via Gallagher
UK lawmakers have called on the government to take effective action to tackle cyber-attacks, which have not only become a threat to organizations worldwide, but also to national security. Cybercrime is now part of everyday life and with attacks also becoming more widespread and more sophisticated, the challenge of defending against cyber threats is greater than ever.
Here are some of the greatest cybersecurity challenges we can expect to see in 2024 and beyond — and what organizations can do to protect themselves.
AI-Powered Attacks
This year, we can anticipate the emergence of AI-powered cyber-attacks that can autonomously identify vulnerabilities, adapt to security measures, and exploit weaknesses in real-time. These attacks will be highly disruptive, as they can evade traditional security measures and cause significant damage.
In addition, sensitive data entered into an AI-powered chatbot (unintentionally or intentionally) can result in exposure of this data to the public, threat actors, or competitors. Even more concerning, perhaps, is the ability of attackers to manipulate AI models by injecting inaccurate data. Security policies should address the challenges of using AI, prohibit its use when necessary, and include monitoring systems to identify and mitigate associated risks.
Biometrics Hacking and Deepfakes
The UK experienced a 300% rise in deepfake cases from 2022 to 20232.
Biometrics verification and authentication have become widely adopted in recent years, but despite using an individual’s unique features, they are not fool-proof. Determined hackers can still gain access to fingerprint and captured facial recognition information. Biometrics can also be ‘stolen’ by capturing an individual’s likeness using photographs, video, or audio recordings — recreating the content to trick a biometrics system.
Taking these methods even further, fraudsters can slice a recording into syllables and sounds, then use AI to create sentences from these building blocks, which can be manipulated to produce deepfake audio or video content. We predict these types of attacks will become more successful in 2024. Organisations and individuals must be vigilant and verify the authenticity of media content before accepting it as true or sharing it.
Phishing and Its Various Guises
79% of UK businesses that suffered a cyber-attack in 2023 identified phishing as the cause.
Phishing remains a pervasive cybersecurity challenge for organisations of all sizes, whereby attackers attempt to trick individuals into disclosing sensitive information or performing unauthorised actions. These tactics include spear phishing (fraudulent personalised messages), search engine phishing (manipulating search results), business email compromise (impersonating executives) and clone phishing (replicating legitimate sources), to name a few.
The ever-growing range of phishing techniques highlights the importance of implementing strong cybersecurity measures to safeguard against constantly evolving threats. AI platforms are amplifying the threat of phishing, as attackers can use AI to craft more convincing scam messages and fake content.
Internet of Things (IoT) Exploitation
The proliferation of IoT devices has significantly expanded the attack surface for cybercriminals and many of these devices lack sufficient security. In 2024, we should be prepared for a surge in attacks wherein hackers target vulnerable devices to gain unauthorized network access or launch large-scale distributed denial-of-service (DDoS) attacks.
As IoT devices become more integrated into critical infrastructure, the risk of attacks rises along with the potential for bigger financial losses and disruption to essential services. Individual and organizations must prioritize IoT security by implementing strong authentication protocols, regularly updating firmware, and conducting thorough vulnerability assessments.
Quantum Computing
45% of organizations are already preparing for quantum computing cybersecurity risks4.
Quantum computing has gained momentum as it leverages the principles of quantum mechanics to solve problems considered impossible for traditional computers. However, quantum computers have the capability to break current encryption algorithms, rendering traditional cryptographic methods obsolete. Cybercriminals can exploit this technology to decrypt sensitive data or forge digital signatures. To counter this threat, organizations should explore quantum-resistant encryption methods and invest in post-quantum cryptography.
Supply Chain Attacks
Only 13% of businesses say they review the cyber risks posed by their immediate suppliers, and just 8% are looking at their wider supply chain.
Cybersecurity in supply chains is still an area where organizations lack awareness, despite the rise and severity of attacks. In 2024, supply chain attacks like the 2020 SolarWinds breach6 are expected to become increasingly disruptive. These types of attacks see cyber-attackers target supply chains to reach multiple victims in one hit via software providers and hardware manufacturers. Attackers insert malicious code or hardware into products, compromising the entire supply chain, and potentially creating back doors for future cyber-attacks. Organizations must prioritize supply chain security to mitigate this risk by thoroughly vetting third-party vendors and suppliers and ensuring software is regularly updated.
