Around this time last year, the world was enraptured by artificial intelligence (AI) and its seemingly endless use cases that could possibly project global economies into a new age. Fast forward to today and understandable scepticism and endless back and forth pertaining to regulation dominates conversation. In the world of cyber security, this topic has added importance as experts across the globe look to keep up with a new wave of AI-supported cyber crime.
According to the Identity Theft Resource Center’s (ITRC) latest report, 2023 saw the number of reported data compromises in the US increase by a staggering 78% compared to 2022, reaching 3205 individual breaches. This comes as little to surprise as we battle every day with bad actors whose arsenal has gotten stronger and more intuitive than ever before.
Already this year we have witnessed some of the most substantial cyber attacks in history, not least the aptly named “Mother of All Breaches” of Leak Lookup that happened at the end of January. Ironically a site that is set up to collate information from previous breaches. Another notable case happened at the beginning of February with bad actors utilising Deepfake technology to impersonate a CFO, the company in question lost in the region of $25 million dollars. A substantial amount of money to any business.
Put simply, with the introduction of a seemingly endless supply of AI-backed tools to help execute cyber crime, the industry of cyber security has evolved into something much more complex. It’s no longer a question of who has the better tool or in this instance the most advanced technology. It’s become an industry that now predicates itself on behavioural sciences and psychology. With this evolution comes the question, where does cyber security in 2024 go and what can businesses expect going forward?
Persistent threats
If January is anything to go by, businesses and cyber security partners should expect that 2024 could be one of those hostile years on record for them. Alongside the aforementioned threats that AI-related cyber crime poses, 2024 is an incredibly important year on the geopolitical front. The US, UK, India and even Russia all have elections scheduled throughout this year.
Businesses, irrespective of industry or country however would be naïve to think that this won’t impact them. Warring nation-states have taken to cyber crime in recent years to disrupt economies and impact the effectiveness of their rivals. The ongoing conflicts in the Middle East and Ukraine have demonstrated this with rampant cyberwarfare going on between the parties involved.
CISOs should be under no illusion that 2024 will be ‘just another year’ and should plan for quite the opposite. Cyber security is undoubtedly not the sort of investment that businesses should consider a ‘nice to have’ in 2024, it’s mandatory.
Mitigation
A lot of modern cyber security consultancy and support relies on mitigating risk. The uninitiated employee or consumer is often unaware of the volume of these risks and often how a trusted asset in that person’s life can be used against them for malicious purposes. The Deepfake CFO story no better encapsulated this, taking the image and likeness of a trusted and senior colleague to help execute the robbery.
To mitigate these risks, alongside Protective Security, a comprehensive education on the client side of what dangers they can and should expect to encounter, cybersecurity experts are focussing their attention on two key Offensive Security themes that we’ll likely see expand in 2024, those are penetration testing (Pen Testing) and Threat Intelligence.
Pen Testing has for a while now been a staple of modern cyber security measures, but typically involves, as the name suggests, testing the areas where a business and or its employees might be open to attack and either reinforcing them or educating the client on their risks.
Threat intelligence is a growing aspect of the industry, but one that has shown tremendous promise and potential in recent years.
What it entails appears simple but in essence, takes the default defensive side of cybersecurity and turns it offensive through proactive threat detection, threat hunting, and constant and holistic monitoring, and communication between client and consultant on findings and how best to implement a strategy against the risks that are unearthed.
Businesses that have the right cybersecurity experts on hand will have support that is proactively looking after and monitoring their businesses, whilst also getting into the headspace of potential bad actors who would want to harm the business financially or reputationally.
Expectations
Finally, a growing theme in cyber security that experts and service providers should expect is the maturity of their clients. As discussed, cyber security was previously deemed the domain of the techy has drastically changed and for the past few years, businesses have grown savvy to the necessary investment that is cybersecurity. What has this meant for the industry? Clients are nowadays on their second or third cyber security partner due to the maturity of the business or previous cybersecurity partners not meeting the expectations of their clients.
Businesses and CISOs have quickly become wise to what is and isn’t good service in the world of cybersecurity and with the threats being more serious than ever, service providers in this space will need to adapt to their client’s needs, the threat landscape and customer relations. As the industry continues to evolve and mature, clients’ needs will ultimately change, and these partnerships will require cybersecurity experts to be evermore present.
Cyber crime is undoubtedly evolving quickly, from the threat side as well as the organisational aspect, both of which will require renewed attention on the products they offer and how they interact with their clients going forward. One thing is for certain, 2024 is set to be an interesting and important year for the cybersecurity industry!
Newsletter
Share
