Cybersecurity

What You Need To Know In 2024


I write a FORBES article called “Alarming Cybersecurity Stats: What You Need To Know” each year. Below is the updated version for 2024.

There is no doubt that 2023 was a tough year for cyber security. The amount of data breaches keeps rising from previous years, which was already very scary. An exponential rise in the complexity and intensity of cyberattacks like social engineering, ransomware, and DDOS attacks was also seen. This was mostly made possible by hackers using AI tools.

The last few years have seen a steady rise in the cost of breaches. By letting people work from home, companies created new security holes that hackers can use from their home offices. These holes made the cyber-attack area much bigger.

In addition, the prevalence of malware, and hackers in all commercial verticals has made everyone connected to the internet more susceptible to being breached. There are just too many criminal adversaries and too many entry points available to be reined in and mitigated. Unfortunately, in 2024, the cyber statistics will continue to remain alarming.

AI Everywhere and Anywhere

Most businesses lack a clear AI adoption roadmap: McKinsey.

Usage has doubled among businesses in the last year, but CIOs still have a laundry list of to-do’s to prepare the tech foundation and governance structure.

Most businesses lack a clear AI adoption roadmap: McKinsey | CIO Dive

  • “Generative AI adoption in the workplace is on the rise, but organizations aren’t equipped to guide usage adequately, according to a McKinsey global survey published Thursday. The company surveyed 1,363 organizations, 878 of which regularly use generative AI in at least one function.
  • While generative AI high performers are more likely to adhere to best practices, around 3 in 4 nonleading businesses lack an enterprise wide roadmap for generative AI, the report found. Less than 2 in 5 respondents said senior leaders understand how the technology can create value for the business.”

25 cybersecurity AI stats you should know.

25 cybersecurity AI stats you should know – Help Net Security

Security pros are cautiously optimistic about AI

Cloud Security Alliance and Google Cloud | The State of AI and Security Survey Report | April 2024

· 55% of organizations plan to adopt GenAI solutions within this year, signaling a substantial surge in GenAI integration.

  • 48% of professionals expressed confidence in their organization’s ability to execute a strategy for leveraging AI in security.
  • 12% of security professionals believe AI will completely replace their role.

CB Thoughts: We have been waiting for artificial intelligence to come along, and now it is becoming commonplace. From the McKinsey report, clearly, we are not prepared, especially with the growth of generative AI. Some of the things that went into making AI are machine learning and natural language processing, which we already use every day. AI can now understand, diagnose, and fix problems from both structured and unstructured data, and it does not always need special code to do so. It can also be used effectively for cybersecurity threat detection for recognizing aberrations in code and non-approved devices and users in the network. And AI can help SOC analysts draft reports.

The AI tech trend could affect how safe your data is. Simply put, AI improves safety in our connected world by facilitating security, analytics and making things easier orchestrate. On the other side of the coin, it can be used as an enabling tool by hackers to find gaps and automate attacks. In an asymmetrical threat world, which is a big advantage. The second article has many excellent stats; I highlighted the one on trends in security.

More Breaches Coming Our Way

In the digital world, identities have monetary value and are used for data exfiltration. Criminal Hackers go where the money is like bank robbers did earlier in our history. Report: 93% Of Organizations Had Two or More Identity-Related Breaches in the Past Year Report: 93% Of Organizations Had Two or More Identity-Related Breaches in the Past Year | CyberArk

CyberArk, a cybersecurity company released a new global research report that shows how siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems.

  • 93% of organizations had two or more identity-related breaches in the past year.
  • Machine identities are the #1 cause of identity growth and are considered by respondents to be the riskiest identity type.
  • 50% of organizations expect identities to grow 3x in the next 12 months (average: 2.4x).
  • 61% of organizations define a privileged user as human-only. Only 38% of organizations define all human and machine identities with sensitive access as privileged users.

CyberArk’s Threat Landscape Report found that nearly all (99%) of organizations are using AI in cybersecurity defense initiatives. Furthermore, the report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing. In related findings, counter to expectations, the majority of respondents are confident that deepfakes targeting their organization won’t fool their employees. “

CB Thoughts: Identity theft is more common because, as we connect to more things, people who want to hack our accounts and steal our names can see us and use that information against us. Smartphones and the Internet of Things have increased the surface threat environment. AI is helping enable hackers to tap into gaps exposing the identities of humans and machines. It’s an opportunity-filled world for hackers because there are so many targets.

If you want to protect your accounts, privacy, and image from identity theft, here is a brief list of things you can do:

1) Make your passwords strong. Via social engineering, hackers are particularly good at guessing passwords, especially if they know the street names where you used to live, your birthday, and your favorite pet names. Changing your password often can also make things harder for them.

2) Keep a different computer that you only use for banking and don’t use for anything else.

3) When you use your phone, use encryption apps and VPNs.

4) It is important to closely watch your credit scores, bank statements, and social media accounts daily. This goal can be reached with the help of LifeLock and other tracking services.

5) If you are breached, get legal help with your creditors’ liability problems, and consider hiring someone else to handle your reputation.

Tech expertise and Cybersecurity Help Are Urgently Needed!

Within two years, 90% of organizations will suffer a critical tech skills shortage Within two years, 90% of organizations will suffer a critical tech skills shortage – Computerworld

“A growing IT skills shortage is impeding organizations from completing digitization projects and adopting new technologies including generative artificial intelligence (genAI), and it’s hitting the bottom line in several ways.

In a recent IDC Research survey of more than 800 North American IT leaders, nearly two thirds said that a lack of skills has resulted in missed revenue growth objectives, quality problems, and a decline in customer satisfaction.”

34% of organizations lack cloud cybersecurity skills.

Incident response today is too time consuming and manual, leaving organizations vulnerable to damage due to their inability to efficiently investigate and respond to identified threats, according to Cado Security. 34% of organizations lack cloud cybersecurity skills – Help Net Security

“As organizations migrate to the cloud, they must adopt new technologies to better secure against evolving threats. The report uncovered that organizations have slightly improved their ability to handle cloud investigations, with respondents reporting that 23% of cloud alerts are never investigated, compared to over 33% in 2021.”

CB Thoughts: Criminal hackers have been able to take advantage of the fact that there are not enough qualified cybersecurity experts in the field. To meet demand and defend against threats, there are not enough skilled cybersecurity workers. As more breaches happen and costs keep going up, it is hard for both the public and private sectors to keep up with the latest malware patches and keep an eye on the ever-changing dangerous landscape.

As the two-article links highlighted, we are also entering a state of cyberflux. Many companies and groups are switching from old systems to cloud, hybrid cloud, and edge platforms to protect and organize their data. Recent technologies like 5G, the Internet of Things, AI, and quantum technologies will cause operating changes that will require new ways of managing cybersecurity risks. This will require more training and cyber expertise, especially for incident response.

Since security breaches have become much more common and people are more aware of how important IT is to business, protecting against them is no longer just seen as an expense; it is now seen as essential to keeping the company’s image and keeping the business running. In 2024, cybersecurity must become a priority for both companies and governments. Do we need more wake-up calls or will industry become more proactive in meeting security threats?

One Phish = 10X Phishes With AI (Plus Ransomware!)

Zscaler annual phishing report finds a near 60% increase in phishing attacks in 2023 Zscaler annual phishing report finds a near 60% increase in phishing attacks in 2023 | SC Media (scmagazine.com)

Ransomware report finds 43% of data unrecoverable after attack Ransomware report finds 43% of data unrecoverable after attack | SC Media (scmagazine.com)

“Ransomware victims permanently lose 43% of the data affected by an attack on average, according to a report published by Veeam.

The Veeam Ransomware Trends Report 2024, based on a survey of 1,200 CISO, security professionals and backup administrators who experienced a ransomware attack in 2023, reveals that many organizations are unprepared to recover from an attack despite the vast majority having incident response plans and policies in place.”

CB Thoughts: The tool that most hackers use is phishing because it is easy to do, and it works! With graphics and Generative AI, they can make it look as if a personal email is coming from a higher-up at work or from a bank, organization, or website you may visit often, a focused phish can trick anyone.

Criminal hackers are using AI to automate more of their phishing attacks and reach a substantial number of businesses, government bodies, and consumers. Phishing is easier for hackers to do now that technology has improved. A lot of different phishing tools are accessible to them, some of which are automated by machine learning.

It is easy for criminal hackers to get digital pictures, voice feeds, and confidential information about people to use for social engineering. With more people using social media, identity theft has gotten worse. Everything about us, including our friends, where we are, jobs, and hobbies, is visible to everyone. Anonymity is used to gather data for phishing or virus operations and could be used for deep fake deceptions.

Even though there are great risks, too few small, medium, and large companies have taken the need for cybersecurity seriously enough. As long as they do not, the number of hacks and the amounts paid in ransomware will keep going up. More people are connected, and criminal hackers are getting smarter.

Hackers often use ransomware along with phishing attacks and nowadays it can be AI enabled.

Ransomware is popular among criminal hackers because it can steal data and hold it hostage until cryptocurrency is paid. But as the 2nd article states, many times victims will not get their confidential data returned. In fact, if they do pay their vulnerabilities and locations are often sold to other hacking groups. Hackers focus on zero-day vulnerabilities, attack supply chains, and use social engineering to look for targets. In 2024, good cyber hygiene should be the first line of defense for both businesses and consumers.

Bots On The Warpath

Bot attacks persist as top threat in 2024 Bot attacks persist as top threat in 2024 | Cybernews

Bot attacks doubled in number last year, making it one of the fastest-growing cyber threats. The number of bot attacks nearly doubled throughout 2023. The end of the year saw the peak of bot activity, with a staggering increase of 32%.”

Largest Botnet Ever” Disrupted. 911 S5’s Alleged Mastermind Arrested

Tripwire“Largest Botnet Ever” Disrupted. 911 S5’s Alleged Mastermind Arrested

A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation.

The 911 S5 botnet, described as “likely the world’s largest botnet ever” by FBI Director Christopher Wray, has had its infrastructure and assets seized and its alleged mastermind arrested and charged.

The 911 S5 botnet grew through bundling its code with other software (using the disguise of fake security updates for apps like Adobe Flash Player) and via peer-to-peer file-sharing networks by posing as “cracked” or pirated software applications.

In all, devices associated with more than 19 million unique IP addresses (including 613,841 IP addresses located in the United States) appear to have been recruited into the botnet.

CB Thoughts:

When it comes to botnets, having so many digitally connected devices and networks is perilous. Especially when you have unpatched vulnerabilities in networks. A botnet is usually made up of a group of computers and other devices that are linked to the internet and are part of a network under a hacker’s control. When sent to devices by a bot, malware and ransomware can be self-replicating and harmful, much like a biological virus. Attackers often use Wi-Fi routers, web servers, and network links to get to computers that do not have firewalls or anti-virus software. In the name of real users, bots steal PII, scrape IP addresses, overburden platforms, and do other things.

The Bot described in the second article link was huge. Kudos to law enforcement for tracking down the perpetrators. Bot threats are certainly a top concern when it comes to cybersecurity. In fact, botnet attacks have been around for almost twenty years. They are becoming more common and more dangerous as they are automated via artificial intelligence tools. So, be on the lookout!

Criminals Prey On The Most Vulnerable

Scammers bilked older Americans out of $3.4 billion last year, often using cryptocurrency.

More than 12,000 people aged 60 and older indicated they fell victim to fraud involving cryptocurrency. More than 100,000 older Americans lost about $34,000 to cybercrime. What to know. (nbcnews.com)

“At least 101,000 Americans ages 60 and older were victims of digital fraud last year, with the average person losing $33,915, according to a new report from the FBI.

The biggest dollar-amount losses came from frauds involving bitcoin and other cryptocurrencies, the report said.”

CB Thoughts: With the rise of cryptocurrencies, it became easier for criminals to get paid for malware. Criminals can easily get bitcoin and other cryptocurrencies because people store them in digital wallets instead of banks. People can easily get into these wallets because they do not have the right levels or layers of security to protect people who own the currencies. The elderly, who are often less computer literate, are primary targets of criminal scammers. More needs to be done to protect that segment of the population, and more legal consequences must be addressed to pursue the perpetrators of such life-destroying acts.

More Alarming Statistics:

There are dozens of cybersecurity areas that can be analyzed for statistics and trends. Below is an excellent compilation of cybersecurity statistics.

35 cybersecurity statistics to lose sleep over in 2024.

“Here are 35 eye-opening cybersecurity stats from dozens of security experts — on crime, jobs, and trends — to consider while developing your 2024 security plan. 35 cybersecurity statistics to lose sleep over in 2024 (techtarget.com)

CB Thoughts: Statistics about cybersecurity can help you figure out what is missing, what threats are getting worse, and what trends are happening. Using the data to make a risk management plan that works and that is flexible to meeting the morphing variety of cyber threats is prudent.

There will be a powerful mix of old and new cyber-threats in 2024, given the circumstances. These next few months will be especially hard for everyone trying to keep their data safe and the world stable. But being vigilant and cyber aware can help mitigate potential threats.

Tripwire“Largest Botnet Ever” Disrupted. 911 S5’s Alleged Mastermind Arrested



Source

Related Articles

Back to top button