By the end of 2024, experts predict that cyberattacks will cost the global economy somewhere in the region of $10.5 trillion. This staggering sum highlights the need for people, businesses, and governments to treat cybersecurity as a strategic priority.
As in virtually every other industry, artificial intelligence is having a huge impact on cybersecurity, affecting both attack and defense. In recent years, there has been a remarkable surge in technological advancements across various domains, with the realm of cybersecurity being no exception. As we approach 2024, it’s essential to highlight several critical cybersecurity challenges that businesses must prepare for and defend against.
1. The Cybersecurity Skills Gap
As in many other industries, the cybersecurity sector is plagued by a significant shortfall in professionals with adequate experience and skills to protect businesses against cyberattacks. Indeed, research suggests that the situation is growing worse. According to a report by Forbes, 54 percent of cybersecurity professionals concur that the impact of skill shortages within their organizations has deteriorated in the past two years. Experts predict that efforts to remedy this situation will include continued salary increases for workers with the requisite skills, as well as greater investment in training, upskilling, and development programs.
2. End-Users and Remote Workers
Despite the considerable attention given to external threats, the internal threat posed by end-users is frequently underestimated. However, it’s crucial to recognize that end-users, who have authorized access to data, can indeed pose a significant risk. Their varying levels of permissions, tech-savviness, and motivations can lead to breaches, whether inadvertently or maliciously. The problem has been exacerbated by a significant increase in the number of remote workers, placing the onus on businesses to not only ensure the security of their on-site cybersecurity systems but also those of their employees’ home networks. At the same time, they must provide adequate training and enforce stringent security protocols.
3. Supply Chain Software Attacks
Cybercriminals are increasingly infiltrating businesses by targeting their supply chain through trusted suppliers and vendors. This indirect route enables them to inject malicious code into software or infect software updates, causing widespread breaches. Take, for example, SolarWinds, which found itself the victim of a devastating cyberattack when hackers injected malicious code into the company’s widely used Orion software. Consequently, 18,000 SolarWinds customers were affected when an update was rolled out, which included the injected code. The attack had far-reaching consequences, impacting numerous companies and government agencies worldwide. To mitigate this type of risk, companies must implement comprehensive strategies, including maintaining detailed inventories of software components, employing strict access controls, prioritizing secure software development practices, and using application software testing tools.
4. Automotive Hacking
Modern vehicles come loaded with an array of automated software, providing seamless connectivity for drivers, and controlling everything from engine timing and cruise control to door locks and airbags. Nonetheless, the reliance of these vehicles on Wi-Fi and Bluetooth technologies for communication opens opportunities for hackers. Experts anticipate that as the utilization of automated vehicles continues to grow, the incidents of hackers gaining control of vehicles or employing microphones for eavesdropping are expected to increase through 2024. Autonomous and self-driving vehicles rely on even more complex mechanisms that demand robust cybersecurity measures.
5. Sophisticated Phishing Attacks
Experts predict that social engineering attacks that trick users into granting hackers access to systems will become more sophisticated. As ChatGPT and other generative AI tools advance, this paves the way for the development of even more intelligent and personalized approaches. It is anticipated that with these advancements, deepfake attacks will grow in prevalence. To protect against these attacks, businesses will need to increase awareness and education organization-wide, although AI and the zero trust security model will play increasingly important roles.
6. Cloud Security Vulnerabilities
Kapil Bareja, a digital and cyber risk governance leader, indicates that in 2024, businesses must prioritize cloud security, as insufficient access controls, misconfigured permissions, and vulnerabilities in cloud provider infrastructure could potentially lead to the exposure of sensitive data. Bareja warns that insecure APIs could serve as a potential entry point for hackers, making cloud security a top concern for cybersecurity-conscious businesses.
7. Misconfigurations in Cybersecurity Software Systems
Even the most advanced cybersecurity systems are likely to have at least one vulnerability in their installation and setup process. A recent study conducted by Rapid7, a cybersecurity software company, uncovered that 80 percent of external penetration tests identified misconfigurations that could potentially be exploited by hackers. These misconfigurations create vulnerabilities that could expose applications and data to the risk of breaches or cyberattacks. To guard against this, companies will need to prioritize regular maintenance, testing, and ongoing support to ensure the robustness of cybersecurity measures.
8. Mobile Devices Under Threat
Hackers are increasingly targeting handheld devices, with one study revealing a 50 percent increase in mobile banking attacks and malware. Emails, messages, images, and financial transactions all represent potential risks for consumers. The forecast indicates that smartphone malware and viruses are set to escalate as a growing threat throughout 2024 and beyond.
David Geithner 