Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics, give us unique visibility into trends in mobile security.
Based on this data, we wanted to share our predictions for 2024. We don't claim to be able to predict the future but we do think we can see some trends that will help you prepare your own plan for navigating the challenges and opportunities that lie ahead in 2024. First, let's talk about some general trends we see and then dive into our mobile predictions.
General Trends
-
Cybersecurity skills will continue to be scarce
This will lead to increased use of Security-as-a-Service, especially by small enterprises. Also in terms of cybersecurity solutions, the winners will be those that are easy to maintain, and don't generate false positives that need to be managed.
-
AI will continue to be adopted (carefully)
2023 saw an explosion in the use of AI in cybersecurity but countering this trend is a lack of transparency of how some of these solutions work, and the false positives generated by machine learning algorithms. AI will continue to be adopted but the winning solutions will provide visibility, control and ease-of-use to security teams.
-
Ransomware will continue to be a threat
Readiness will be a focus e.g. CISA, the Department of Homeland Security and FEMA have launched the “Shields Ready” initiative, a new campaign designed to encourage critical infrastructure (CNI) stakeholders to enhance cyber-resilience in their organizations.
-
More comprehensive reporting will be demanded by regulating authorities
Breaches must be reported faster. For example both the EU and FCC have recommended new more onerous reporting requirements in 2023 for introduction next year. This will continue to put pressure on enterprises to invest in processes and tools.
-
National cybersecurity agencies will provide more help (to SMBs)
SMBs are increasingly seen as the “weakest link”, without the means to invest in security. Agencies in the USA and Australia have ramped up the services and tools they offer to SMBs and this trend will accelerate in 2024.
-
Nation state actors will focus on creation and distribution of malicious tools to achieve scale
The latest cybersecurity solutions may be harder to bypass but with the use of new technology such as AI and quantum computing, hackers can still prevail. The skills and resources required will be beyond the reach of the average hacker. Nation states will realize that if they package and drive adoption of tools which make hacking easier they can achieve more scale and increased deniability. In 2024, the model of Ransomware-as-a-Service will be applied to other attack surfaces.
Mobile Trends
-
Mobile adoption will (finally) drive mobile-first cyber security strategies
The security focus of enterprises has tended to see mobile app protection as a small component of the broader security strategy covering network, cloud, browser and web apps, but as mobile apps now dominate, mobile protection will gain a new focus.
-
Unprotected mobile apps will (continue to) be weaponized by bad actors
Even though effective mobile RASP and attestation solutions are available it is still too easy to tamper with mobile apps and turn them into malicious bots to target backends and APIs. This will continue to be true in 2024 until there is a broader adoption of mobile security solutions.
-
Enterprise security investments will continue to be under pressure but some areas of investment will increase (i.e. mobile)
IT budgets are being downsized and this includes security. Security spending will shift from legacy applications such as WAF to new areas such as Mobile RASP. In general, investment in mobile security will increase.
-
Mobile RASP will become mainstream
Backend application-server runtime application self-protection was heavily hyped but commercially unsuccessful because it duplicated protections provided by WAFs. Major breakthroughs in mobile RASP on the other hand now provide a very effective way to defend apps and client environments which are beyond the traditional perimeter. 2024 will see a broad adoption of mobile RASP.
-
Cross-platform developer tools will dominate the market
As native Android and iOS security tools continue to diverge, the cost of developing for both platforms will increase, and there will be continued adoption of cross platform development tools such as React Native and Flutter, and a matching adoption of security solutions which operate seamlessly and consistently across both environments.
-
Huawei HarmonyOS will gain market share (outside of the US)
The development and adoption of HarmonyOS as an alternative to Android will continue apace in 2024.
-
Secrets will still be exposed in mobile apps (but it will get better)
A number of studies in 2023 continued to show that important secrets such as certificates and API keys are still too easy to extract from widely deployed mobile apps, even when the code is obfuscated. 2024 will see a broader acceptance of solutions which dynamically manage secrets and get them out of the code.
-
The high-end Smartwatch market will continue to grow and security solutions must adapt
Apple will continue to dominate the high-end watch market but adoption of other types of smartwatches and wearables will also grow in 2024. Apps on smartwatches now communicate directly with backend systems via wifi and cellular, without a phone being present. This means that in 2024 Apple Watches and other wearables can no longer depend on phone security and must have their own protections in place. Mobile app security solutions will adapt to cover this new attack surface.
Get Regular Updates on Mobile Security from Approov!
Approov remains committed to staying at the forefront of these transformative changes, providing you with the necessary knowledge and solutions to navigate the continually evolving cybersecurity landscape. Our team will continue to track these and other trends.
Subscribe to our monthly newsletter to get all the latest news in mobile security.
Follow us on Linkedin to receive a weekly update.
