Happy New Year! As we usher in 2024, the cyber threat landscape is evolving at an unprecedented pace, and cyber security leaders have much to synthesize and respond to.
The stakes have never been higher. Across organizations, data constitutes 90% of intangible asset value and the average cost of a data breach is estimated at $4.45 million. In other words, there’s much to lose if security measures aren’t adequate.
If you’re feeling overwhelmed, we’re here to assist you in shifting gears. We’ve outlined a handful of the key cyber security trends that you’ll want to keep track of as you fine-tune your security plans for the year ahead. Here’s what to expect…
1. Next-level phishing attacks. We can’t ignore the fact that phishing is the most common launch-point for cyber crime, and that generative AI is likely to heavily influence this type of cyber criminal activity in 2024. Threat actors are already using ChatGPT to help them compose phishing messages, and to increase the overall volume of operational phishing campaigns.
In other next-level phishing trends, cyber criminals are increasingly adopting multi-stage phishing attacks, combining email and phone calls. But the newest frontier for phishing is actually “3D attacks,” where phishers not only weaponize email and phone calls, but also use video.
As deepfake technologies become widespread, hackers will be able to use them to visually impersonate the trusted contacts of targeted individuals.
2. Increased use of zero days to target multiple organizations. In 2023, a record number of zero days were uncovered. And to that effect, zero day brokers are multiplying, making it even easier for hackers to obtain exploits.
Cyber criminals leverage zero days because they can be used to target a large number of organizations at once. For instance, a zero day flaw was deployed to execute the MOVEit transfer supply chain attack, which ultimately affected more than 2,000 organizations.
Cyber security analyses show that ransomware groups are now aggressively leveraging zero day vulnerabilities, highlighting the threat to entire industries and ecosystems.
3. Stealthy supply chain attacks. Does your organization take the reality of supply chain threats seriously enough? As supply chains become increasingly interconnected and technology dependent, cyber adversaries will seek new means of exploiting these critical systems.
Organizations that fail to future-proof systems against cyber supply chain threats may see their own demise, along with the collapse of their industry, diminished marketplace results, and other challenging repercussions.
4. CISO, CSOs and CEO collaboration. C-levels will need to forge stronger connections with their counterparts, yielding unprecedented levels of collaboration.
This enhanced collaboration will be driven by a growing awareness among C-level executives about the critical aspects of risk prioritization, budget optimization and the need for proactive investments in cyber security.
In advancing collaborative efforts, C-levels will not only enhance security, but also establish a robust foundation for addressing wider issues around business resilience.
5. Cyber security increasing at the board level. Because cyber risk is intricately intertwined with overall business risk, and has the potential to influence enterprise continuity, both vendors and Chief Information Security Officers are placing increased emphasis on educating boards.
In anticipation of the critical role of cyber security expertise in board decision-making, there’s a trend towards mandating the inclusion of at least one member with proficiency in cyber security.
Projections from Gartner indicate that by 2026, an estimated 70% of corporate boards will have a cybersecurity-savvy member, underscoring the extent to which cyber security knowledge is now needed for effective governance.