In 2024, we've seen a significant shift in cyber security. Complex threats have emerged, posing challenges worldwide. Adapting to the rapidly changing digital landscape is crucial to stay ahead of these risks. The following threat report includes a detailed round-up of the evolving cyber security landscape, including key updates we've seen in 2024 so far.
Data from the 2024 Cyber Security Breaches Survey paints a concerning picture of the cyber security landscape, highlighting increased vulnerabilities across organisations. 50% of businesses and 32% of charities reported experiencing cyber breaches or attacks in the past year alone. This is a significant rise in the number of businesses experiencing breaches compared to 2023, only 32% of businesses and 24% of charities reported any breaches or attacks.
Phishing is still a dominant threat, affecting 84% of businesses and 83% of charities. Despite implementing basic cyber security measures like updated malware protection, password policies, and network firewalls, cybercrime persists, with 22% of businesses and 14% of charities falling victim to attacks.
With global connectivity expanding, proactive measures are crucial to mitigate the risks of cyber breaches and attacks.
Top threats
Cyber crime has reached unprecedented levels, and the third month of 2024 was no exception. Almost daily, headlines featured cyber attacks or ransomware incidents. Below are the key threats that dominated the first quarter of 2024:
- Ransomware attacks have advanced with AI and machine learning, enabling precise identification and encryption of critical data, putting immense pressure on victims to comply with ransom demands.
- Threat actors are increasingly harnessing the power of AI for their malicious activities. AI now drives disinformation campaigns, deepfakes, and exploits within software supply chains.
- Cyber criminals are exploiting QR codes to deceive users into visiting malicious websites or unwittingly downloading malware.
- Cloud environments have experienced a staggering 75% surge in intrusions. When inadequately protected, attackers exploit these vulnerabilities to gain unauthorised access to an organisation’s sensitive data.
- Cyber attackers are now targeting identities through methods like phishing for credentials and password spraying, using stolen information to access systems.
- Malicious or negligent insiders remain a significant risk to organisations.
- Phishing attacks persist as a common entry point. Cyber criminals exploit human error and social engineering to gain unauthorised access.
- Phishing was the most common type of breach or attack. It affected 84% of businesses and 83% of charities that reported breaches or attacks.
In the news
- Beware of the rising Facebook scam threatening your business account: Scammers are exploiting small businesses and creators on Facebook and Instagram by pretending to be from Meta’s Business Help Centre.
- Finance worker is tricked into paying scammers £20million by deepfake video call using AI copies of his colleagues: A finance worker in Hong Kong transferred £20 million to fraudsters after a deepfake video call imitated his colleagues, including the UK-based CFO. The criminals used AI to convincingly impersonate company executives.
- UK and allies expose evolving tactics of Russian cyber actors: Russian state-linked cyber actors are adapting techniques to target organisations moving to cloud-based infrastructure.
- Global ransomware threat expected to rise with AI, NCSC warns: AI is expected to increase the global ransomware threat. The report highlights how AI will impact cyber operations and urges organisations to implement protective measures.
- New laws to protect consumers from cyber criminals come into force in the UK: Internet-connected smart devices are now legally required to meet minimum-security standards.
- 87% of UK organisations are vulnerable to cyberattacks in the age of AI: The report highlights the increased threat because of AI and emphasises the need for robust cyber security measures
- Exploitation of vulnerabilities affecting Cisco firewall: The NCSC provides information on vulnerabilities affecting Cisco firewalls and offers mitigation advice.
- Police bust global cyber gang accused of industrial-scale fraud: A global cyber gang involved in industrial-scale fraud has been taken down by the police.
- ‘Admin’ and ‘12345’ banned from being used as passwords in UK crackdown on cyber attacks: New laws prohibit weak default passwords, enhancing protection against cyber threats.
Key takeaways
- Stay vigilant against disinformation campaigns and deepfake techniques to better identify false information.
- Be cautious when scanning QR codes, especially if they are from unfamiliar sources. This will help lower the risk of encountering harmful content.
- Strengthen your cloud services with strong security measures such as encryption and access controls to protect important data from unauthorised access.
- Safeguard your online accounts by utilising unique and complex passwords, coupled with multi-factor authentication, to mitigate the risk of identity theft.
- Educate your employees on cyber security best practices to mitigate insider threats and enhance overall organisational security.
- Equip your organisations with the skills to identify phishing attempts, avoiding the pitfalls of clicking on suspicious links or divulging personal information unknowingly.
- Expect phishing compromises. However, allocate resources to enhance your cyber capabilities for detecting and responding to phishing attempts.
Lee Johnson, CIO/CISO at Air IT says:
In today’s digital world, cyber breaches aren’t just stats; they’re real threats disrupting operations and compromising data. With 50% of businesses experiencing attacks in the past year alone, and phishing impacting 84% of businesses, it’s evident that cybercrime persists despite basic security measures. The fact that 22% of businesses fall victim to attacks highlights the urgency for proactive cyber defences. It’s no longer an option but a necessity to stay ahead of cyber threats.
Don’t be the next victim
We offer a free IT audit that can help you establish a solid foundation for your future growth and success. Our audit is designed to identify any loopholes or weaknesses in your infrastructure and ensure that you have the latest anti-virus and threat management tools and updates in place.
