What is the outlook for Cyber Security in 2024

As 2023 draws to a close, we turn our attention to the potential threats that are raising their heads in 2024.? It’s never ending, and the cyber criminals are there waiting for new opportunities to exploit, and they’re not slow in doing so.? Defence in depth remains the best plan, solutions designed on sound risk management techniques which continue to be ignored in the SME world.? This is asking for risks to be exploited.? So, let’s dive in to what’s being seen as a potential for next year.

Top of my hit parade is AI.? I’ve blogged about this before.? AI has the potential to be both a boon and a danger in terms of cybersecurity.? One the one hand, AI can enhance cybersecurity by detecting and mitigating threats more efficiently, analysing vast amounts of data for anomalies, and automating certain defensive tasks.? On the other hand, AI can also pose risks if it falls into the wrong hands or is used maliciously.? We are already seeing the re-birth of what we used to call the script kiddie.? These were hackers of lowish skill, who bought or blagged malware from skilled criminals who sold malware on the dark web.? These script kiddies then used that code to attempt hacks.? These guys had all but disappeared in recent years.? But AI is bringing them back.?

It's?pretty much the same scenario whereby budding criminals with lowish skill levels can use AI to devise attacks.? We are already seeing this with some quite nasty attacks being undertaken in the US.? One example is an update on the CEO Scam.? Those of you with good memories might remember this scam.? It’s where an email is spoofed so that it looks like it comes from the boss and is sent to someone in accounts payable, telling them to pay the attached invoice without delay.? The invoice is of course fake.? The scam is not very sophisticated and can be avoided with a little diligence on everyones part, and good awareness of course.? The update using AI goes a little further and does it by phone with AI impersonating the voice of the boss.? It’s much more believable and the person on the end of the call is much less likely to question it.?

The next on my list is nothing new, data breaches.? Data will continue to be a leading concern for organisations around the world. Whether it be for an individual or organisation, safeguarding digital data must be a primary goal.? Whether you are operating in the EU or not, GDPR is relevant.? What has become known as UK GDPR, essentially the Data Protection Act 2018, is in essence GDPR.? The difference is slight, and the Information Commissioners Office has real teeth.? I’ve blogged about this many times, and these can be found on my website.? Ignore this at your peril.? Many breaches aren’t even technical in nature, but stem from procedural flaws and mistakes by staff, not because they have done something obviously wrong, but often because they didn’t know they shouldn’t have done it.?

Human error is one of the primary reasons for the data breach. Any bad day or intentional loophole can bring down a whole organisation with millions lost as a result of stolen data. A report by Verizon gives a strategic insight saying that 34% of total attacks were directly or indirectly made by an employee. In cases like this the fault lies squarely with the organisation for not having suitable training and awareness in place, as well as potentially not having good enough processes.? That’s the way the ICO is likely to view it.?

Many organisations are now using Cloud services run by third parties.? In the SME world this makes great economic sense, reducing or eliminating the need for expensive on site infrastructure and attendant fees for maintenance and making the increasingly popular hybrid working model, ie home v workplace, much easier to manage.? However, this brings with it a whole new raft of threats and vulnerabilities with many built in security solutions not adequate, simply because they tend to be a one size fits all solution and don’t consider fully, your working patterns.? Home working also makes your staff more susceptible the phishing attacks as they have no one to bounce suspicions on and will often just ignore those and proceed, because they don’t want to slow their work down.?

Another important cybersecurity trend that we can't ignore is targeted ransomware. Especially in the developed nations' industries who rely heavily on specific software to run their daily activities. These ransomware targets are more focussed such as the Wanna Cry attack on the National Health Service hospitals in England and Scotland which corrupted more than?70,000 medical devices.?

There’s a perception amongst SMEs that ransomware doesn’t get targeted at them because the rewards are so low.? Wrong.? Let’s take a scenario where ransomware is written using AI and targeted against say, 500 SMEs in a certain industry, and then sent out in an automated way.? Let’s say they ask for ￡1K per target, so a potential for ￡500K reward.? If say only 50% pay up, it’s well worth it because the cost of production was so low.? Their margin is probably north of 80%.? A margin we’d all be delighted with.? There is anecdotal evidence that ransomware attacks on SMEs don’t get widely reported because they are never reported, with the SME much happier to lose 1K than 2 or 3 days down time which could cost them considerably more.? Of course, this has to be anecdotal because very few are talking about it, so actual stats are virtually impossible to come by.? But this evidence is not just coming out of the UK, but the US and someone contact me yesterday to suggest it is a regular occurrence in Australia to.? The more people pay up, the more it’s going to happen, but it would be much smarter if we just spent a little money and resource on prevention.?

I could go on, and probably will in future weeks.? But this will do for now as I know many don’t like to get confronted with a wall of text.?

H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.?

To learn more about the services we provide please click here?https://www.hah2.co.uk/?

Alternatively, please feel free to give us a call or email.?

T: 0845 5443742

M: 07702 019060

E:?[email protected]

?

Trust H2 – Making sure your information is secure.

?