2023 marked a turning point for cyber threats. Artificial Intelligence (AI) officially became a tool for harm as it enabled faster and easier attacks. New cybersecurity threats in 2024 include AI-powered attacks as well as several other internally and externally driven factors.
This year is going to be a particularly nasty one, given the U.S. presidential election along with the ongoing wars between Russia and Ukraine and Israel and Hamas. Tensions are high and hacking groups are often motivated by revenge as well as money.
You may think all of this as just fearmongering rhetoric designed to sell stuff. However, relying on the “we’re all gonna get hacked anyway” mindset is risky. It is seriously no longer IF your organization will be hacked, but WHEN. The Hiscox Cyber Readiness report reveals 53% of all businesses suffered at least ONE cyber-attack in the last year. Furthermore, 21% said the attack was severe enough to threaten the viability of their business.
Now, here are the 5 biggest developments in cybersecurity threats you need to know about.
1. The Proliferation of AI Powered Attacks
If cybersecurity is a chess game, AI is the Queen. It gives the person in possession the most powerful advantage for whomever plays it best. All cyber-related reports expect to see a rise highly sophisticated deepfake social engineering attacks.
We’ve already seen scams using AI-generated voices of family members. They call relatives claiming they’ve been injured, kidnapped or worse, to extort money. Scammers use this same tactic to hack into companies. The AI-generated calls get employees to provide login information to people they think are their IT department or boss. This is where employee awareness training comes in. Invario’s fully managed security awareness training program combines state-of-the art online course with simulated phishing attempts. The fast-paced and evolving nature of our service trains your employees on the latest threats, and how to avoid them.
2. Increased Risk of Remote Workers
Remote work is a trend that is not going away. With that expansion comes an exponentially greater risk for cyber threats. For example, carrying around laptops increases the risk of loss, or of attack via suspicious Wi-Fi connections. In addition, workers may use mobile phone devices as a “key” to log into critical applications (like your bank account, Microsoft 365, line-of-business and credit card applications). These devices pose a high risk of loss or theft, which further jeopardizes your security.
Further, when people use their own devices or work remote, they tend to mix business and personal activities on the same device. That employee who frequents sketchy websites may be using the same device to login to company email or critical applications. Even personal social media sites can provide a gateway for a hacker to get to YOUR company’s information if they are able to hack into site.
3. Escalation of Ransomware Attacks
There are an estimated 1.7 million ransomware attacks every day. This means that every second 19 people are hacked worldwide. If you’ve been fortunate enough to evade this so far, understand that hackers are targeting others very frequently, and there’s a high likelihood that it will eventually catch up to you.
Last year, ransomware attacks increased by 37% with the average ransom payment exceeding $100,000, with an average demand of $5.3 million.
Fortunately, not all ransom attacks are successful. Businesses are getting much smarter about cyber protections and have been able to put in place protections that prevent hackers from successfully extorting their victims. Some of the ways we protect our customers from ransomware and other new cybersecurity threats are endpoint detection and response, Microsoft 365 identity protection, and email threat defense.
4. IoT Cybersecurity Threats
IoT, or “Internet of Things,” is a term to describe the proliferation of Internet-connected devices. Today, you can even connect kitchen appliances, like your refrigerator, to the Internet. This means hackers have a FAR greater number of access points into your world. If there are 100+ more doors to walk through in a house, you have a much greater security risk than if there are only five. That’s why IoT attacks present such a problem for us, and a huge opportunity for the hackers.
While many people know they should lock their PC, they might not be as meticulous in locking down their fridge or their dog’s tracking collar. However, those could all provide access to you, your devices, e-mail, credit card and personal information.
5. Cyber Protection Legal Requirements
To try and combat the out-of-control tsunami of cybercrime, the government is initiating more comprehensive federal and state laws requiring business owners to have “reasonable security” protections in place for their employees and clients.
The FTC (Federal Trade Commission) has been the most active in this space, bringing numerous actions against companies it alleges failed to implement reasonable security measures, and issuing monetary penalties.
Of course, all 50 states plus Washington D.C. have passed laws imposing security requirements as well as data breach notification laws. These notification laws require businesses to notify anyone whose data and PII (personally identifiable information) has been stolen or accessed by hackers via the company. One example is the California Privacy Rights Act (CCPA), where a business can face a penalty of $100 to $750 per consumer and per incident if that organization gets hacked and the court determines they failed to implement reasonable security procedures.
Not Sure If You’re as Protected and Prepared Against These New Cybersecurity Threats?
To make sure you’re properly protected, get a free, no-obligation Cybersecurity Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack.
Schedule your assessment with one of our senior advisors by calling us at 703-528-0101 or clicking here.