Strategic Preparedness for 2024 – Insights for Fusion and our Clients
Recently I was invited to an interesting webinar hosted by one of our strategic partners on some IT trends identified from 2023 together with a look ahead to 2024 factors likely to impact our clients.
Recap on 2023
Surge In Ransomware Attacks
In retrospect, the year 2023 witnessed a surge in ransomware attacks driven by their perceived effectiveness in generating revenue. The primary conduit for such attacks remained phishing, retaining its status as the predominant attack vector. Alarmingly, cybercrime tallied a staggering $26.9 trillion in the USA and $17.8 trillion in China, cumulatively rivalling the economic output of the world’s second-largest economy.
Misguided Misconceptions Amongst Small Business Owners
Despite these escalating figures, a mere 3 out of 10 small business owners expressed concern about cybersecurity, posing a significant challenge for MSPs, like Fusion, who need small businesses to take the issue more seriously and invest in protective measures. Misguided perceptions amongst small business owners, assuming their size and insignificance will negate them as potential targets, coupled with a lax approach towards cybersecurity measures, renders them exceptionally vulnerable to malicious activities.
AI Aggregation of Social Media
Furthermore, the advent of AI (Artificial Intelligence) has introduced a new dimension to phishing attacks by eliminating overt grammar and syntax errors in phishing emails. Additionally, AI facilitates the aggregation of social media activities on sources like LinkedIn and Instagram, allowing phishing emails to appear more authentic, timely, and relevant, thus increasing the likelihood of recipients falling prey to cyber threats as a result of opening a phishing email.
Cybercrime As A Service
The commercialisation of cybercrime organisations, featuring “employees,” “HR departments,” and even “beer Fridays,” has democratised the acquisition of Cybercrime-as-a-Service (CaaS) and Ransomware-as-a -Service (RaaS). This enables mass targeting of inadequately secured small businesses, presenting an imminent threat to thousands of organisations simultaneously. Notably, the rise of double extortion involves targeting not only businesses but also their clients, exemplified by instances such as a plastic surgery practice in Las Vegas not only being held to ransom, but their patients facing threats of releasing ‘before’ and ‘after’ photos of their treatment.
What to Expect in 2024
AI Renders Phishing Email More Realistic
In the upcoming year, artificial intelligence is poised to play an increasingly prominent role in rendering phishing emails more sophisticated and realistic. Instances such as the Adobe Creative Cloud reset phishing email scam illustrates how AI can craft highly convincing emails, duping unsuspecting individuals into divulging sensitive information like credit card details.
AI’s expanding role in social engineering-based attacks and Business Email Compromise (BEC) attempts is anticipated. Cybercriminals are expected to leverage AI to establish trust with targeted users more effectively and expedite the innovation, formulation and deployment of cyberattacks.
Use of Frameworks and Governance as Protection
As a countermeasure, a paradigm shift towards governance techniques, emphasising people and processes alongside technological safeguards, is foreseen. The NIST framework serves as an exemplary model, combining identify, protect, detect, respond and recover with incident governance processes and staff training to fortify defences against threats..
For example, not only would businesses embed email gateway systems to Identify, Protect and Detect malicious emails attempting BEC (Business Email Compromise). But the organisation would also have processes in place to Govern incidents such as a change of bank account details triggering Users to seek verification, and rigorous training ensuring staff know the right process in the event of a incident. So, it is forecasted there will be a shift to governance techniques based on People and Process to guard against cyber threats, like BEC, rather than reliance purely on technology.
Cyber Insurance More Challenging
In 2024, acquiring cyber insurance is predicted to become more challenging, with underwriters seeking comprehensive insights into the solutions, frameworks, and more human-led Managed Detection and Response (MDR) products implemented by businesses, before insuring them or paying out claims. Embracing frameworks and governance is expected not only to enhance security, but also have the trade-off of optimising business operations by focusing on efficient processes.