As we step into 2024, it's imperative to recognize the transformed cybersecurity landscape. AI-enhanced cyber-attacks, once a distant threat, are now a pressing reality, posing significant risks to your business's security.
As I write this, I’m well aware there’s a tendency to shrug and just accept the “we’re all gonna get hacked anyway” mantra to avoid having to deal with it. Further, like overhyped weather reports, it’s also tempting to just ignore the warning signs, thinking all of this is just fearmongering rhetoric designed to sell stuff.
However, it truly is becoming a situation where the question is no longer IF your organization will be hacked, but WHEN. The Hiscox Cyber Readiness report recently revealed that 53% of all businesses suffered at least ONE cyber-attack over the last 12 months with 21% stating the attack was enough to threaten the viability of their business.
This year is going to be a particularly nasty one, given the U.S. presidential election along with the ongoing wars between Russia and Ukraine and Israel and Hamas. Tensions are high and hacking groups are often motivated by revenge as well as money.
Now, here are the 5 biggest developments in cyber threats you need to know about.
1. The Proliferation Of AI Powered Attacks:
In the strategic game of cybersecurity, AI has become a critical player, akin to the Queen in chess, offering powerful advantages in both offense and defense. The rise of sophisticated AI-powered attacks, particularly deepfake social engineering, is a pressing concern
We’ve already seen scams using AI-generated voices of family members, calling relatives to claim they’ve been injured, kidnapped or worse, to extort money. This is also being used to hack into companies by getting employees to provide login information to people they think are their IT department or boss.
A recent incident reported by The Guardian illustrates this threat vividly: a Hong Kong company was scammed into giving away HK$200m (approximately $25million USD) during a deepfake video conference call, demonstrating the real-world implications of these AI-driven threats. It’s essential for businesses to stay vigilant and train employees to recognize and respond to such sophisticated scams.
This is where employee awareness training comes in, as well as controls such as MFA (multi-factor authentication), come into play. For instance, one of the things we do here at Fischer IT Solutions is verify all support requests with an automated secret code that's sent to the pre-registered mobile number of each user.
2. Increased Risk Of Remote Workers:
The shift towards remote work, a trend cemented by recent global events, brings with it an amplified risk of cyber threats. It's crucial for businesses to adopt secure remote work practices, such as VPNs and encrypted communication, to safeguard against these vulnerabilities.
From laptops being carried around and connected to suspicious Wi-Fi to mobile phones providing a “key” to logging into critical applications (like your bank account, Microsoft 365, line-of-business and credit card applications), these devices pose a high risk for being easily lost or stolen. Further, when people use their own devices or work remotely, they tend to mix business and personal activities on the same device.
That employee who frequents gambling or porn sites may be using the same device used to login to company e-mail or critical applications. Even logging into personal social media sites that get hacked can provide a gateway for a hacker to get to YOUR company’s information through a user’s (employee’s) personal accounts.
3. Escalation Of Ransomware Attacks:
There are an estimated 1.7 million ransomware attacks every day, which means every second 19 people are hacked worldwide. If you’ve been lucky enough to avoid this, know that someone else is getting hacked on a very frequent basis, and you are very likely to be hit.
Last year, ransomware attacks increased by 37% with the average ransom payment exceeding $100,000, with an average demand of $5.3 million.
Fortunately, not all ransom attacks are successful. Businesses are getting much smarter about cyber protections and have been able to put in place protections that prevent hackers from successfully extorting their victims. We use backup technology that automatically keeps an offsite copy of our clients' data unreachable from hackers and malware. Make sure that you're doing the same.
4. IoT Attacks:
The Internet of Things (IoT) has expanded the digital landscape to everyday devices, from smart fridges to fitness trackers. Each connected device potentially opens a door for cybercriminals, making comprehensive IoT security an essential facet of your cybersecurity strategy.
This trend means that hackers have a FAR greater number of access points into your world. If there are 100+ more doors to walk through in a house, you have a much greater security risk than if there are only five. That’s why IoT attacks present such a problem for us, and a huge opportunity for the hackers.
While many people know they should lock their PC, they might not be as meticulous in locking down their fridge or their dog’s tracking collar, but those could all ultimately provide access to you, your devices, e-mail, credit card and personal information.
5. Cyber Protection Legal Requirements:
To try and combat the out-of-control tsunami of cybercrime, the government is initiating more comprehensive federal and state laws requiring business owners to have in place “reasonable security” protections for their employees and clients.
The FTC (Federal Trade Commission) has been the most active in this space, bringing numerous actions against companies it alleges failed to implement reasonable security measures, issuing monetary penalties.
Of course, all 50 states plus Washington D.C. have passed laws imposing security requirements as well as data breach notification laws that require businesses to notify anyone whose data and PII (personally identifiable information) has been stolen or accessed by hackers via the company. For example, in California, under the California Privacy Rights Act (CCPA), a business could face a penalty of $100 to $750 per consumer and per incident if that company gets hacked and the court determines they failed to put in place reasonable security procedures.
Act Now: Secure Your Business's Future
Don't let uncertainty be your downfall. Proactively safeguard your business with a comprehensive Cybersecurity Risk Assessment from Fischer IT. Take control and ensure your business is fortified against the sophisticated cyber threats of 2024 and beyond.
Click here to schedule your Free Cybersecurity Assessment or call us to speak with one of our senior advisors at 667-222-3366.