Are you tired of the same old 'AI will change the world' narrative for 2024? So are we. Dive into something different and practical. Amidst the sea of articles, blogs, and podcasts all echoing AI's transformative impact—a story we've all lived in 2023—we've done something different. We've sifted through the noise to bring you the top 10 predictions for 2024, focusing on real-world implications for state government agencies. Although AI is mentioned in our predictions, we intentionally omitted the term from the titles, instead focusing on the substance of the prediction and its implications for state agencies and the communities they support. 

  1. Cyberattacks Will Be More Frequent and More Formidable. The landscape of cyber threats is rapidly evolving, leaving state government agencies particularly vulnerable. The abundance of citizen data these agencies handle makes them prime targets for AI-enhanced cyberattacks. Agencies must invest in and deploy robust, AI-driven cybersecurity systems to counter these cyberattacks. Such proactive measures are essential for data protection and maintaining public confidence in government digital services.  
  2. State-Employed Staff Will Require Sophisticated Cyber Security Training, Particularly Around Phishing & Social Media. Gone are the days when you could spot a phishing email because of its lack of personality or grammatical mistakes. Today, phishing messages are personalized, free of grammatical errors, and rather convincing. Cybercriminals can collect information on staff members and engage in complex social engineering tactics automatically and at scale. Employees who handle financial transactions are more likely to be targeted, and failure to respond appropriately can be catastrophic. Therefore, they should receive extensive cybersecurity training focused on preventive measures. There are various courses and learning platforms available in the market. However, if you need help to select one, we recommend KnowBe4. It is an interactive security awareness training platform that Kyra Solution employs with each of its employees.  
  3. Mis-, Dis-, and Malinformation (MDM) Campaigns Will Erode Trust in Traditional Media Sources. With AI, we have already begun to see misinformation on the rise; however, with the 2024 election season, stories will be twisted, news will be shared devoid of critical context, and general misinformation will spread like wildfire. This will result in classic news sources falling out of relevance and will leave citizens needing a trusted source. Agencies should prepare to manage an influx of misinformation, particularly in areas where public opinion is crucial, such as environmental protection. If managed correctly, the perception of government could be significantly enhanced, though the opposite is undoubtedly true if agencies fail to engage the community effectively.  
  4. Insurance Will Be a Necessary Mitigation Tactic to Reduce the Impact of Security Breach. In light of the mounting cyber threats, agencies must thoroughly evaluate their insurance coverage to mitigate the risks effectively. This evaluation should encompass all technical aspects of data security and other cyber risks to ensure the agency is adequately covered against potential financial losses.  
  5. Cyber Threats Affecting Space Security Will Impact Agency Operations, Further Burdening Cybersecurity Teams. Advancements in quantum computing have revolutionized how we solve complex algorithms, potentially transforming fields such as medicine, transportation, and manufacturing. However, this technology also poses new threats to space security. Agencies must prepare for emerging cyber threats, particularly those targeting satellite communications essential for environmental monitoring.  
  6. The Mobile and IoT Security Landscape Evolution Will Introduce New Security Challenges. The rise of threats targeting mobile devices and IoT necessitates a focus on securing these technologies, particularly in areas like inspection management, where mobile and online services are prevalent.  
  7. Agencies Will Mitigate Security Risks and Reduce Operating Costs by Moving Legacy IT Systems to the Cloud. Recognizing the economies of scale in IT security, agencies should leverage cloud-based data stores with proper security compliance. This shift enhances security protocols and streamlines data management and accessibility. Cloud platforms, like Salesforce, offer robust, scalable solutions that prioritize cybersecurity while promoting composability and interoperability. By migrating to the cloud, government agencies can benefit from advanced security measures that are continuously updated to tackle emerging threats, ensuring a more resilient infrastructure.  
  8. By 2024, over a third of national governments--and half of U.S. states--will offer citizens mobile-based identity wallets. Only a minority will be interoperable across sectors and jurisdictions. Source: Gartner Digital identity unlocks many opportunities for the management and delivery of government services along with many benefits for citizens (a wallet-free future!). Agencies adopting digital identity must consider macro-implications and ensure that the digital identity solves government, healthcare, and commercial needs. Further, agencies deploying this technology should have a strategic public relations plan to engage citizens and provide them with the information they need to understand and adopt a digital ID.  
  9. By 2025, over 35% of government legacy applications will be replaced by solutions developed on low-code application platforms and maintained by fusion teams. Source: Gartner At Kyra Solutions, we see this evolution playing out in real-time. The modular application architecture has made it easier for agencies to quickly adapt to regulatory or legislative changes, saving time and resources. Agencies should challenge vendors to provide a modular architecture and licensing model to prepare for the future. It is important to note that this change is a process, and therefore, agencies should prioritize upgrading technical capabilities by leveraging business capability models and risk and opportunity maps.  
  10. Zero-trust titles will double in 2024. Source: Forrester We may be familiar with “Trust, but verify,” an old Russian proverb used extensively by Ronald Regan in the 80s when discussing nuclear disarmament; today, zero-trust adopts a slight variation: "Verify first, then trust." Zero Trust is built on the principle of least privilege. Instead of providing entry through a single checkpoint at a grand and impressive entrance, the Zero Trust method requires us to assume that no one can be trusted to enter designated areas without demonstrating their identity for each level of access required. The US Executive Order, NIST's Zero Trust Architecture Framework, and the DoD's Zero Trust Strategy & Zero Trust Capability Execution Roadmap have increased Zero Trust adoption, resulting in firms creating new roles to oversee its requirements. Agencies need to provide training to ensure all staff members understand Zero Trust. Agency leadership teams should understand that despite the challenges of changing security processes and administering a Zero Trust model, the benefits of the Zero Trust model outweigh them.

And there you have it; our 2024 predictions highlight the need for state government agencies to significantly enhance their cybersecurity posture, focusing on AI-based defense systems, robust protection against ransomware and phishing, securing cloud environments, and being vigilant against misinformation and large-scale attacks. In light of these challenges, it's imperative for state agencies to not only review but also actively implement comprehensive IT security standards.

While it's commendable that all states have security measures in place and most mandate security protocols for government agencies, the rapid evolution of cyber threats requires a more dynamic and holistic approach. Recent legislative developments advocate for a statewide, thorough strategy encompassing security and oversight. These laws increasingly mandate specific actions to safeguard sensitive data from unauthorized access, modification, or disclosure. This includes mandatory training for state employees, periodic security audits, and developing robust standards and guidelines.

The question now is: Have your state agencies embraced and executed a thorough security protocol? Two frameworks stand out as industry benchmarks – the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the International Organization for Standardization (ISO) 27001 and 27002. The NIST Framework urges an immediate, independent operational risk assessment of state infrastructure, applications, and data to identify and prioritize high-risk areas. This framework also aids in strategizing and updating systems to the latest security versions, thereby minimizing risks from outdated systems.

Moreover, states should take advantage of federal initiatives like the Federal Risk and Authorization Management Program (FedRAMP). This program offers a standardized methodology for assessing, authorizing, and continually monitoring cloud computing services. By adopting FedRAMP, states gain insights into secure cloud services, saving time and resources by not having to develop their own security assessment products. With many cloud providers, including Salesforce, already FedRAMP compliant, states should prioritize these vendors to ensure high-quality cloud products and services.

Where did we come up with these predictions? As mentioned at the start of the article, we sifted through many predictions from respected policy, technology, operations, and business professionals. We had to exclude many excellent predictions in this article due to space constraints. Some predictions were merged into a more comprehensive one, while others were not included because they were too complex, irrelevant, or too far-fetched. Other predictions were not included because they were obvious and did not require repetition.  

Our friends at Government Technology gathered some great predictions from several top industry reports. For more information on cybersecurity predictions, we recommend these two articles:

Additional Resources: 

Gartner: Top Technology Trends 2023: Government 

PBS: AI-generated disinformation poses threat of misleading voters in 2024 election 

CISA: Mis-, Dis-, and Malinformation: Planning and Incident Response Guide for Election Officials 

Salesforce: What is Cybersecurity? Your Guide to Digital Defense 

Snowflake: Public Sector Data + AI Predictions 2024 

GovernmentTechnology: How Artificial Intelligence Is Set to Change Work in 2024 

American City & County: 2024: 12 predictions for cities and counties (AI stars in all) 

NIST Special Publication 800-207: Zero Trust Architecture 

Salesforce: What You Need to Know About Zero Trust 

Subscribe to receive an email when new articles are published.