily Solve the Password Problem
After years of promising that the days of passwords were soon behind us, a new solution promoted by major technology companies across the industry is on the verge of being able to deliver. The technology is known as Passkeys, a passwordless login method that utilizes a digital key on the user’s device that is shared with service providers after local authentication via biometric, PIN, or pattern verification. An evolution of older FIDO standards, they aim to improve the security and convenience of online authentication. However, things could all fall apart, as account recovery and the storage for multi-device passkeys by Apple, Google, and Microsoft could result, most ironically, in passkeys being bypassed or otherwise protected by passwords!
Trend #4: A Possible White House Transition Will Trigger a Regulatory Surge
Who will win the White House in 2024 is anyone’s guess, but Federal agencies will try to finalize or change their rules and policies as a hedge before a possible transition in the Administration. Both the CFPB and the SEC have leaders appointed by the President, and fear of a potential change will lead to a shift in the regulatory agenda and direction of the federal agencies, as well as a surge of regulatory actions in the months leading up the election, a process known as “midnight regulation”. Regulations on the shortlist are likely to include those that raise the bar for regulated entities around issues of cybersecurity, privacy, and even liability for certain types of financial crimes.
Trend #5: Data Breaches Affecting Banks Increase the Risk of Bank Impersonation Scams
Often viewed by the public as impregnable, data breaches against financial institutions are on the rise. Naturally, the expectation is that these breaches are in furtherance of compromising the funds that are in each bank’s care. Yet, with bank brands being those most impersonated by scammers, the data from these breaches will prove a boon to criminals in multiple ways. Not only will they enable theft from within the network perimeter of the institutions themselves, but they will arm criminals with the information they need to impersonate banks and credit unions more effectively. When criminals know as much about accountholders as their financial institution does, how could they possibly be expected to avoid being victimized? They can’t.
Al Pascual is a recognized expert in identity theft, scams, and fraud, having previously served as the Head of Fraud & Security for Javelin Strategy & Research. He sold his most recent consumer cybersecurity venture to a subsidiary of TransUnion, and spends his time advising innovative startups and working on the next big thing.