CYBER CRIMINALS will become more sophisticated next year – creating a wave of new threats for businesses, a leading expert has warned.
Roy Shelton, the CEO of the Connectus Group, said “businesses of all sizes” need to take steps to boost their defences.
Speaking to raise awareness in Cyber Security Month, Mr Shelton said: “As attacks become more sophisticated, organisations need to evolve their approach to security to stay ahead of the game.”
According to Check Point’s cybersecurity predictions for 2024 the threats broadly fall into seven categories: Artificial Intelligence and Machine Learning; GPU farming; Supply chain and critical infrastructure attacks; cyber insurance; nation state; weaponized deepfake technology and phishing attacks.
The biggest threats which are set to emerge are predicted to include:
- A rise of AI-directed cyberattacks: Artificial intelligence and machine learning have dominated the conversation in cybersecurity. Next year will see more threat actors adopt AI to accelerate and expand every aspect of their toolkit. Whether that is for more cost-efficient rapid development of new malware and ransomware variants or using deepfake technologies to take phishing and impersonation attacks to the next level.
- Impact of regulation: There have been significant steps in Europe and the US in regulating the use of AI. As these plans develop, we will see changes in the way these technologies are used, both for offensive and defensive activities.
- Hackers will Target the Cloud to Access AI Resources. As the popularity of generative AI continues to soar, the cost of running these massive models is rapidly increasing, potentially reaching tens of millions of dollars. Hackers will see cloud-based AI resources as a lucrative opportunity. They will focus their efforts on establishing GPU farms in the cloud to fund their AI activities.
- Supply chain and critical infrastructure attacks: The increase in cyberattacks on critical infrastructure, particularly those with nation-state involvement, will lead to a shift towards “zero trust” models that require verification from anyone attempting to connect to a system, regardless of whether they are inside or outside the network. With governments introducing stricter cybersecurity regulations to protect personal information, it will be essential for organizations to stay ahead of these new legal frameworks.
- The staying power of cyber warfare: The Russo-Ukraine conflict was a significant milestone in the case of cyber warfare carried out by nation-state groups. Geo-political instability will continue into next year, and hacktivist activities will make up a larger proportion of cyberattacks.
- Deep fake technology advances: Deepfakes are often weaponised to create content that will sway opinions, alter stock prices or worse. These tools are readily available online, and threat actors will continue to use deepf fake social engineering attacks to gain permissions and access sensitive data.
- Phishing attacks will continue to plague businesses. Software will always be exploitable. However, it has become far easier for threat actors to “log in” instead of “break in”. Over the years, the industry has built up layers of defense to detect and prevent intrusion attempts against software exploits. With the relative success and ease of phishing campaigns, next year will bring more attacks that originate from credential theft and not vulnerability exploitation.
- Advanced phishing tactics: AI-enhanced phishing tactics might become more personalised and effective, making it even harder for individuals to identify malicious intent, leading to increased phishing-related breaches.