In the spirit of “forewarned is forearmed”, the Grant McGregor team looks ahead to some of the cyber security challenges that we will all be facing throughout 2024.
We’ve seen a continuing trend for hackers and malicious actors to exploit current events. When people’s defences are down, they are more likely to click on malicious links or download malware. With this in mind, we should all be primed to be extra cautious of cyber activity related to major global conflicts, elections, and the Summer Olympics.
In its assessment of the cyber risks we’ll face next year, Proofpoint warns about the changing tactics of people launching phishing attacks and their use of AI tools to produce more convincing scams. It says, “Notably, the innovative use of generative AI, especially its ability to improve phishing emails, exemplifies a shift towards manipulating human behaviour rather than exploiting technological weaknesses.”
However, the company acknowledges that “On the flip side, more vendors will start injecting AI and large language models into their products and processes to boost their security offerings.”
As the number of connected devices and the Internet of Things (IoT) continues to grow (and by some measures they are expected to number 207 billion connected devices by the end of 2024), we are continually adding new potential vulnerabilities to our networks.
Writing in Intelligent CISO magazine, the Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, warns, “As organisations expand the number of platforms, applications and technologies they rely on for daily business operations, cybercriminals have unique opportunities to uncover and exploit software vulnerabilities. We’ve observed a record number of zero-days and new Common Vulnerabilities and Exposures (CVEs) emerge in 2023 and that count is still rising.”
The UK’s National Cyber Security Centre has issued guidance for all organisations that wish to start integration artificial intelligence built off large language models (such as Chat-GPT and GPT-4).
It says, “Since the release of ChatGPT in late 2022, Large Language Models (LLMs) have attracted global interest and curiosity. Whilst initially this saw unprecedented numbers of user signups to ChatGPT1, in recent months we've seen products and services built with LLM integrations for both internal and customer use.”
Given this uptick in use, it’s worth revisiting the NCSC guidance to make sure you are appraised of and actively working to mitigate the risks. In November 2023, the NCSC also issued further guidelines for secure AI system development.
Quantum computing may not be in widespread adoption just yet, but the security experts at Barracuda are already warning that it presents new potential cyber risks.
Mark Lukie, Director of Solution Architects, APAC, told Intelligent CISO magazine, “It is time to think about Quantum Computing from a security perspective, but it is not time to worry. Quantum computers are still in their early stages of development and we have time to prepare for their arrival. There are several things that organisations and individuals can do to mitigate the security risks associated with Quantum Computing, such as using post-Quantum cryptography algorithms, Quantum key distribution and segmenting networks and systems. We can also educate employees about cybersecurity best practices to help reduce the risk of phishing attacks and other social engineering attacks.
While Quantum Computing poses some security risks, it also has the potential to revolutionise many industries, including cybersecurity. For example, Quantum Computing could be used to develop new encryption algorithms that are even more secure than the ones we use today.”
The USA’s National Institute of Science and Technology (NIST)’s most recent guidance about cyber security risks has focused largely on the human factor.
This includes:
• Enabling multi-factor authentication
• Using strong passwords and a password manager
• Updating software
• Recognising and reporting phishing
A lot of these basics can be covered off through the UK Government’s Cyber Essentials scheme, which is designed to help businesses address the most common cyber security risks. It’s a great way to prove that your organisation is actively working on boosting your cyber security defences and promoting the importance of good cyber security message internally as well.
Combined with effective staff training around how to spot and respond to cyber risks, especially phishing, you should be well positioned to ensure your staff are part of your cyber security defences, not part of the problem.
For more advice or support on cyber security topics, please reach out to the Grant McGregor team.
Call us: 0808 164 4142
Message us: https://www.grantmcgregor.co.uk/contact-us
Further reading
You can find more information and insights about cyber risk and cyber security elsewhere on the Grant McGregor blog:
• New changes to Cyber Essentials for 2023
• Is your business data at risk? Don’t take chances with old tech!
• What is a watering hole attack? And how can you protect against it?
• AI’s new role in cyber security
• Is your organisation doing enough on supply chain security?
• What can we learn from the Capita data breaches?
• Do your backups include this important information?
• Tips for successfully implementing a zero-trust approach to cyber security