Securing Tomorrow: A Look at Cybersecurity Trends for 2024

Yes, cybercrime has grown in the last year. But I do have some good news for you: in turn, cybersecurity spending is increasing as well.

In fact, mean cybersecurity spending has increased 60% in the past year to an incredible $5.3 million, and it has increased by 250% since 2019.

In the coming years, we can expect further growth in spending which will result in better overall cybersecurity — and something I’m personally very happy about — increased mobile security, as the users’ preferred platform nowadays.

Picture this: your mobile device, not just a gadget, but a personal fortress against evolving threats. It’s very probable, especially with these trends as catalysts.

Trend #1: Widespread Adoption of Passwordless Authentication

We’re finally looking at the widespread adoption of passwordless authentication.

Did you know that 80% of breaches involve brute force attacks or the use of lost or stolen credentials, both of which targeted at passwords? And the thing is: the customers have started to realize this themselves.

58% of consumers believe that companies should deprecate passwords altogether and use more secure technology such as mobile-based authentication.

Of course, it’s not only cybersecurity they’re concerned with. It’s also the user experience.

Today, the average person has to track 100 passwords, marking a significant increase from just a few years ago and showing no signs of slowing down.

When the authentication user experience is so cumbersome, users find ways to make it easier — usually resulting in very bad cyber hygiene.

Passwordless solutions flip the switch. They’re phishing-resistant and generally more secure, and frictionless. These aspects have given and will continue to give rise to solutions such as biometrics or our very own IPification in the coming years.

Trend #2: Shifting Priority to Mobile Security and Mobile Authentication

For a long time, mobile security and mobile authentication have taken a back seat to computer-based authentication. In the time when computers were the dominant platform, it made perfect sense.

However, for some time, this hasn’t been the case. And it seems that the time when mobile security and authentication take priority is upon us.

In case you’re doubtful, let me share some stats with you:

85% of consumers say they rely on their mobile phones to access their accounts, while 76% of consumers believe smartphones are secure and are likely to use them for personal cash transfers.

Moreover, 59% of respondents said that authentication through their phone is a more convenient option than passwords, thus also meeting the users’ expectations and delivering a frictionless user experience.

Trend #3: Phishing-Resistant and Frictionless MFA Implementation

2024 will be yet another year of increased multi-factor authentication uptake. By 2023, 46% of SMBs implemented MFA for their business, a number that keeps rising year after year.

But not every multi-factor authentication system is the same. Some are better, and some worse.

Those that would fall under the worse category include SMS OTP-based multi-factor authentication, as well as any other solution that could result in a phishing attack.

This is because phishing is the single most common form of cybercrime. A huge 94% of organizations were victims of phishing attacks at some point. But a phishing-resistant solution such as IPification mitigates these risks altogether.

Now, implementing a multi-factor authentication system made up of multiple phishing-resistant solutions is a dream, and it’s something we expect to see more companies strive towards in the coming years.

Trend #4: Increased SIM Swapping Defences

SIM swapping, also called SIM card swapping or SIM hijacking, is a cyberattack where a hacker gains control of someone’s phone number by tricking or convincing the mobile network operator to move the number to a new SIM card.

The hacker then gains access to your 2FA codes. Before you realize it, your accounts are gone.

You have probably already at least heard about SIM Swapping because it’s been on a constant rise in the last few years. But that also means that SIM-swapping prevention solutions are being increasingly implemented.

This is great news when you take into account its 80% success rate and the warning the FBI has released about a surge in SIM swapping schemes that inflicted $68 million in losses in 2022 which constitutes a significant increase from $12 million in 2020.

IPification SIM Swap Detection is one of the best solutions to fight this problem out there. When it detects a new SIM card, app developers can choose to interrupt any authorization request, preventing any damage from being done. After the user confirms they’re using the new SIM card, they can continue with their authorization request.

I’m happy to say that we’re offering SIM Swap Detection as a standalone solution that mobile network operators can implement through IPification authentication (so the user authenticates via their Mobile ID key) or through the operators’ SIM Swap API, a server-to-server API.

Trend #5: Moving Away from SMS OTPs Due to Significant Threats

In recent years, there has been a growing sentiment online that SMS OTP authentication and verification may be bringing more problems than benefits, and the more time goes on, the more sense this statement makes.

Since its inception, the SMS technology has carried with it the SS7 design flaw that allows cybercriminals to intercept or reroute SMS messages that contain one-time passwords. Moreover, SMS OTPs also get targeted by SIM swappers — and we’ve seen the success rate here.

The latest in the string of SMS OTP vulnerabilities is AIT fraud, something even Twitter had fallen victim to.

AIT fraud refers to when cybercriminals create a large volume of fake traffic across apps or websites through bots or malicious software, and ultimately incur huge costs for the companies relying on SMS one-time passwords.

Shortly after taking over Twitter, Musk revealed that Twitter was losing $60 million per year to AIT fraud, and this is without counting North America, one of its biggest markets. AIT fraud can reach incredible scales without companies even realizing what’s happening.

With all that in mind, I expect to see more companies move away from SMS OTP in the coming years, and move to better, modern authentication methods. We’ve already seen Malaysia ban banks from using this solution last year — great news for both the users and companies!

Practical Tips for a Secure 2024

While we’re looking forward to these trends taking over (hey, increased cybersecurity!), I’ll share some quick actionable tips for a secure 2024.

A solid password hygiene
Whether for your personal accounts or for your employees, mandate the use of strong and complex passwords. And whatever you do, don’t reuse passwords across accounts!

Now, I completely understand that it may be difficult to do this so consider using a password manager. With one, you can quickly create complex passwords and it will remember them for you. The master password you’ll use to access the manager, though, is still up to you.

Switch on multi-factor authentication
Wherever available, you should switch on multi-factor authentication to add additional layers of security to your accounts.

While it’s better to at least use authenticator apps, even SMS OTP 2FA is better than having your accounts protected by passwords only. Of course, the ideal scenario would be to use solutions such as IPification or biometrics that protect without interrupting your experience.

Consider new cybersecurity investments
It pays off, especially in today’s day and age. Talk to your tech people, analyze your current tech infrastructure, and identify where you can improve your business’ cybersecurity strategy. Not every solution will work for every business.

Pro tip: our in-house team of cybersecurity professionals offers free consultations where we work together to find out whether IPification can fit into your system or if another solution would be better suited. It’s all about finding the right balance between security and user experience, specific to your app. Just contact us to schedule your session!

More on our blog