In 2024, the landscape of cyber threats is shifting notably as artificial intelligence technologies deepen their reach into the methods hackers use. Social engineering attacks are poised to grow by at least 60 percent, driven by the persuasive power of AI tools and the ease with which attackers can tailor their schemes. This assessment comes from a leading information security firm operating in Russia, which notes the trend as a clear warning for organizations across North America and beyond. The message is simple: attackers are getting better at exploiting human weaknesses, and many organizations have not kept pace with training and awareness programs that could blunt the impact of these techniques.
A broader warning accompanies this forecast: the cyber threat surface is expanding. Beyond social engineering, there is a growing expectation of higher volumes of assaults targeting critical infrastructure and enterprise networks. In particular, sustained increases in distributed denial-of-service (DDoS) activity are anticipated, with quarterly growth observed over the past two years. The tendency is unlikely to reverse in the near term, and analysts expect new vectors of attack to appear as defenses adapt to previous trends.
The core targets for 2024 are expected to include government services, essential information infrastructure, and organizations that collect large volumes of personal data. The IT sector, in particular, faces elevated risk as attackers aim to disrupt software development and compromise digital ecosystems that rely on domestic and international supply chains. The pattern suggests a strategic focus on sectors where disruption would have the most tangible consequences for citizens, businesses, and national operations.
Overall, the trajectory points to a world where threat actors combine technical prowess with social manipulation. This blend increases the likelihood that well-crafted phishing, pretexting, and other manipulation techniques will succeed against untrained personnel. As a result, many organizations will need to intensify security awareness programs, implement stricter access controls, and adopt multifactor authentication as standard practice across all levels of operation. The emphasis on preparedness remains crucial because even sophisticated systems can be undermined by lapses in human judgment, especially when those gaps are exploited through repeated, highly convincing social cues.
Observers also highlight that political and informational operations will continue to shape the cyber threat landscape. The share of politically motivated DDoS campaigns has remained substantial, underscoring a risk environment where public sector entities and large data repositories are common focal points. For teams defending critical services, this reality translates into a dual obligation: safeguard infrastructure while maintaining resilience against attempts to overwhelm services with traffic and cause service outages. The takeaway is clear—comprehensive defense requires both technical controls and ongoing, reality-based training for personnel.
For organizations operating in Canada and the United States, the current forecast carries practical implications. Strengthening cyber hygiene starts with education: people are often the first line of defense. Regular, scenario-based training that mirrors real-world social engineering ploys can raise awareness and reduce susceptibility. On the technical side, investing in robust network monitoring, scalable DDoS mitigation, and resilient backup strategies helps ensure continuity even under pressure. In addition, governance that enforces least-privilege access, strict identity verification, and rapid incident response planning will compound the effectiveness of defensive measures.
As the threat landscape evolves, maturity in cyber defense means moving from reactive to proactive stances. Organizations should conduct regular threat simulations, assess third-party risk, and tighten configurations across endpoints, servers, and cloud environments. The end goal is simple: fewer successful manipulations, fewer compromised sessions, and quicker recovery when incidents occur. With AI-driven attack campaigns on the rise, the case for comprehensive, layered security becomes even more compelling for teams across North America and globally.
In summary, 2024 is set to be a year where social engineering and DDoS-focused campaigns intersect with increasingly aggressive efforts to access critical data and systems. The responders who build resilient cultures—where training, technology, and governance align—will stand the best chance of preserving trust, maintaining operations, and safeguarding sensitive information in an era of rising digital risk.