Written by Jacqueline Jayne, Security Awareness Advocate APAC at KnowBe4.
Cyber threats are more sophisticated and complex than ever and evolving quickly with new technology like AI becoming increasingly advanced every day.
Cultivating a solid security culture is paramount to strengthen an organisation’s human firewall.
The top predicted cybersecurity trends for 2024 include:
- AI-related cybercrime and defence methods to increase
Bad actors will improve their ability to use AI to augment cybercrime sprees through the automated generation of social engineering attacks and improved scalability of campaigns. AI and ML tools will be used to analyse massive amounts of data available publicly and through breach dumps available in dark web marketplaces, allowing detailed profiles of individuals to be built, enabling much more targeted attacks on employees and individuals. On a positive note, defensive tools using AI will help to improve cybersecurity defences. Many cybersecurity companies have been using and improving their use of AI over the last 10 years. AI used by good actors will improve cybersecurity tools and responses.
- Ransomware attacks to aim for supply chain services
Ransomware cybercriminal groups will continue to increase their attacks but will be more targeted and work to attack supply chain services to disrupt and damage organisations around the world.
- A cooling economy will impact security programs and business continuity plans
Potential losses due to cybercrime paired with a potentially cooling global economy will threaten earnings and will drive companies to review and revise their security programs and business continuity plans. These reviews will be executed to ensure that a cybercrime event does not threaten to bankrupt their company.
- Increased focus on collaboration to combat cybercrime
Due to the global nature of cyber threats, particularly as a tool to aid in warfare, there will be an increased focus on collaboration and information sharing among national and international cybersecurity agencies. This will also trickle down into greater public-private partnerships, and will be used to combat cybercrime, address nation-state threats, and proactively detect and respond to emerging cyber threats.
- Disinformation campaigns to lead to extortion schemes
Disinformation campaigns will be used to launch attacks or distract from ongoing attacks. We can expect to see related service offerings on the dark web, giving rise to disinformation as a service. This will impact politics and the private sector. Disinformation becomes a tool in the tool set of cybercriminals seeking to extract money from legitimate private businesses through extortion schemes. Attackers will increase their use of deep fakes, including video and voice.
- The conversation in APAC will continue to focus on cyber incidents where more individuals will find themselves caught up in data breaches.
- The challenges faced by organisations in 2023 will continue in 2024. Challenges such as pushback from end users, getting support from the top for Security Awareness Training programs, and the intent of getting everyone to understand that cyber security is everyone’s responsibility.
- The cyber industry will continue to need to educate business units outside of IT such as leadership teams, HR, Communications and Marketing etc. on their critical role when it comes to cybersecurity.
Cyber attacks like phishing are getting more difficult to detect.
It is imperative that employees keep the threat of phishing attacks top of mind and not become complacent.
This is only made possible by recurrent security awareness training and simulated phishing so that end users have the knowledge to identify phishing attacks, report them and better protect their organisations.
It comes down to building a strong security culture and we will see organisations continue to focus and build on this in 2024.