This blog will delve into the top ten cybersecurity threats in 2024, offer insights and recommend mitigation strategies to help you safeguard your organisation's security.
In this blog, we’ll cover:
The weakest link in cybersecurity is often not the technology but the people who use it. Human risk is considered a top cybersecurity threat because of the central role humans play in the operational and security processes of organisations.
The most common human risks involve careless behaviours at the workplace, such as using weak or reused passwords, failing to secure physical devices, mishandling sensitive information or downloading malicious software by mistake. Poor security hygiene and insider credential theft can also leave organisations vulnerable to exploits and attacks.
HRM is extremely useful for preventing human risks. HRM assesses which roles in the organisation are most at risk of being targeted attackers. It can also tailor cybersecurity training and protocols to these roles. For example, finance department employees would require in-depth training on the verification processes for payment changes and requests.
Phishing remains one of the most common attack vectors. Phishing attacks continue to be effective because they are good at exploiting human psychology rather than technological vulnerabilities.
Attackers craft emails or messages that mimic legitimate sources, such as reputable companies or known contacts. The goal is to trick the recipient into revealing sensitive personal or financial information or downloading malware onto their device.
Recent trends in phishing attacks have shown a significant increase in both frequency and sophistication, highlighting the evolving challenge these threats pose. According to the ThreatLabz Report, in 2022, there was a 47.2% increase in phishing incidents compared to the previous year thanks to the growing sophistication of phishing techniques, which now often include the use of phishing kits and AI tools. According to the report, Education was the most targeted industry in 2022, with attacks increasing by 576%.
Source of image: ThreatLabz Report
Phishing simulation is a proactive and educational tool. Simulated phishing aims to train employees to recognise and report phishing attempts. Phishing simulation is a proven and widely adopted method to strengthen employee's ability to fight against phishing attacks.
Enforcing MFA where possible to add a layer of security. Even if credentials are compromised via a phishing attack, MFA can prevent unauthorised access. This extra security step requires users to verify their identity using two or more validation methods, effectively blocking intruders who might have stolen a password.
Ransomware attacks involve malicious software that encrypts the victim’s data, making it inaccessible until a ransom is paid. These attacks typically start with phishing emails or exploiting network vulnerabilities. Once the ransomware is installed, it locks all accessible data, and the attackers demand payment for the decryption key.
Recent findings about ransomware by Corvus reveal alarming statistics that highlight the concerning situation. From August 2022 to May 2023, the number of ransomware incidents has soared by a staggering 101.84%. The increase became particularly notable in late 2022, peaking with a growth of 36% in the first quarter of 2023, which also marked a 65% rise compared to the same period in 2021. This trend shows no indications of diminishing.
Source of image: Corvus
This trend is expected to escalate, with predictions suggesting that ransomware attacks will occur every 2 seconds by 2031.
Provide employees with security awareness training programmes to educate them on how to recognise and avoid potential ransomware threats, such as malicious links or attachments in emails. Regular training and phishing simulations can significantly reduce the likelihood of an employee inadvertently triggering a ransomware attack.
Implementing sophisticated email filtering solutions can be useful for detecting ransomware attempts. These filtering tools analyse the authenticity of the sender, scan email content for malicious links, and identify suspicious attachments.
Artificial intelligence (AI) enhances offensive capabilities in cybersecurity. AI can be used by attackers to automate tasks that were previously time-consuming for humans, such as identifying system vulnerabilities, crafting phishing emails, or even hacking into systems.
Deepfake-powered attacks have also become a sinister threat. The attacks refer to the use of artificial intelligence (AI) and machine learning techniques to create highly realistic but false audio, video, or image content. Here is an example of the most eerily deepfake video on the internet.
The dynamic nature of AI-driven threats means that they can evolve in response to changes in cybersecurity measures, continuously finding new vulnerabilities to exploit. This allows cybercriminals to launch large-scale attacks with higher efficiency.
AI technologies evolve at a rapid pace, enabling new forms of cyber attacks that can quickly outpace traditional security defences. According to the Canadian Cyber Threat Intelligence Annual Report, PwC highlights the radical shifts in the cyber threat landscape over the past year, exacerbated by new technologies. They point out the evolving nature of cyber threats as AI technologies become more integrated into attack vectors.
Educate employees about the specific challenges posed by AI-driven threats. Training should include scenarios involving AI tactics, teaching employees how to recognise and respond to AI-powered threats effectively.
OSINT can be highly useful in combating AI-driven threats. OSINT involves collecting and analysing information from publicly available sources to support intelligence efforts. OSINT is a valuable and cost-effective component that should appear in the organisation's cybersecurity strategy.
The dark web's role in accelerating cybercriminal activities makes it a significant threat to global cybersecurity. The dark web hosts numerous marketplaces that sell hacking tools, malware, ransomware kits, and services such as DDoS attacks, data breaches, and other cybercriminal activities.
The dark web also provides a high level of anonymity which is facilitated by the use of encryption technologies and specialised browsers. This anonymity makes it challenging for law enforcement and security agencies to track and prosecute perpetrators of cybercrime.
The recent trend in dark web threats shows a notable increase in data theft and leaks. These leaked data would almost always end up being on the dark web. IBM’s X-Force Report revealed that Data Theft and Leak were the top impact to organisations, making up 32% of cybersecurity incidents in 2022.
Top impacts X-Force observed in incident response engagements in 2023
Source of image: IBM’s X-Force Report
The report also observed that attackers were increasingly investing in measures to obtain user identities – with a 266% increase in infostealing malware designed to steal personal information such as emails, social media and messaging app credentials, banking details, crypto wallet data and more.
A DWM tool can assist you in continuously scanning the dark web, including forums and marketplaces known for illicit activities, to detect if sensitive corporate data or personal information has been exposed. This includes leaked credentials, confidential documents and financial information. If the monitoring tool finds any data related to the client on the dark web, it immediately alerts them. Real-time alerts allow organisations to act swiftly to mitigate the risk, such as changing passwords or securing breached accounts before the information can be exploited.
Having a well-defined incident response plan enables organisations to react quickly to a security breach. This should include procedures for containing the breach, eradicating the threat, recovering data, and communicating with stakeholders.
BEC is considered a top cybersecurity threat due to its significant impact. BEC is a sophisticated scam targeting companies with international suppliers or businesses that regularly perform wire transfer payments. Successful BEC can lead to significant financial losses including stolen funds, disrupted operations, and a negative impact on the organisation’s image.
In BEC attacks, scammers pretend to be a trusted figure such as a senior executive or a partner company aiming to gain access to or impersonate corporate email accounts to deceive the company’s employees, customers, or partners into transferring sensitive information or funds to fraudulent accounts.
BEC attacks are becoming more and more financially damaging. The FBI, in their 2023 IC3 Report, highlighted that BEC remains a significant threat to modern enterprises, with reported losses nearing $3 billion in 2023. This marks a 7% increase over the previous year's total of $2.7 billion, summing up to a total of $14.3 billion in losses since BEC was included in the FBI's reports in 2015.
Source of image: The FBI 2023 IC3 Report
Encourage secure email practices, such as avoiding the sharing of sensitive data, especially financial information over email. Deploy secure file transfers instead of email attachments when possible.
The shift to remote work has expanded the attack surface in many organisations. Remote systems often lack the same level of security as in-office networks, making them prime targets for cyberattacks.
With remote work, employees access corporate networks from different locations and often through personal or less secure devices. This can lead to increased risks of unauthorised access. Attackers can exploit weak home Wi-Fi security, use malware-infected personal devices as a gateway, or intercept unencrypted communications across less protected networks.
The World Economic Forum in its 2023 Global Cybersecurity Outlook, has emphasised that the trend of remote work has intensified the challenge of maintaining cybersecurity in many organisations.
They note that as businesses adapt to a more dispersed workforce, the traditional perimeter-based security models are becoming less effective. They also highlight that securing a remote workforce is necessary for developing better resilience.
Small businesses or those lacking in-house expertise may benefit from working with managed services providers (MSPs). MSPs could offer tailored and a variety of security solutions to protect your business from remote work-related threats.
Equip all endpoints with robust antivirus and anti-malware solutions, along with firewalls, to detect and mitigate threats before they can cause harm.
A single vulnerability in the supply chain can compromise all connected entities.
Supply chain attacks occur when a hacker infiltrates your system through an outside partner or provider with access to your systems and data. This could include software providers, hardware manufacturers, or service providers.
Supply chain attacks can be particularly dangerous because they exploit trusted relationships and are often difficult to detect. As businesses increasingly rely on third-party services and software, the potential for a breach through a supplier grows.
Organisations are recommended to pay due diligence to downloading software onto their IT estates. A significant piece of statistics shared by Sonatype, a software supply chain management platform, indicated that there has been a rapid increase in supply chain attacks over the last three years. The report showed researchers had uncovered 88,000 malicious open-source packages in 2022 and this equated to a staggering 742% increase over the number recorded for 2019.
Regularly audit third-party vendors for compliance with security standards and policies. Require vendors to adhere to specific cybersecurity practices and standards, such as ISO/IEC 27001 or NIST frameworks. Implementing contractual agreements that enforce these security measures is also crucial.
A policy management tool can help organisations develop, manage, and enforce security policies that govern their interactions with suppliers.
Sophisticated policy management tools include a variety of features that automate the process. This helps organisations to continuously monitor the compliance status of suppliers and take timely action if discrepancies are found.
As more companies migrate to the cloud, the potential for data breaches, insecure interfaces, and hijacking of accounts increases. Cloud threats can involve data breaches, misconfigured cloud storage, insecure APIs, and account hijacking. Attackers may even exploit weak authentication processes to gain access to cloud-based applications and data. Once inside, they can steal data, plant malware, or use your cloud services to launch further attacks.
The growing adoption of cloud computing has brought forth a lot of security concerns for IT professionals. According to websitepulse.com, 91% of organisations said that they were concerned about cloud security and 90% of organisations said at least half of their data on the cloud was sensitive.
Source of image: websitepulse.com
Attackers are constantly searching to exploit hybrid cloud weaknesses to target sensitive data stored in previously unreachable destinations. As Google predicts in its new Cybersecurity Forecast 2024 Report, attackers would target misconfigurations and weak identity protection in cloud infrastructure and applications to cross boundaries between public and hybrid cloud environments.
Choosing a cloud-service vendor that complies with GDPR and ISO 27001 can provide you with enhanced data security.
Choosing a vendor with Cyber Essentials/Cyber Essentials Plus certificates is beneficial for your organisation. These certifications are government-backed, industry-supported schemes to ensure the vendors protect themselves against common online threats.
The rise of quantum computing poses a significant future threat to current encryption methodologies.
Current cryptographic systems rely on complex mathematical problems that classical computers take too long to solve. Quantum computing could solve these problems much more quickly and automatically.
Quantum computing could potentially break many of the cryptographic protocols that currently secure our data. Preparing for this future involves investing in quantum-resistant cryptography and staying abreast of advancements in quantum technology.
According to netmeister.org, the latest accomplishments are the IBM Condor (1,121 qubits) and the Atom Computing atomic array (1,180 qubits), both towards the end of 2023, showing an increasing acceleration in the number of qubits.
Source of image: netmeister.org
Such powerful systems can potentially decrypt current public key infrastructures (PKIs) that secure digital communications, leading to cryptopocalypse -- the point at which quantum computing becomes powerful enough to break any type of cryptography.
Working with a cybersecurity vendor is the best way to keep an eye on the new technology advancements. Vendors could provide information on cybersecurity hot talks and give you regular updates. This is advantageous for your organisation because it could broaden your horizons and provide useful intelligence for you to build your organisation's security defences.
Implement a regular and continuous security training programme that goes beyond annual training sessions. Repetition is key to memory retention. Regularly distributed new short courses, quizzes, security alerts, notes or posters to cement important security practices in employees' long-term memory.
Understanding these ten evolving threats is just the first step in defending against them. Navigating the complex web of cybersecurity is crucial for any organisation aiming to protect its business in the digital age. Watch a short demo to see how we can help you enhance your security posture. Or get in touch with us to unlock the 14-day free trial to experience our renowned security awareness training programme.