Edition Five
Technology Predictions 2024:
Security
Cyber Security or Cyber Resilience: A Double Imperative for Business
By the end of the coming year, the cost of cyber-attacks on the global economy is predicted to top £8.6 billion.
As in every other field of business and personal life, AI will have a significant role to play on both attack and defence. Add to this the fact that we will continue to see more sophisticated AI-powered attacks from deepfake social engineering to automated malware that intelligently adapts to evade detection.
Next-Level Phishing Attacks
Social engineering attacks involve tricking users into giving attackers access to systems and in 2024, Generative AI (such as ChatGPT) tools enable more attackers to make smarter, more personalised approaches, where deepfake attacks will become increasingly prevalent.
Protection against this will largely depend on investment into organisation-wide awareness and education with zero trust policy implementation.
Cyber Security from the Top
In 2024, cybersecurity can no longer be limited to the IT department. Gartner predicts that by 2026, 70 percent of boards will include at least one member with expertise in the field. This enables organisations to move beyond reactive defence, meaning that they can act on new business opportunities that come with being prepared from the top of the organisation down.
IoT Cyber Attacks
More devices talking to each other and accessing the internet means more potential “ins” for cyber attackers to take advantage of. With the work-from-home trend continuing, risks posed by remote working and sharing data over improperly secured devices will continue to be a threat.
Often, these devices are designed for ease of use and convenience rather than secure operations, and home consumer IoT devices may be at risk due to weak security protocols and passwords.
Cyber Resilience – no hiding behind terminology
Cyber security and cyber resilience. The distinction will become increasingly important during 2024 and how to achieve both to the highest standards of consistency.
While the focus of cyber security is on preventing attacks, the growing value placed on resilience by many organisations implies that even the best security can’t guarantee 100 percent protection.
Resilience measures are designed to ensure continuity of operations even in the event of a successful breach. Developing the capability to recover quickly while minimising data loss and downtime will be a strategic priority in 2024.
Nothing Less Than Zero Trust
The basic concept of zero trust – always verify – is about an attitude that no network activity can be assumed to be 100% safe.
As the threat landscape evolves, this principle must extend outside of the corporate network to the organisational infrastructure of remote workers, partners and IoT devices. In 2024, zero trust moves from being a technical network security model to holistic.
Gartner predicts that by 2026, 70 percent of boards will include at least one member with expertise in the cyber security field.
Cyber Security Professionals will get Soft
Cybersecurity professionals will be expected to take on more complex workloads during 2024 as the threat landscape grows ever more sophisticated, and not just in a technical sense.
They will tasked with more complex social and cultural aspects of threat mitigation with a growing focus on soft skills such as interpersonal communication, relationship-building and problem-solving.
Cyber Security Regulation
Governments and organisations are becoming increasingly aware of the risks to national security and economic growth posed by cyber threats. The potential social and political fallout of large-scale data breaches is also a major factor in the emergence of new regulations around cyber security issues.
For example, businesses in the UK have until April 2024 to ensure they are compliant with the Product Security and Telecommunications Act, which sets out minimum security requirements that networked products must adhere to. Implementation of the EU’s similar Radio Equipment Directive has been delayed until 2025, but the topic is still likely to be high on the agenda of legislators throughout 2024.
Businesses in the UK have until April 2024 to ensure they are compliant with the Product Security and Telecommunications Act, which sets out minimum security requirements that networked products must adhere to.
Adapting Backup Strategies in a shifting
Cyber Landscape
Summarising the good, the bad and the accidental.
The good
AI empowers Cybersecurity Teams In a world where professionals face increasing stress and alert fatigue.
In the UK, 51% of workers report stress, 61% feelings of anxiousness and 74% of adults have felt overwhelmed by burn out, especially in the cyber security vertical where one alert could be the difference between your business trading merrily or the front page of the financial times with a £20million fine on its way from the ICO.
Alert increase has actually got in the way of effective threat investigation. False positives, point product alerting systems, lack of context, and resource constraints have all strained resources.
AI and machine learning alleviate these challenges by providing context to alerts (for example Proofpoint’s Threat response) reducing the workload for professionals and directing their focus to critical threats. This approach not only enhances efficiency but also helps prevent costly cyber incidents.
AI's speed in incident response is another benefit. It can quickly learn network topology, detect anomalies, and deploy throughout a network with ease. This agility can make the difference between thwarting an attacker and facing business collapse.
AI automation allows for economic growth while bolstering protection. The cybersecurity industry currently faces a skills shortage, with a plethora of job vacancies. AI can be trained to respond to attack patterns, enabling teams to focus on upskilling and strategic initiatives that safeguard company revenue and drive business growth.
The bad
AI poses risks when misused by malicious actors. Ransomware-as-a-Service (RaaS) has become more prevalent and affordable, with subscription costs as low as £30 per month.
Cybercriminals will increasingly leverage AI to develop ransomware, identify vulnerabilities, and enhance encryption making it challenging for cybersecurity professionals to combat these threats effectively.
Phishing and social engineering will escalate, with generative AI creating highly convincing emails tailored to specific individuals based on their roles and characteristics. Voice cloning technology, known as vishing, is already being used to impersonate public figures, celebrities, and CEOs for illicit financial gain.
Companies utilising AI for model creation and research and development attract more attacks for data extraction. The growing sophistication of malicious actors and nation-states in targeting these organisations raises significant concerns.
The accidental
Perhaps the most worrying aspect of AI is the potential for unintended consequences due to inadequate governance.
This is where human intervention, management and skill set capacity is the real critical topic which needs to be at the top of the Boardroom security agenda for all businesses in 2024.
