THREAT

HORIZON
2024
The disintegration of trust

To remain agile and competitive, organisations will turn to trust as a

substitute for control. However, trusting that business processes just
work, that technology strategies are sound, and that partners, suppliers,
and employees will deliver on their promises will not be enough in a world
where control has become increasingly complex to achieve and maintain.

By 2024 this trust will have disintegrated, exposing organisations to an

expanding array of threats.

Regulators and legislators will struggle to keep up with innovation, tripping

up organisations who are trying to stay on the leading edge. Cybercrime
actors will perpetually mutate to maintain their revenue streams and
avoid detection. Technology choices for short term gain will inflict longer
term pain as those choices, made at speed, bite back. The sheer scale
of data capital generated will shift from value opportunity to business
nemesis as its integrity becomes impossible to assure, turning data into a
dangerous weapon.

Organisations will be forced to make a choice: attempt to rebuild those

models of trust or find a workable replacement that safely balances risk
with reward?

Produced annually in collaboration with our diverse community of ISF Member

organisations from across the globe, Threat Horizon 2024 presents nine potential
threats driven by global events and major developments that organisations in all
sectors and geographies can expect to disrupt their operations and plans over the
next two to three years. The report and its accompanying Threat Radar provide ISF
Members with a methodology to stimulate debate, analyse the business impact of
future threats, and formulate a forward-looking cyber resilience strategy.
 Technology choices
diminish control
Well-intentioned regulations Dirty data
have unintended consequences disrupts business

2024 Machines seize

control

T H R E A T

2023
Identity is

HORIZON weaponised

2022 – 2024

Security fails in a
brave new world
2022

A crisis of trust Invasive technology

undermines disrupts the everyday
digital business
Neglected
infrastructure
cripples operations

Threat Horizon 2022 Threat Horizon 2023 Threat Horizon 2024

Digital and physical worlds collide Security at a tipping point The disintegration of trust

1.1 Augmented attacks 1.1 Artificial intelligence industrialises 1.1 Ransomware evolves into
distort reality high-impact attacks triple extortion
1.2 Behavioural analytics trigger 1.2 Automated defences 1.2 Regulators inhibit data-driven
a consumer backlash backfire innovation
1.3 Robo-helpers help 1.3 Layered security causes 1.3 Attackers undermine central
themselves to data complacency and confusion cryptocurrencies
2.1 Edge computing pushes 2.1 Digital doppelgängers 2.1 The cloud risk
security to the brink undermine identity bubble bursts
2.2 Extreme weather wreaks havoc 2.2 Biological data drives a 2.2 Activists pivot to
on infrastructure rash of breaches cyber space
2.3 The Internet of Forgotten 2.3 Gamed algorithms cause 2.3 Misplaced confidence disguises
Things bites back commercial confusion low-code risks
3.1 Deepfakes tell 3.1 Smart grids succumb to an 3.1 Attackers poison the
true lies attack surge data well
3.2 The digital generation become the 3.2 Isolationism creates a 3.2 Misleading signals subvert
scammer’s dream security disconnect cyber fusion centres
3.3 Activists expose 3.3 Security struggles to adjust to 3.3 Digital twins double the
digital ethics abuse the never normal attack surface
The themes and threats included in Threat Horizon 2024 are summarised below, along with recommendations
arising from the full report.

Theme 1: Well-intentioned regulations

have unintended consequences Recommendations

1.1 Ransomware evolves into triple extortion Maintain the board’s understanding of the
ongoing threat; support the development and
Political, diplomatic, and legal actions against ransomware actors
maintenance of response plans alongside required
and the underground financial systems that support them will force
improvements in cyber hygiene.
the crime to evolve, causing impacts beyond the victim organisation.

1.2 Regulators inhibit data-driven innovation Identify algorithms in use; assure the integrity
of all inputs; build policy and assurance
Organisations planning to leverage AI-based algorithms will
processes to govern development, usage,
be disrupted by regulatory changes and new requirements to
and fairness.
demonstrate that those algorithms are operating fairly.

1.3 Attackers undermine central cryptocurrencies
Cyber thieves will seek to exploit and cash in on new central bank
crypto schemes and the developing regulatory landscape for all
cryptocurrencies, disrupting their mainstream acceptance.
Obtain subject matter expertise to audit
existing systems for cryptocurrency readiness;
ensure crypto payment platforms are
hardened and that regulatory requirements
are met.

Theme 2: Technology choices

diminish control Recommendations

2.1 The cloud risk bubble bursts Control the growth of cloud adoption; be
clear on architectural strategy; address single
The short term benefits of cloud adoption at scale will have
points of failure through solutions such as
a hidden and rising cost as organisations realise that their
redundancy and parallel processing.
flexibility and freedom of choice has been lost.

2.2 Activists pivot to cyber space Leverage threat intelligence, purple teaming
and resiliency testing to prepare for and detect
Aided in part by the increase of internet-connected operational
potential attacks, particularly focusing on
technologies, highly motivated activists will target digital assets
remote installations.
to further their causes.

2.3 Misplaced confidence disguises low-code risks Clarify existing use of no-code, low-code tools;
specify where, when and how they should
Structured approaches to application development are
be used or not; maintain ongoing vendor
undermined by the uncontrolled adoption and use of low-code
assurances on their security.
tools by non-developers.

Theme 3: Dirty data disrupts business Recommendations

3.1 Attackers poison the data well Examine all data sources to establish current
levels of quality assurance; implement tooling
Threat actors will exploit the sheer magnitude of the data
and methods to maintain those levels to an
economy, compromising its integrity to discredit, misguide or
acceptable standard.
alter business outcomes.

3.2 Misleading signals subvert cyber fusion centres Assure the quality of intelligence and signal
inputs; establish methods for responding to
Attackers will use misinformation and misdirection to cause
any degradation to maintain the fusion centre’s
automated and highly influential cyber fusion centres to
operational integrity.
disrupt the businesses they serve to protect.

3.3 Digital twins double the attack surface Engage with suppliers to understand
their security posture, and spot potential
The challenges of securing digital twins will undermine their
weaknesses in the links between digital twins
benefit, with attackers using a range of techniques to prolong
and their real-world counterparts.
manufacturing and supply chain downtime.
WHERE NEXT?
We recommend that ISF Members:
– review the threats in Threat Horizon 2024, identifying those that are of high priority
– use ISF Live to become familiar with the techniques ISF Members have used to implement
Threat Horizon
– consider how the contents of Threat Horizon can be adapted to work best within your organisational
culture, for example: enable threat analysis and formulation of potential impacts and responses;
brainstorm risk treatments, and conduct threat analysis, formulate potential impacts and responses,
and identify risk treatments
– use the ISF Threat Radar with business leaders to help prioritise threats and actions, particularly when
time and budgets are limited
– work with other organisations to collaborate on threat intelligence and strategies
– give careful consideration to the ISF resources in this report including:

Demystifying Zero Trust Continuous Supply Chain Assurance:

Briefing paper Monitoring supplier security

Securing the IoT:

Extinction Level Attacks:
Taming the connected world
A survival guide
Briefing paper

Using Cloud Services Securely: Security Architecture:

Harnessing core controls Navigating complexity

ISF Services offers customised Threat Horizon engagement to help Members identify, assess and
prioritise the most relevant threats to your organisation. This engagement includes an expert-led
Threat Radar review to develop mitigations for emerging threat scenarios and support you in building a
business-aligned information risk management capability.

Contact
For further information contact:
Steve Durbin
Chief Executive
US Tel: +1 (347) 767 6772
UK Tel: +44 (0)20 3289 5884
UK Mobile: +44 (0)7785 953800
steve.durbin@securityforum.org
securityforum.org

About the ISF

The ISF is a leading authority on information security and risk management. A not‑for‑profit organisation, we provide
independent opinion and guidance on all aspects of information security. We deliver practical solutions to overcome the
wide‑ranging information security and risk management challenges that impact business.

Disclaimer
This document has been published to provide general information only. It is not intended to provide advice of any kind. Neither the
Information Security Forum nor the Information Security Forum Limited accept any responsibility for the consequences of any use
you make of the information contained in this document.

Information Security Forum

©2022 Information Security Forum Limited | Classification: Public, no restrictions | Prepared: January 2022