It is probably never more important to stay current with the most recent developments in cyber security than in 2024. For the first time, Financial Services Provider Allianz named cyberattacks as the year’s biggest threat to businesses in the United Kingdom and a major concern for all sizes. But, many professionals are still unknowing about what the events from Q1’s Q1 reveal about the digital landscape for the remainder of the year, which may have important consequences.
AI, zero days, and IoT protection are the three most important trends in digital protection, according to TechRepublic’s consultation with U.K. industry experts.
1. advanced cyberattacks using AI
The U.K.’s National Cyber Security Centre warned in January 2024 that attacks were expected to increase as the risk of malware was spread around the world as a result of the presence of AI technologies. The threat to U. K. companies is particularly pronounced, with a new Microsoft report finding that 87 % are possibly “vulnerable” or “at great risk” of cyber problems. The Minister for AI and Intellectual Property, Viscount Camrose, has particularly highlighted the need for U. K. businesses to” step up their digital safety plans”, as it is the second most qualified country in the world when it comes to digital attacks, after the U. S. and Ukraine.
James Babbage, the director standard for threats at the National Crime Agency, said in the NCSC’s write-up:” AI services lower barriers to entry, increasing the number of computer criminals, and will increase their ability by improving the scale, speed and effectiveness of existing attack methods”.
Criminals can use the technologies to launch more compelling social engineering schemes and get preliminary network access through the network. Big language versions and conceptual AI will increasingly be offered in underwater forums as a paid service, and they will be used for a variety of purposes, including phishing campaigns and spreading deception, according to Google Cloud’s worldwide security estimates report.
SEE: Top AI Predictions for 2024 ( Free TechRepublic Premium Download )
Jake Moore, the global cybersecurity expert for ESET, has been researching real-time cloning software that uses AI to replace a video caller’s face with someone else’s. He stated via email to TechRepublic that” this technology, along with impressive AI voice cloning software, is already beginning to question the legitimacy of a video call, which could have a devastating effect on businesses of all sizes.”
Due to the “potential for synthetic voice misuse,” OpenAI announced on March 29, 2024 that it was taking a” cautious and informed approach” when making its voice cloning tool available to the general public. With just 15 seconds of recorded audio, the model called Voice Engine is able to convincingly replicate a user’s voice.
” Malicious hackers typically manipulate their victims through a variety of methods, but impressive new technology without boundaries or regulations is making it easier for cybercriminals to influence people for financial gain and add yet another tool to their ever-growing toolkit,” Moore said.
The staff should be reminded that verification is still the key to security and that we are entering a time when seeing is not always believing. All staff members need to be aware of ( real-time cloning software ), which is about to explode in the next 12 months, and policies should never be cut shy in favor of spoken instructions.
2. More successful zero- day exploits
According to government statistics, 32 % of UK businesses were the victim of a known data breach or cyberattack in 2023. Enterprise attacks will continue to be particularly frequent in the U.K. this year, according to Raj Samani, senior vice president and chief scientist at unified cyber security platform Rapid7, but he added that threat actors are also more sophisticated.
He stated in an email to TechRepublic that “one of the most emergent trends over 2023 that we are seeing continue into 2024 is the sheer number of exploited Zero Days by threat groups.” We ordinarily would not have anticipated having such capabilities.
The demand for faster priority-tracking of security update priorities is what this means for the U.K. cybersecurity sector. Organizations of all sizes must adopt a method to improve the identification of crucial advisories that impact their environment and that they consider context when making these decisions.
The speed with which patches are applied will likely need to be prioritized, for instance, if a vulnerability is being exploited in the wild and there are no compensating controls if it is being exploited by, for instance, ransomware groups.
SEE: Top Cybersecurity Predictions for 2024 ( Free TechRepublic Premium Download )
The U.K. government’s “Cyber security breaches survey 2023” found declines in the key cyber hygiene practices of password policies, network firewalls, admin rights, and restrictions on applying software security updates within 14 days. The laxness significantly increases the range of targets that cyber criminals are able to target, and it highlights the need for improvement in 2024, despite the data’s largely reflecting shifts in micro, small, and medium businesses.
” Personal data continues to be a hugely valuable currency”, Moore told TechRepublic. ” Once employees let their guard down (attacks ) can be extremely successful, so it is vital that staff members are aware of ( the ) tactics that are used”.
3. Renewed focus on IoT security
By April 29, 2024, all IoT device suppliers in the U. K. will need to comply with the Product Security and Telecommunications Act 2022, meaning that, as a minimum:
- Devices must be password enabled.
- Consumers can report security problems without a doubt.
- The duration of the device’s security support is disclosed.
Although this is a good thing, many businesses still rely heavily on outdated equipment that may no longer receive support from their suppliers.
In an email, Moore wrote to TechRepublic that” IoT devices have far too frequently been packaged up with weak, if any, built-in security features, so (users ) are on the back foot right away and frequently do not realize the potential flaws.” Additionally, security updates are frequently infrequent, which puts additional risks on the owner.
Organizations relying on legacy devices include those that handle critical national infrastructure in the U. K., like hospitals, utilities and telecommunications. It is not uncommon within the CNI sector to find aging systems with long operational lives that are not routinely updated, monitored, or evaluated according to evidence from Thales submitted for a U.K. government report on the threat of ransomware to national security. According to additional evidence from NCC Group, “OT ( operational technology ) systems are much more likely to use components that are 20 to 30 years old and/or older software that is no longer supported” ( p. These outdated systems expose essential services to disruption.
34 of the 39 most popular IoT exploits have been present in devices for at least three years, according to IT security company ZScaler. Additionally, according to Gartner analysts, 75 % of businesses will have legacy or unmanaged systems that perform mission-critical tasks by 2026 because they have not been included in their zero-trust strategies.
IoT owners should be aware of the risks when putting any internet-connected device in their business, but it is crucial to make IoT devices more secure from the design stage, as it could eliminate a lot of the common attack vectors, Moore said.
