Skip to main content

2024 Cyber Retrospective – Generative AI and Digital Identity Take Center Stage

Dec

13

2024

Time to read

Read so far

Written by: 

Jenn Markey

Time to read

Written by: 

AI image of a woman

At the outset of every year, we look into our crystal ball to make our best cyber predictions for the coming 12 months. But before leaping into our anticipated trends and predictions for 2025, let's take a look back at what actually happened in 2024 and see how it compares to our predictions from last year.

What We Got Right

2024 was the year generative AI went mainstream.

Generative AI, or GenAI, uses machine learning to create new credible content – including imagery, video, audio, and text. The rapid development and adoption of GenAI have bad actors using these tools to create more sophisticated attacks at scale, including hyper-realistic deepfakes and very convincing phishing campaigns, as this previous blog post points out. At the same time, organizations are harnessing the power of GenAI and machine learning to ward off these increasingly sophisticated attacks.

Digital identity took center stage.

As posited at the outset of 2024, the fusion of our physical and digital lives is requiring a fundamental shift in how we approach identity, especially digital identity. Bad actors have also taken note, with 2024 being the year that identity fraud went digital-first using GenAI to create highly credible digital forgeries that now account for 57% of all document fraud, a 244% increase over 2023, as reported in our 2025 Identity Fraud Report. To combat this new reality, organizations are increasing their use of AI-powered biometric identity verification at the point of onboarding and across the customer lifecycle.

Decentralized identity became a reality, at least in Europe.

Decentralized identity has long been proffered as the best way to deliver seamless, secure access to digital services while also improving privacy, reducing fraud, and giving people back control of their own identity and personally identifiable information (PII). The stakes are even higher with GenAI being used to harvest people’s PII across multiple data breaches to create convincing synthetic identities at scale.

Decentralized identity helps mitigate the GenAI-fueled risk of synthetic identity fraud by giving consumers the ability to provide only the necessary identity information to complete a specific transaction, like proof of age to purchase alcohol or verification of residence to qualify for benefits. While there’s still a lot more work to be done, including interoperability across competing schemes, the EU Digital Identity Framework entered into force in May 2024, giving member states until 2026 to offer their citizens an EU Digital Identity Wallet built to common specifications.

The regulatory landscape became increasingly complex and fragmented.

Several new and updated cybersecurity regulations already have or will come into effect in 2024, impacting organizations across the U.S., UK, and EU. These include the new SEC cybersecurity incident disclosure rules, the newly updated PCI DSS 4.0, and the EU’s Cyber Resilience Act. However, the most complex, confusing, and quickly evolving regulatory landscape is around AI – including GenAI, which can be prone to bias along with the creation of misinformation and disinformation depending on the data upon which the models are trained.

On August 1, 2024, the landmark EU AI Act entered into force while the rest of world continues to vacillate between a pro-innovation and pro-regulation approach. In the U.S., some progress was made at the state level; however, California’s much-touted and controversial AI bill was ultimately vetoed by the governor.

The post-quantum era arrives.

“Harvest Now, Decrypt Later” attacks that target long-life data like financial records and government intelligence pre-date 2024. But the arrival of the first three post-quantum cryptography (PQC) standards from NIST this August – along with 14 new digital signing algorithms approved for PQC standardization by NIST in October – signal the PQ era is here.

Also in October, Chinese researchers published a method to use D-Wave quantum computers to crack RSA encryption. All of this has shifted the CISO conversation from “when is it coming?” to more actionable questions like “what do I need to do?” and “how?” Of paramount importance is the protection of national security intelligence, along with guarding the PII of consumers, employees, and citizens – all of which will no longer be secured by conventional encryption.

What Else Happened in 2024?

And now, with the benefit of 20/20 hindsight, here are some other trends that took flight in 2024.

Emergence of cybercrime-as-a-service.

From fraud to ransomware to phishing and beyond, cybercriminals are embracing as-a-service models combined with GenAI to up their own game, and that of others, with easy access to known vulnerabilities and threat tactics. Plus, with fraud-as-a-service (FaaS), ransomware-as-a-service (RaaS), and phishing-as-a-service (PhaaS), savvier bad actors are profiting from what they know by enabling more amateurs. All of this is increasing both the overall number of attacks and the volume of sophisticated attacks.

Know your supply chain partners.

In our increasingly interconnected world, it seems obvious to vet and prioritize supply chain partners based on reliability and security. However, 2024 drove home some hard lessons for many organizations, including AT&T, where a third-party breach resulted in the theft of information from more than 8.9 million of its. Mobility customers. Then, there’s the CrowdStrike outage that disrupted airports, financial services, and more around the globe this summer after a faulty software update. Once again, GenAI presents both an added threat to – and an opportunity to improve – the security of the supply chain.

Also, two new pieces of EU regulation – the Digital Operational Resilience Act (DORA) and the Cyber Resilience Act (CRA) – present added challenges for supply chain partners and compliance.

Rise of nation-state attacks and cyberwarfare.

From regional skirmishes to all-out war, 2024 was again characterized by escalating geopolitical tensions. According to CISA, Iran, North Korea, Russia, and China reportedly all have state-sponsored agencies with the directive of launching cyberattacks against the West. Indeed, the very nature of warfare has changed from ground and air offenses to cyberattacks that target critical infrastructure, industry, and governments – along with election interference. On the latter note, GenAI is proving to be both a particularly effective weapon in the creation of highly credible election deepfakes and a key tool in the fight to protect election integrity.

Looking Ahead

As 2024 draws to a close, there continues to be a lot going on in the world of cybersecurity, particularly around GenAI and digital identity. Stay safe with a Zero Trust strategy that employs identity-centric security – and stay tuned for our 2025 predictions.

jenn-markey-headshot
Jenn Markey
Advisor, Entrust Cybersecurity Institute
Jenn Markey is a content advisor and thought leader with the Entrust Cybersecurity Institute. Her previous roles with Entrust include VP Product Marketing for the Payments and Identity portfolio and Director Product Marketing for the company’s Identity and Access Management (IAM) business. Jenn brings 25+ years of high tech product management, business development, and marketing experience to the Entrust Cybersecurity Institute with significant expertise in content development and curation.
View all of Jenn's Posts
Facebook