Tech | Visa | Scholarship/School | Info Place

3 UK cyber security trends to watch in 2024

It can be said that staying up to date with the latest cybersecurity information will become even more important in 2024. Financial services provider Allianz has named cyberattacks as the biggest risk to UK businesses this year for the first time, making them a top concern for businesses of all sizes for the first time. However, many professionals remain unaware of what the events of the first quarter tell us about the cyber landscape for the rest of the year, which could have significant consequences.

TechRepublic consulted UK industry experts to identify the three most important trends in cybersecurity – artificial intelligence, zero-day and IoT security – and provide guidance on how businesses can best stay the course.

1. Leverage artificial intelligence to conduct sophisticated cyber attacks

In January 2024, the UK National Cyber ​​Security Center warned that due to the emergence of artificial intelligence technology, global ransomware threats are expected to rise, with the number and impact of attacks increasing. The risks to UK businesses are particularly clear, with a recent report from Microsoft finding that 87% were either “vulnerable” or “at high risk” of cyberattacks. Minister for Artificial Intelligence and Intellectual Property, Viscount Camrose, specifically emphasized the need for British organizations to “strengthen their cyber security plans” because the UK is the third most targeted country in the world when it comes to cyberattacks, after the United States and Ukraine.

James Babbage, director of threats at the National Crime Agency, said in an NCSC post: “AI services lower barriers to entry, increase the number of cybercriminals and will increase the scale, speed and effectiveness of existing cybercrimes. Ability.” Attack method. “

Criminals can use this technique to launch more convincing social engineering attacks and gain initial network access. According to Google Cloud’s Global Cybersecurity Forecast Report, large language models and generative AI “will increasingly be offered as paid services in underground forums and used for a variety of purposes, such as phishing campaigns and spreading disinformation.”

SEE: Artificial Intelligence Predictions to 2024 (free TechRepublic Premium download)

Jake Moore, a global cybersecurity consultant at internet security and antivirus company ESET, has been working on real-time cloning software that uses artificial intelligence to swap the face of a video caller with that of someone else. He told TechRepublic via email: “This technology, coupled with impressive AI voice cloning software, has begun to call into question the authenticity of video calls, which could have a devastating impact on businesses of all sizes. “

OpenAI announced on March 29, 2024, that it was taking a “cautious and informed approach” when releasing its voice cloning tool to the public “due to the potential for misuse of synthesized speech.” A model called “Speech Engine” is able to convincingly replicate a user’s voice using just 15 seconds of recorded audio.

Moore said: “Malicious hackers tend to use a variety of techniques to manipulate their victims, but impressive new technologies without borders or regulation are making it easier for cybercriminals to influence people for financial gain and to fund their growing Another tool added to the toolbox.”

“Staff need to be reminded that we are entering an era where seeing is not necessarily believing and verification remains key to security. Policies must not be diluted with verbal instructions and all staff need to be aware that (live cloning software) will not be available for the next 12 years It will break out within a month.”

2. More successful zero-day exploits

Government statistics found that 32% of UK businesses suffered a known data breach or cyberattack in 2023. Raj Samani, senior vice president and chief scientist at Rapid7, a unified cybersecurity platform, believes attacks on UK businesses will remain particularly frequent this year, but adds that threat actors are also becoming more sophisticated.

“One of the most prominent trends we saw in 2023 that will continue into 2024 is the sheer volume of zero-day exploits by threat groups that we wouldn’t normally anticipate,” he told TechRepublic in an email. Organizations will have such capabilities.

“What this means for UK cyber security is the need to prioritize security updates more quickly. Organizations of all sizes must implement an approach to improve the identification of key recommendations impacting their environment and incorporate context into these decisions.

“For example, if a vulnerability is exploited in the wild and there are no compensating controls – and it is exploited by, for example, a ransomware group – then the speed with which patches are applied may need to be prioritized.”

SEE: The most important cybersecurity predictions of 2024 (free TechRepublic Premium download)

The UK government’s Cybersecurity Vulnerability Survey 2023 found a decline in key cyber hygiene practices such as password policies, network firewalls, restricted administrative rights and policies to apply software security updates within 14 days. While these data largely reflect changes in micro, small and medium-sized businesses, this laxity significantly increases the scope of targets for cybercriminals and highlights the need for improvements in 2024.

“Personal data is still a very valuable currency,” Moore told TechRepublic. “Once employees let their guard down, (attacks) can be very successful, so it’s critical that employees understand the tactics being used.”

3. Renewed focus on IoT security

By 29 April 2024, all UK IoT device suppliers will need to comply with the Product Safety and Telecommunications Act 2022, which means at least:

  1. Device must have password enabled.
  2. Consumers can clearly report safety issues.
  3. The duration of device security support is disclosed.

While this is a positive step, many organizations still rely heavily on older equipment that may no longer have vendor support.

“IoT devices are often packaged with weak (if any) built-in security features, so[users]are disadvantaged from the start and often unaware of potential security risks,” Moore told TechRepublic in an email. Weaknesses. Security updates also tend to be infrequent, which creates further risks for owners.”

Organizations relying on older equipment include those dealing with the UK’s critical national infrastructure, such as hospitals, utilities and telecommunications. Evidence provided by Thales for a UK government report on the national security threat posed by ransomware states that “in the CNI space, it is not uncommon to find aging systems with long operating lives that have not been regularly updated, monitored or assessed.” NCC Other evidence from the Group suggests that “OT (operational technology) systems are more likely to contain components that are 20 to 30 years old and/or use older software that is less secure and no longer supported.” These older systems put essential services at risk Risk of disruption.

See: Key IIoT Security Risks

According to IT security firm ZScaler, 34 of the 39 most commonly used IoT vulnerabilities have been present in devices for at least three years. Additionally, Gartner analysts predict that by 2026, 75% of organizations will have mission-critical unmanaged or legacy systems because they have not yet been incorporated into a zero trust strategy.

“IoT owners must understand the risks when putting any internet-connected device into their business, but it’s critical to force IoT devices to be more secure from the design stage, and many common attack vectors can be patched,” Moore said.

#cyber #security #trends #watch

Leave a Reply

Your email address will not be published. Required fields are marked *