Business urged to increase cyber resilience as 2024 set to deliver new threats

Businesses across the world have been told that 2024 is likely to see cyber threats becoming ever more sophisticated and complex  and will evolve quickly with new technology like AI becoming increasingly advanced every day.

As such companies have been told the need to cultivate a security culture has never been more important. The warning has been issued by security awareness training business KnowBe4 which has published the predictions of its EMEA experts for the year ahead.

The predicted cybersecurity trends include:

Cloud service attacks: A rise in attacks on cloud services unfortunately means that we will see successful attacks on either cloud providers or cloud-based applications or both. This will potentially result in loss of availability of services, breach of personal data and intellectual property. It is interesting to note that the UK is the most targeted country in EMEA and therefore has a higher likelihood for attacks.

Collaboration and information sharing: “We will see an increased focus on collaboration and information sharing between national and international cybersecurity agencies; and ultimately between public and private partnerships to combat cybercrime, address nation and state threats; and to proactively detect and respond to emerging cyber threats,” according to the report.

Legislation on AI: The report adds much needed legislation on AI, more specifically generative AI, will come to fruition throughout Europe in the next year. “The laws are incredibly vague at the moment leaving them open for misinterpretation and abuse by organisations. The Digital Service Act and the proposed European Union AI Act are some of the legislation that will force generative AI providers in the EU to be more transparent and adhere to disclosure requirements, which will bring about clarity for organisations in terms of what is and isn’t allowed.

“Similarly, Africa lacks AI legislation right now. However, three African countries, Mauritius, Egypt and Kenya, have made efforts to advance policy documents dedicated specifically to AI.

“In contrast, the Dubai International Financial Centre (DIFC) has already enacted amendments to its Data Protection Regulations earlier this year. New requirements on the processing of personal data via autonomous and semi-autonomous systems, like AI, were introduced and were applicable as of 1 September 2023. This marks some of the first legislation in the UAE with regards to AI.”

Ransomware attacks to aim for supply chain services:  KnowBe4 said ransomware cybercriminal groups will continue to increase their attacks but will be more targeted and work to attack supply chain services to disrupt and damage organisations around the world.

Internal training and AI to lessen the cybersecurity skills gap: According to ISACA, the EU currently has a shortage of between 260,000 to 500,000 tech workers. Microsoft’s Digital Defense Report shows that the demand for cybersecurity skills has grown by an average of 35% in Africa in 2022 alone, and a recent study by Trellix found that 66% of IT managers in the UAE and Saudi Arabia think that their organisations do not have the right people or processes in place to be cyber resilient.

“This gaping hole in skills shortage is not going to be filled any time soon, leaving organisations vulnerable to cyber attacks,” KnowBe4 explained. “Organisations will have little choice but to employ tech workers with less desired qualifications and certifications to attempt to combat cybercrime. In addition, they will continue to fill the skills gap by training employees across departments to become the human firewall against cyber-attacks; and using AI-powered defence for better threat detection and incident response.”

Disinformation campaigns to lead to extortion schemes: KnowBe4 said disinformation campaigns will be used to launch attacks or distract from ongoing attacks. “We can expect to see related service offerings on the dark web, giving rise to disinformation as a service. This will impact politics and the private sector. Disinformation becomes a tool in the tool set of cybercriminals seeking to extract money from legitimate private businesses through extortion schemes. Attackers will increase their use of deep fakes, including video and voice.”

Cyber resilience will become a priority: KnowBe4 explained: “Ensuring that organisations continue to function despite cyber-attacks will continue to be a top strategic priority for many, acknowledging that having such a strategy in place is vital. Organisations will place greater emphasis on developing and nurturing a security culture, as it’s one of the best ways to protect their data and systems from cyber-attacks; and to ensure that attacks are detected and reported quickly if successful.”

“Cyber-attacks like phishing are getting more difficult to detect,” said Stu Sjouwerman, CEO, KnowBe4. “It is imperative that employees keep the threat of phishing attacks top of mind and not become complacent. This is only made possible by recurrent security awareness training and simulated phishing so that end users have the knowledge to identify phishing attacks, report them and better protect their organisations. It comes down to building a strong security culture and we will see organisations continue to focus and build on this in 2024.”

Companies have been told the need to cultivate a security culture has never been more important. The warning has been issued by security awareness training business KnowBe4 which has published the predictions of its EMEA experts for the year ahead.