As AI technology fundamentally changes the way businesses operate, cyber criminals are also reaping the benefits, exploiting new tools to develop ever-evolving forms of cyber attacks.
If it were measured as a country, cyber crime would be the world’s third largest economy after the US and China, according to leading industry research body Cybersecurity Ventures, which estimates that cyber crime will cost organisations around the world US$9.5 trillion in 2024 – a mind-boggling $18 million per minute.
This includes not just the theft of money and data, but also the cost of business disruption and reputational damage, forensic investigation, restoring hacked computer systems, and lost productivity, amongst other elements [i].
Many businesses plan to invest more in cyber security and risk management in 2024, especially those in financial services and other sectors which routinely handle large financial transactions and sensitive client information.
Here are the five cyber security trends every business owner should know about.
1. AI as a Cyber Security Tool
While AI enables sophisticated phishing campaigns and convincing deep fakes, it also has the potential to detect and prevent cyber attacks more quickly and efficiently through the development of faster, better detection and response tools, and its ability to monitor and manage huge volumes of data.
The combination of AI and machine learning could be particularly useful for financial services organisations, making it easier to identify patterns of fraudulent activity hidden like the proverbial needle in a haystack within vast numbers of transactions.
Ransomware made headlines in 2023 as organisations across a diversity of sectors were targeted, and the threat shows no sign of abating in 2024.
In the UK, a ransomware attack that disrupted Royal Mail’s international services was reported in January 2023 [ii], while an attack on outsourcing company Capita in March 2023 resulted in around 90 organisations claiming that their data had been breached [iii].
There’s a question mark over exactly how ransomware will evolve in 2024, but analysts have no doubt that it will remain one of the biggest cyber security threats facing businesses. Some ransomware groups are even outsourcing their expertise in infiltrating corporate networks and blocking access to data to other criminal outfits in a trend dubbed Ransomware-as-a-Service (RaaS) [iv].
3. Zero day vulnerability
Analysts predict an increase in cyber security attacks that target multiple organisations at once through the exploitation of ‘zero-day vulnerabilities’ – that is, flaws in operating systems which are unknown to the software developers, the businesses using the software, their IT partners, or any other stakeholder who could raise a red flag.
The term ‘zero-day vulnerability’ refers to the developers having had ‘zero days’ to patch the system because they are unaware the fault exists.
In May 2023, Progress Software disclosed that they had discovered a zero-day vulnerability in their MOVEit Transfer enterprise file transfer tool, which was used by organisations around the globe.
A ransomware and extortion group had taken advantage of the weakness in the technology to steal sensitive client data.
More than 1,000 organisations are estimated to have been impacted by the massive data breach, including a significant number of financial services-related organisations [v].
4. Cyber security staff training
Business owners are becoming more concerned about mitigating risk by ensuring staff across all areas of their operations are able to recognise cyber security threats and are educated on best practice.
Considering more than 9 out of 10 successful cyber attacks stem from action by an end-user within a business, such as clicking on a malicious link or responding to a phishing email, coupled with the fact that IT Support teams are faced with continuously evolving threats, more and more organisations are investing in regular and ongoing staff cyber security training.
5. Multi-pronged cyber security strategies
Business leaders are becoming more informed, strategic and pro-active about technological threats, a trend that will continue in 2024.
As well as ensuring all staff are updated regularly about potential security issues, businesses are adopting comprehensive multi-pronged cyber security strategies which include risk-based vulnerability management, documented disaster recovery plans, and Managed Detection and Response (MDR) systems.
As a specialist MSP and IT Partner working with the Alternative Investment industry since 2006, Tribeca utilises the latest technology to protect businesses against cyber crime.
We can help you develop an in-house Cyber Security Incident Response Plan and provide best-in-class staff training. Get in touch today.