In 2023, the average cost of a data breach in the UK increased by 8.1%, resulting in a total cost of £4.56 million. As we approach 2024, Danny Jenkins, CEO of ThreatLocker, reveals his predictions of the issues that will continue to face businesses throughout the year.
Every new year brings new challenges for the cybersecurity industry – and experts have long been warning of the need for serious action in order to stem the tide of increasing attacks. 2023 was proof of that.
The UK is now the world’s third most targeted country for cyber attacks – with Greater Manchester Police, The Royal Mail, the NHS, and even the UK electoral commission succumbing to breaches over the past 12 months.
Ongoing worldwide conflicts and the rapid evolution of AI has diversified and increased the types of threats the UK now faces – leaving the country with more issues to address as we head into a new calendar year.
Here are some of the topics and challenges that will prove prominent in cybersecurity in 2024.
Cyber Skills Gap
With human error remaining one of the largest contributors to cyber attacks and 9 out of 10 of all data breaches being caused by employee mistakes, the pressing issue of the cyber skills gap will continue to threaten businesses into the new year if the digital literacy of employees is not addressed.
However, phishing attacks, weak passwords and social engineering are just a small part of the wider issue facing the cyber security of businesses. Recruitment and retention of cyber security professionals as a whole is plaguing the industry.
Internal issues like workload complexity, staffing shortages and budget deficits combined with external issues like the dangerous threat landscape and regulatory compliance challenges have made this profession progressively more difficult.
The Challenges of AI in Cyber
This year, AI has been one of the most talked about trends across the technology industry following its recent advancements. One thing that makes it more of a threat to the cyber security sector is the ability for natural language and closeness to match human ability.
AI also makes it more difficult to recognise phishing attempts by removing language barriers – producing a clearer, cleaner message that may be misconstrued as legitimate.
Previously AI has been a tool developed by machine learning and driven by data, but as it’s continued to rapidly develop, the ability to simulate human behaviour has become apparent. AI now has the ability to write malware and make it easier for cyber criminals to access code they would only usually see on the dark web.
During a testing phase, we compared a piece of code found online against one created in ChatGPT, both pieces were functional and looked almost identical. When ran through the system, the piece found online was blocked, however the ChatGPT code infiltrated the system. Security measures need to continue to advance alongside the development of AI in order to maintain effectiveness and mitigate threats.
State Sponsored Cyber Attacks
As nations continue to advance their cyber security capabilities, defending against state-sponsored attacks is becoming a critical aspect of cyber security strategies. Co-ordinated attacks by governments and their intelligence agencies are becoming more frequent and sophisticated, especially during times of war.
2024 will see more attacks carried out by state-actors, and these need to be expected and defended against.
Readiness for Threats
It’s becoming more apparent that in the aftermath of a cyber attack, businesses are finding themselves more likely to contemplate paying the ransom for their data. With high chances of being attacked, companies are factoring ransom payments into their budget and business strategy, rather than increasing funding for their cyber security defences.
This decision often stems from the immediate need to regain access to their accounts and data in the face of operational disruption and financial losses, but this approach creates a problematic cycle. Paying ransom incentivises cybercriminals to persist and continue to attack. The reluctance to invest in more robust cyber security measures poses long-term risks to businesses as it does not address the root cause of vulnerabilities within the companies systems and leaves them, and others, more susceptible to future threats. A proactive and comprehensive approach towards cyber security is essential to mitigate threats effectively.
Businesses are also operating in the naivety of thinking they won’t be attacked because the data they hold is not important enough and they don’t operate in a target-rich area. However in 2023, we saw an attack carried out on the British Library. Although businesses in the public sector are slightly less at risk of an attack than those in the private sector, it’s crucial that their legacy IT is updated regularly and continues to evolve to match the increasing threat level.
Cyber Regulations
As we continue to see advancement in cybersecurity and the abilities of cybercriminals, Governments and organisations need to be more aware of the risk to the national sector posed by cyber threats.
We’ve seen the introduction of more resilient and robust cyber security strategies over the last year, put in place by governing bodies globally.
It’s predicted that during 2024, more countermeasures will be developed and set out for businesses to follow in order to continue to operate against the threat of cyber attacks. Strategies such as this need to be a priority for government organisations and continuously be assessed and developed.
Supply Chain Attacks
One thing I think we’ll see more of in 2024 is not just supply chains being attacked, but more supply chains being responsible for breaches. You have so many pieces of software running on your computer that all have access to all your data, most people don’t realise just how much software they have.
What we’re going to see more of, as we did last year, is either through vulnerabilities or weaponization – as we saw with 3CX – is that supply chain attacks are going to happen through the software being used already.
It’s going to be a challenging year – but implementing a serious cybersecurity strategy is the first step towards successful defence.
