2023 has been marred by a surge in cybercrime, with high-profile attacks on major corporations like Boeing, MGM Resorts, and New York hospitals dominating headlines. As we approach 2024, it is imperative to examine the trends that shaped the cybersecurity landscape in 2023 and prepare for the challenges. In the words of a cybersecurity expert, “Thinking ahead to 2024, CISOs and their teams can take several actionable steps to prepare.”
Ransomware Surges in 2023:
Ransomware has made a formidable comeback in the past year, adopting big game hunting tactics. Cybercriminals target high-value prey, demand exorbitant ransoms, and set minimum ransom demands. According to industry data, the average cost of extortion incidents nearly doubled from 2022 to 2023, with victims paying out demands exceeding $1 million at an alarming rate, almost quadrupling the figures from the previous year. Despite significant efforts to bolster cybersecurity measures, this disturbing trend shows no signs of abating as we head into 2024. In the words of one expert, “2023 might have marked the start of a new era of ransomware and big game hunting.”
Scaling Cybercrime Through Third-Party Vendors:
Cybercriminals are scaling up their attacks by exploiting emerging trends, including targeting third-party vendors. This strategy allows them to execute sweeping attacks on thousands of companies simultaneously. As organizations increasingly partner with multiple vendors for various services, the unintended consequence has been a surge in cybersecurity challenges. Research indicates that third-party breaches have become the top point of failure and cause of loss in the first half of 2023. Addressing this issue is critical to fortify defences against cyber threats.
The GenAI Social Engineer:
Social engineering has resurfaced as a significant threat, thanks to the rise of large language models (LLMs). Cybercriminals leverage these powerful AI technologies to execute more sophisticated and highly personalized social engineering attacks. This includes creating convincing phishing campaigns, impersonating organizations or individuals, and spreading misinformation on social media platforms. While AI has the potential to enhance cybersecurity, it is also being wielded as a malicious tool, posing a new challenge for large corporations. As one expert points out, “Social engineering is a threat that won’t go away, and while AI can be a force for good in cybersecurity, we will also see it be used more frequently as a malicious tool.”
As we prepare to face cybersecurity challenges in 2024, it is evident that the tactics and trends of 2023 have set the stage for what lies ahead. Organizations must adapt to the evolving landscape by reevaluating their risk assessment strategies, mainly when dealing with vendor partners. Additionally, a people-first approach to cybersecurity, advanced training, and robust email security measures are essential to combat social engineering and phishing attacks. Communication breakdowns within organizations must be rectified, and a value-at-risk approach should guide security investments. By embracing these strategies, we can proactively mitigate emerging threats and safeguard our digital landscape in the coming year.