For this reason, organizations are expected to deploy cybersecurity practices with individuals as the focus. Identity management will become more critical to an organization's defenses, and advanced authentication techniques, such as passkeys, will increase in popularity.

2. Cybercrooks Will Prefer Social Engineering

Data breaches continue to feed stolen personal information to cybercriminals, who use it to launch sophisticated social engineering attacks. They impersonate people of authority (including credit union representatives) to request access to valuable information, systems and accounts. This is often the how the criminal gains a foothold to deploy ransomware or a fraudulent funds transfer scam.

Cyberscout, a TransUnion company, observed an unprecedented increase in social engineering attacks in 2023 – accounting for 50% of all cyber claims after barely reaching 20% in 2021. The volume of these attacks is only expected to increase in 2024 because they offer greater anonymity and potential profits when compared to tactics.

3. Identity Attack Surface Will Expand as Digital Engagement Grows

Given the availability of generative AI programs, fraudsters are expected to feed their machines with the stolen identity data they need to work at scale.

Identity thieves are likely to expand their use of voice cloning and deepfakes. The volume and variety of data that can be abused has grown rapidly, as criminals can use audio and video taken from webinar recordings, online dating profiles, stolen smart speaker files, call center records, voicemails and social media posts.

4. Multi-factor Authentication Schemes Will Find Favor With Cybercriminals

Criminals often follow the path of least resistance. Today, that path is usually the login screen. Therefore, multi-factor authentication (MFA) bypass attacks are expected to be 2024's go-to mechanism for obtaining usernames, passwords and other authenticators.

In 2023, MFA weaknesses gained traction due to new technologies and increasingly sophisticated techniques. Hackers are more adept at intercepting email, SMS/text communication MFA authentication and one-time passcodes than ever before.

5. Microbusiness Boom Will Accelerate Supply-Chain Data Breaches

The myth of "too small to be targeted" will continue to plague micro and small businesses, with bad actors finding lucrative paydays attacking third-party vendors, such as IT service providers and payroll companies. Breaching one service provider in a supply-chain attack (also known as a third-party breach) can provide access to the data and systems of dozens of business clients.

6. Big Business Will Require Small Business to Buy Cyber Insurance

The risk of supply-chain breaches will prompt large-business clients to ensure their vendors take steps to avoid such compromises. Today, big companies eat the losses stemming from a supply chain attack, but tolerance is expected to lessen in 2024 as the financial and reputational fallout of third-party breaches expand.

7. Data Privacy Shifts Toward Consumer Empowerment

The introduction of greater access and transparency of credit information means more American consumers are now actively managing their credit scores. Data privacy seems to be on a similar journey, with more individuals demanding control over their personal data.

In 2024, expect financial institutions and other providers to find ways to make their data-enriched relationships less transactional and more mutually beneficial.

8. 'Finfluencers' Will Raise Interest, Engagement in Financial Content

Financial influencers (finfluencers) are raising consumer awareness around the different facets of personal finance, which presents pros and cons that credit unions should monitor.

On the one hand, members who are educated about financial health are typically more engaged in achieving it. On the other hand, misinformation can be dangerous.

With both promise and perils ahead, the opportunity for deepening trust with members in 2024 is vast. Credit unions that take a proactive, holistic posture will be better prepared to face this dynamic landscape.

Eder Ribeiro

Eder Ribeiro is a senior cybersecurity manager for TransUnion.