By: Gareth Lloyd, Cyber Security team
2024 has barely gotten itself out of bed yet, but it’s already got problems to deal with. Within minutes of shuffling forwards and drawing the curtains, it was staring directly into a meteor shower of cyber attacks crashing past the window.
Cybercriminals were exceptionally quick off the mark this year, and whilst the likes of the British Library and pharma giant Merck were scrambling to repair the damage left behind by attacks on their systems in 2023, hackers were already busy picking new targets for 2024.
One week into the New Year and all kinds of businesses have been hit - from loanDepot to Beirut International Airport.
Who’s next? Well, if one parliamentary report is correct, it could be the entire UK government. One committee has said that poor planning and insufficient cyber investment has turned the UK into a sitting duck for a “catastrophic” cyberattack that could bring the entire nation to a “standstill”.
2024 could be the most challenging year for cyber defence since the brainwave of a World Wide Web from Tim Berners-Lee became a reality. But what exactly will that look like?
A people problem
The fight against cybercrime might be conducted entirely within the cloud, but the truth is that real people in waking life are often the main problem…
Human error remains one of the biggest causes of data breaches - and one study claimed as many as 9 out of 10 company hacks could be traced back to an employee simply clicking something they shouldn’t have done.
Every human being makes mistakes, of course. But cyber’s “people problem” isn’t just about little errors - it’s about a lack of knowledge. The alarming fact is that there aren’t enough professionals out there with expertise to rectify the situation. In fact, the world is about 4 million experts short of having enough hands on deck to secure a safer landscape.
Moves are being made to steer more people into cybersecurity careers from a young age- but until these vacancies are filled, companies need to take steps to look after themselves. And that involves training up their staff to learn as much as possible about cybersecurity from the moment they sign up.
Smart phishing
Even the most old school cyber attacks will gain a new lease of life in the next year.
Phishing is the most popular form of attack because it’s automated, simple and effective. Nearly 50% of all emails sent in 2022 were spam, and whilst most will be picked up by the filter or thrown aside by users, these attacks have been getting smarter and more convincing over the past couple of years. AI software will turbocharge their impact further.
Artificial Intelligence has become advanced enough that it can be weaponised to bypass security systems - and one of the main ways we’ll see this tool being utilised over the coming months is through increasingly cunning messages.
Branding, formatting and language of emails can all be imitated perfectly by AI, eliminating the sloppy errors a person might make but without losing that crucial “human touch” required to convince a recipient this email is genuine.
If users weren’t already erring on the side of caution with email monitoring, now is the time to really embrace the Zero Trust theory: If something doesn’t look quite right, it’s probably not your imagination.
Budgeting for attacks
Whilst some businesses are unprepared for cyber attacks, others are just resigned to suffering a breach at some point in 2024 - such is the current state of affairs.
With most businesses likely to experience a hack at some stage, some firms are actually factoring ransomware and recovery costs into their operating budgets - treating cyberattacks as the price of doing business.
Whilst that might seem fatalistic, it doesn’t have to be. Regarding attacks as inevitable can be positive if you take the necessary steps to safeguard a business. If you expect to get breached, you can transform the whole philosophy of a brand from top to bottom - embracing a safe, cautious, trust-absolutely-nothing policy that protects the company in the most effective way.
Go slow, steady and suspiciously into 2024 - because the cyber threat is only going to get more serious as we tick along.