All Archives - Page 4 of 79 - Cyber Secure Forum | Forum Events Ltd

All

MALWARE MONTH: Devising effective anti-malware strategies

 960 640 Stuart O'Brien
By:
0
0

In the complex cybersecurity landscape of the UK, Chief Information Security Officers (CISOs) face the daunting task of protecting their organisations against a multitude of evolving malware threats. An effective anti-malware strategy is essential for safeguarding sensitive data and maintaining business continuity. Here we delve into the key considerations that CISOs must weigh when formulating such a strategy…

1. Comprehensive Threat Analysis

The first step in crafting an anti-malware strategy is a thorough understanding of the current threat landscape. CISOs need to analyse the types of malware most likely to target their sector, including ransomware, spyware, Trojans, and worms. Understanding the techniques employed by cybercriminals, such as phishing, drive-by downloads, or zero-day exploits, is crucial. This analysis should guide the development of a strategy that addresses specific vulnerabilities and potential attack vectors.

2. Layered Defence Mechanisms

In the world of cybersecurity, relying on a single line of defence is insufficient. CISOs must adopt a multi-layered approach that encompasses not just anti-malware software but also firewalls, intrusion detection systems, and email filtering. Each layer serves to block different types of threats and provides redundancy should one layer fail.

3. Integration with Existing IT Infrastructure

Any anti-malware solution must seamlessly integrate with the existing IT infrastructure. CISOs should ensure compatibility with current systems to avoid any disruptions in operations. This also involves considering the scalability of the solution to accommodate future organisational growth and technological advancements.

4. Regular Software Updates and Patch Management

Keeping software up-to-date is a fundamental aspect of an anti-malware strategy. CISOs must implement robust policies for regular updates and patches, as outdated software is a common entry point for malware. This includes not only security software but also operating systems and other applications.

5. Employee Education and Awareness

Human error remains one of the largest vulnerabilities in cybersecurity. CISOs must prioritise educating employees about safe online practices, recognising phishing attempts, and the importance of reporting suspicious activities. Regular training sessions, simulations, and awareness campaigns can significantly reduce the risk of malware infections.

6. Incident Response Planning

Despite the best preventive measures, malware breaches can still occur. Therefore, a well-defined incident response plan is vital. This plan should outline the steps to be taken in the event of an infection, including containment procedures, eradication of the threat, recovery actions, and communication protocols.

7. Compliance and Legal Considerations

CISOs must also consider legal and regulatory requirements, such as the General Data Protection Regulation (GDPR), which mandates stringent data protection measures. Failure to comply can result in substantial fines and reputational damage.

8. Continuous Monitoring and Analysis

Finally, continuous monitoring and analysis of network traffic and system activities are essential for early detection of malware. Implementing advanced analytics and AI-driven tools can help in identifying anomalies that might indicate a malware infection.

For CISOs in the UK, devising an anti-malware strategy requires a balanced approach that combines technological solutions with employee training and robust policies. As malware threats continue to evolve, so must the strategies to combat them. A proactive, dynamic, and comprehensive approach is key to safeguarding an organisation’s digital assets against the ever-present threat of malware.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Michael Geiger on Unsplash

NETWORK SECURITY MONTH: A CISO’s guide to choosing the best solutions and partners

 960 640 Stuart O'Brien
By:
0
0

In an era where cyber threats are increasingly sophisticated, the role of Chief Information Security Officers (CISOs) in sourcing and selecting network security solutions is more crucial than ever. For those operating in the UK, this task involves navigating a complex landscape of emerging technologies and evolving threats. Here are essential tips for CISOs to consider when choosing network security solutions and partners…

1. Comprehensive Threat Assessment

Begin with a thorough assessment of your organisation’s specific security needs. Understand the nature of the data you are protecting, the potential vulnerabilities in your network, and the types of threats most likely to target your sector. This assessment will guide you in identifying the solutions that best address your unique security challenges.

2. Evaluate Solution Robustness and Versatility

Seek solutions that offer robust protection against a wide range of threats, including malware, ransomware, DDoS attacks, and insider threats. The ideal solution should be versatile enough to adapt to the ever-changing threat landscape and scalable to grow with your business.

3. Integration with Existing Infrastructure

The chosen solution should seamlessly integrate with your existing IT infrastructure. Compatibility issues can lead to security gaps and operational inefficiencies. Ensure that the new network security solutions can work harmoniously with your current systems.

4. Compliance with Regulatory Standards

In the UK, compliance with regulations such as GDPR is paramount. Your network security solution should facilitate compliance, ensuring that data protection and privacy standards are met. This includes features for data encryption, access control, and audit trails.

5. Reputation and Reliability of the Partner

Research the reputation and track record of potential security partners. Look for providers with proven experience in delivering high-quality network security solutions. Check references, read case studies, and consider the provider’s history of innovation and customer support.

6. Ongoing Support and Services

Post-implementation support is vital. A good security partner should offer comprehensive support services, including regular updates, technical assistance, and training for your IT team. Evaluate the level of ongoing support offered to ensure that your network remains secure against emerging threats.

7. Consideration of Future-Proofing

In the fast-evolving field of cyber security, future-proofing is key. Choose solutions that are flexible and can evolve with advancements in technology. Consider partners who invest in research and development and stay ahead of emerging security trends.

8. Prioritise User Training and Awareness

Finally, recognise that technology is just one part of the solution. Effective network security also depends on user behaviour. Select a partner who can provide training and raise awareness among your staff, as human error remains one of the biggest security vulnerabilities.

Conclusion

In summary, for CISOs in the UK, selecting network security solutions and partners is a decision that requires a strategic approach, balancing technical requirements, regulatory compliance, compatibility, support, and the human element. By carefully considering these aspects, CISOs can establish a robust network security posture that protects their organisation’s assets and fosters a culture of cyber resilience.

Are you on the hunt for network security solutions? The Cyber Secure Forum can help!

Photo by Mario Gogh on Unsplash

Anti-Virus

Do you specialise in Anti Virus solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on Cyber Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in January we’re focussing on Anti Virus solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Anti Virus solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jenny Lane on j.lane@forumevents.co.uk.

Here’s our full features list:

Jan 2024 – Anti Virus
Feb 2024 – Access Control
Mar 2024 – Intrusion Detection & Prevention
Apr 2024 – Phishing Detection
May 2024 – Advanced Threat Dashboard
Jun 2024 – Browser/Web Security
July 2024 – Authentication
Aug 2024 – Penetration Testing
Sep 2024 – Vulnerability Management
Oct 2024 – Employee Security Awareness
Nov 2024 – Malware
Dec 2024 – Network Security Management

Just 12% of IT infrastructure & operations leaders exceed performance expectations

 960 640 Stuart O'Brien
By:
0
0
Only 12% of infrastructure and operations (I&O) leaders rate their function’s performance as exceeding CIO expectations in the face of continued economic headwinds.

“I&O leaders must support senior leadership by proactively contributing to their organization’s ability to navigate economic uncertainty,” said Cameron Haight, VP Analyst at Gartner. “Their destinies are interlinked, as a failure by the business to execute the proper strategy will have repercussions across the organization.”

The Gartner survey was conducted from April through July 2023 among 122 I&O leaders from enterprises in North America, EMEA and Asia/Pacific whose growth was impacted by external threats in 2022 and 2023.

I&O leaders cited cybersecurity risks as the most frequent threat impacting enterprise growth this year. Supply chain disruptions and talent and skills shortages are listed as the second- and third-most-important external threats deemed to impact growth, closely followed by inflationary pressures (see Fig. 1).

Figure 1. I&O Leaders’ Top External Threats Impacting Enterprise Growth

Source: Gartner (December 2023)

While seeking to combat many of these threats, I&O leaders are also being asked to meet organizational expectations with funding that only keeps pace with inflation at best. In 2023, 41% of I&O leaders’ budgets increased but stayed steady relative to inflation, while 37% of budgets were either cut or stayed steady but declined in real terms due to inflation. Just 27% of I&O leaders’ budgets increased and grew relative to inflation.

“While it remains to be seen what 2024 budgets will look like, the lack of real funding growth observed to date could cause projects to be deferred into next year, causing a cascading appropriations challenge,” said Haight. “Given this scenario, I&O leaders must work smarter to achieve business outcomes with fewer resources.”

Top Actions for I&O Leaders to Navigate Economic Headwinds
Based on the survey findings, Gartner identified three key actions that successful I&O organizations were adopting to counteract the forces of economic uncertainty. I&O leaders that leveraged these practices were three times more likely to help their enterprises better navigate a turbulent economy.

These actions include:

1. Developing a workplace environment that improves well-being and inclusiveness.
I&O leaders often face challenges recruiting and retaining the necessary talent to achieve their objectives. Within I&O teams that were rated as the most effective, 84% of leaders reported building a welcoming and inclusive workplace. Furthermore, 79% of I&O leaders at highly effective organizations ensured the holistic wellness of employees by holding them accountable for personalizing their well-being progress.

2. Undertaking actions that improve I&O efficiency through enhanced analysis capabilities.
Maximizing the impact of technology and other investments remains a critical focus for I&O leaders amidst continued economic uncertainty. According to the survey, 89% of leaders in highly effective I&O organizations formulate strategies for process transformation and optimization, and 82% identify opportunities to reduce technology costs through economies of scale or cross-enterprise synergies.

3. Enhancing I&O’s ability to become a full-fledged partner in digital business activities
I&O leaders may struggle to be viewed as a key partner with business leaders, due to an inability to easily link IT investments to business outcomes. To enhance their contribution to the organization’s digital business strategy, the survey found that 92% of effective I&O leaders foster better coordination of I&O digital investments across lines of business or product lines. Additionally, 84% apply objective analysis to translate enterprise priorities into investments that advance digital business potential, and 79% provide a common language for business and I&O stakeholders to coordinate digital investment decisions.

Photo by Austin Distel on Unsplash

Level up with bespoke online courses for IT professionals

 960 640 Stuart O'Brien
By:
0
0

Our selection of online courses tailored specifically for the IT Security sector will enable you to both learn new skills and improve existing ones in 2024 and beyond – sign up today! These are specially-curated online courses designed to help you and your team, improve expertise and learn new things.

The IT and Personal Development online learning bundle provides you with over 50 courses, which cover all areas of both professional and personal development:

  • CSS Certification Level 1
  • HTML 5 Certification Level 2
  • Introduction to Cloud Computing Certification
  • IT Security Certification
  • Website Development Foundations Certification
  • WordPress Certification
  • How to Handle Criticism at Work Certification
  • How to Improve Your Mental Health Certification
  • Building Your Confidence and Self-Esteem Certification
  • Managing Teams Certification
  • Master Planning Certification

And many more! Find out more and purchase your online bundle here For just £99 +vat (usually £149), you can share the courses with your colleagues over a 12-month period. Additionally, there are a variety of bundles available on all spectrums;

  • Personal & Professional Development
  • Healthcare
  • Sports & Personal Development
  • Human Resources
  • Customer Services
  • Health & Safety
  • Education & Social Care Skills
  • Sales & Marketing
  • IT & Personal Development

Book your courses today and come out of this stronger and more skilled!

Security IT Summit is now the Cyber Secure Forum – Register today!

 960 640 Stuart O'Brien
By:
0
0

Do you have an upcoming security project that you need help with? The Cyber Secure Forum, formerly the long-runningSecurity IT Summit, is a bespoke and highly targeted event, where you can meet with a selection of suppliers, who can help with your upcoming business plans and projects.

You will be provided with a personalised itinerary of pre-arranged, 1-2-1 meetings with suppliers relevant to you. No hard sell, and no time wasted.

The event is entirely free for security professionals, like you, to attend.

25th June 2024

Hilton London Canary Wharf

Your free pass includes;

  • A corporate itinerary of one-to-one meetings with solution providers
  • A seat at our industry seminar sessions (live attendance only)
  • All meals and refreshments throughout
  • Networking breaks to make new connections in your field

Register Here

Threat Predictions for 2024: Chained AI and CaaS operations give attackers more ‘easy’ buttons 

 960 640 mattd
By:
0
0

With the growth of Cybercrime-as-a-Service (CaaS) operations and the advent of generative AI, threat actors have more “easy” buttons at their fingertips to assist with carrying out attacks than ever before. By relying on the growing capabilities in their respective toolboxes, adversaries will increase the sophistication of their activities. They’ll launch more targeted and stealthier hacks designed to evade robust security controls, as well as become more agile by making each tactic in the attack cycle more efficient.

In its 2024 threat predictions report, the FortiGuard Labs team looks at a new era of advanced cybercrime, examines how AI is changing the (attack) game, shares fresh threat trends to watch for this year and beyond, and offers advice on how organisations everywhere can enhance their collective resilience against an evolving threat landscape…

The Evolution of Old Favorites

We’ve been observing and discussing many fan-favorite attack tactics for years, and covered these topics in past reports. The “classics” aren’t going away—instead, they’re evolving and advancing as attackers gain access to new resources. For example, when it comes to advanced persistent cybercrime, we anticipate more activity among a growing number of Advanced Persistent Threat (APT) groups. In addition to the evolution of APT operations, we predict that cybercrime groups, in general, will diversify their targets and playbooks, focusing on more sophisticated and disruptive attacks, and setting their sights on denial of service and extortion.

Cybercrime “turf wars” continue, with multiple attack groups homing in on the same targets and deploying ransomware variants, often within 24 hours or less. In fact, we’ve observed such a rise in this type of activity that the FBI issued a warning to organizations about it earlier this year.

And let’s not forget about the evolution of generative AI. This weaponisation of AI is adding fuel to an already raging fire, giving attackers an easy means of enhancing many stages of their attacks. As we’ve predicted in the past, we’re seeing cybercriminals increasingly use AI to support malicious activities in new ways, ranging from thwarting the detection of social engineering to mimicking human behavior.

Fresh Threat Trends to Watch for in 2024 and Beyond

While cybercriminals will always rely on tried-and-true tactics and techniques to achieve a quick payday, today’s attackers now have a growing number of tools available to them to assist with attack execution. As cybercrime evolves, we anticipate seeing several fresh trends emerge in 2024 and beyond. Here’s a glimpse of what we expect.

Give me that big (playbook) energy: Over the past few years, ransomware attacks worldwide have skyrocketed, making every organisation, regardless of size or industry, a target. Yet, as an increasing number of cybercriminals launch ransomware attacks to attain a lucrative payday, cybercrime groups are quickly exhausting smaller, easier-to-hack targets. Looking ahead, we predict attackers will take a “go big or go home” approach, with adversaries turning their focus to critical industries—such as healthcare, finance, transportation, and utilities—that, if hacked, would have a sizeable adverse impact on society and make for a more substantial payday for the attacker. They’ll also expand their playbooks, making their activities more personal, aggressive, and destructive in nature.

It’s a new day for zero days: As organisations expand the number of platforms, applications, and technologies they rely on for daily business operations, cybercriminals have unique opportunities to uncover and exploit software vulnerabilities. We’ve observed a record number of zero-days and new Common Vulnerabilities and Exposures (CVEs) emerge in 2023, and that count is still rising. Given how valuable zero days can be for attackers, we expect to see zero-day brokers—cybercrime groups selling zero-days on the dark web to multiple buyers—emerge among the CaaS community. N-days will continue to pose significant risks for organizations as well.

Playing the inside game: Many organisations are leveling up their security controls and adopting new technologies and processes to strengthen their defenses. These enhanced controls make it more difficult for attackers to infiltrate a network externally, so cybercriminals must find new ways to reach their targets. Given this shift, we predict that attackers will continue to shift left with their tactics, reconnaissance, and weaponisation, with groups beginning to recruit from inside target organisations for initial access purposes.

Ushering in “we the people” attacks: Looking ahead, we expect to see attackers take advantage of more geopolitical happenings and event-driven opportunities, such as the 2024 U.S. elections and the Paris 2024 games. While adversaries have always targeted major events, cybercriminals now have new tools at their disposal—generative AI in particular—to support their activities.

Narrowing the TTP playing field: Attackers will inevitably continue to expand the collection of tactics, techniques, and procedures (TTPs) they use to compromise their targets. Yet defenders can gain an advantage by finding ways to disrupt those activities. While most of the day-to-day work done by cybersecurity defenders is related to blocking indicators of compromise, there’s great value in taking a closer look at the TTPs attackers regularly use, which will help narrow the playing field and find potential “choke points on the chess board.”

Making space for more 5G attacks: With access to an ever-increasing array of connected technologies, cybercriminals will inevitably find new opportunities for compromise. With more devices coming online every day, we anticipate that cybercriminals will take greater advantage of connected attacks in the future. A successful attack against 5G infrastructure could easily disrupt critical industries such as oil and gas, transportation, public safety, finance, and healthcare.

Navigating a New Era of Cybercrime

Cybercrime impacts everyone, and the ramifications of a breach are often far-reaching. However, threat actors don’t have to have the upper hand. Our security community can take many actions to better anticipate cybercriminals’ next moves and disrupt their activities: collaborating across the public and private sectors to share threat intelligence, adopting standardized measures for incident reporting, and more.

Organisations also have a vital role to play in disrupting cybercrime. This starts with creating a culture of cyber resilience—making cybersecurity everyone’s job—by implementing ongoing initiatives such as enterprise-wide cybersecurity education programs and more focused activities like tabletop exercises for executives. Finding ways to shrink the cybersecurity skills gap, such as tapping into new talent pools to fill open roles, can help enterprises navigate the combination of overworked IT and security staff as well as the growing threat landscape. And threat sharing will only become more important in the future, as this will help enable the quick mobilization of protections.

Choosing Secure Web Hosting Environments: Seven top tips for IT Managers

 960 640 Stuart O'Brien
By:
0
0

The security of a brand’s website is paramount. For IT managers, selecting a hosting environment is a crucial decision that significantly impacts security, performance, and reliability. So what are the essential factors? Here are seven to get you started…

1. Security Features

The foremost consideration is the security features offered by the hosting provider. This includes firewalls, intrusion detection and prevention systems (IDPS), regular malware scanning, and DDoS (Distributed Denial of Service) protection. It’s essential that the provider implements robust measures to safeguard against common threats such as SQL injection, cross-site scripting (XSS), and other types of cyberattacks. Additionally, options for SSL (Secure Sockets Layer) certificates are crucial for encrypting data transmitted between the server and the users.

2. Compliance and Data Protection

Compliance with legal and regulatory standards, particularly the General Data Protection Regulation (GDPR), is a critical factor. The hosting provider must ensure that their operations comply with these regulations, especially in handling and storing user data. This includes having clear data protection policies and potentially offering data hosting within specific geographical locations to meet regulatory requirements.

3. Server Location

The physical location of the servers can significantly impact website performance and latency. Server locations closer to the website’s primary user base can improve loading times, enhancing user experience. Furthermore, IT managers must consider the legal and political stability of the server location, as it can affect data security and accessibility.

4. Scalability and Performance

The ability of the hosting environment to scale according to the website’s traffic and resource demands is vital. IT managers should assess the hosting provider’s capacity to handle traffic spikes and scalability options to accommodate business growth. Performance metrics such as uptime guarantees are also critical, as downtime can severely impact the brand’s reputation and revenue.

5. Backup and Disaster Recovery

Effective backup and disaster recovery solutions are crucial in maintaining data integrity. IT managers must ensure that the hosting provider offers regular backups, easy data retrieval, and a comprehensive disaster recovery plan. This is essential for mitigating data loss risks due to hardware failures, cyberattacks, or other unforeseen events.

6. Technical Support and Service Level Agreements (SLAs)

Reliable technical support is a key aspect of a secure hosting environment. IT managers should seek providers who offer 24/7 support with a proven track record of responsiveness and technical expertise. Additionally, clear SLAs outlining service expectations, responsibilities, and response times can provide assurance of the hosting provider’s commitment to quality service.

7. Reviews and Reputation

Lastly, the reputation and reviews of the hosting provider should be considered. IT managers can gain valuable insights from other customers’ experiences, particularly regarding the provider’s reliability, customer service, and security incident handling.

When selecting a hosting environment for a brand’s website, IT managers must undertake a thorough assessment of security features, compliance, server location, scalability, performance, backup, support, and provider reputation. By carefully considering these factors, they can ensure a secure and reliable online presence for the brand, safeguarding both the company and its customers against the ever-present threats in the digital landscape.

Photo by Desola Lanre-Ologun on Unsplash

MALWARE MONTH: Devising effective anti-malware strategies

 960 640 Stuart O'Brien
By:
0
0

In the complex cybersecurity landscape of the UK, Chief Information Security Officers (CISOs) face the daunting task of protecting their organisations against a multitude of evolving malware threats. An effective anti-malware strategy is essential for safeguarding sensitive data and maintaining business continuity. Here we delve into the key considerations that CISOs must weigh when formulating such a strategy…

1. Comprehensive Threat Analysis

The first step in crafting an anti-malware strategy is a thorough understanding of the current threat landscape. CISOs need to analyse the types of malware most likely to target their sector, including ransomware, spyware, Trojans, and worms. Understanding the techniques employed by cybercriminals, such as phishing, drive-by downloads, or zero-day exploits, is crucial. This analysis should guide the development of a strategy that addresses specific vulnerabilities and potential attack vectors.

2. Layered Defence Mechanisms

In the world of cybersecurity, relying on a single line of defence is insufficient. CISOs must adopt a multi-layered approach that encompasses not just anti-malware software but also firewalls, intrusion detection systems, and email filtering. Each layer serves to block different types of threats and provides redundancy should one layer fail.

3. Integration with Existing IT Infrastructure

Any anti-malware solution must seamlessly integrate with the existing IT infrastructure. CISOs should ensure compatibility with current systems to avoid any disruptions in operations. This also involves considering the scalability of the solution to accommodate future organisational growth and technological advancements.

4. Regular Software Updates and Patch Management

Keeping software up-to-date is a fundamental aspect of an anti-malware strategy. CISOs must implement robust policies for regular updates and patches, as outdated software is a common entry point for malware. This includes not only security software but also operating systems and other applications.

5. Employee Education and Awareness

Human error remains one of the largest vulnerabilities in cybersecurity. CISOs must prioritise educating employees about safe online practices, recognising phishing attempts, and the importance of reporting suspicious activities. Regular training sessions, simulations, and awareness campaigns can significantly reduce the risk of malware infections.

6. Incident Response Planning

Despite the best preventive measures, malware breaches can still occur. Therefore, a well-defined incident response plan is vital. This plan should outline the steps to be taken in the event of an infection, including containment procedures, eradication of the threat, recovery actions, and communication protocols.

7. Compliance and Legal Considerations

CISOs must also consider legal and regulatory requirements, such as the General Data Protection Regulation (GDPR), which mandates stringent data protection measures. Failure to comply can result in substantial fines and reputational damage.

8. Continuous Monitoring and Analysis

Finally, continuous monitoring and analysis of network traffic and system activities are essential for early detection of malware. Implementing advanced analytics and AI-driven tools can help in identifying anomalies that might indicate a malware infection.

For CISOs in the UK, devising an anti-malware strategy requires a balanced approach that combines technological solutions with employee training and robust policies. As malware threats continue to evolve, so must the strategies to combat them. A proactive, dynamic, and comprehensive approach is key to safeguarding an organisation’s digital assets against the ever-present threat of malware.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Michael Geiger on Unsplash

Threat Predictions for 2024: Chained AI and CaaS operations give attackers more ‘easy’ buttons 

 960 640 Guest Post
By:
0
0

With the growth of Cybercrime-as-a-Service (CaaS) operations and the advent of generative AI, threat actors have more “easy” buttons at their fingertips to assist with carrying out attacks than ever before. By relying on the growing capabilities in their respective toolboxes, adversaries will increase the sophistication of their activities. They’ll launch more targeted and stealthier hacks designed to evade robust security controls, as well as become more agile by making each tactic in the attack cycle more efficient.

In its 2024 threat predictions report, the FortiGuard Labs team looks at a new era of advanced cybercrime, examines how AI is changing the (attack) game, shares fresh threat trends to watch for this year and beyond, and offers advice on how organisations everywhere can enhance their collective resilience against an evolving threat landscape…

The Evolution of Old Favorites

We’ve been observing and discussing many fan-favorite attack tactics for years, and covered these topics in past reports. The “classics” aren’t going away—instead, they’re evolving and advancing as attackers gain access to new resources. For example, when it comes to advanced persistent cybercrime, we anticipate more activity among a growing number of Advanced Persistent Threat (APT) groups. In addition to the evolution of APT operations, we predict that cybercrime groups, in general, will diversify their targets and playbooks, focusing on more sophisticated and disruptive attacks, and setting their sights on denial of service and extortion.

Cybercrime “turf wars” continue, with multiple attack groups homing in on the same targets and deploying ransomware variants, often within 24 hours or less. In fact, we’ve observed such a rise in this type of activity that the FBI issued a warning to organizations about it earlier this year.

And let’s not forget about the evolution of generative AI. This weaponisation of AI is adding fuel to an already raging fire, giving attackers an easy means of enhancing many stages of their attacks. As we’ve predicted in the past, we’re seeing cybercriminals increasingly use AI to support malicious activities in new ways, ranging from thwarting the detection of social engineering to mimicking human behavior.

Fresh Threat Trends to Watch for in 2024 and Beyond

While cybercriminals will always rely on tried-and-true tactics and techniques to achieve a quick payday, today’s attackers now have a growing number of tools available to them to assist with attack execution. As cybercrime evolves, we anticipate seeing several fresh trends emerge in 2024 and beyond. Here’s a glimpse of what we expect.

Give me that big (playbook) energy: Over the past few years, ransomware attacks worldwide have skyrocketed, making every organisation, regardless of size or industry, a target. Yet, as an increasing number of cybercriminals launch ransomware attacks to attain a lucrative payday, cybercrime groups are quickly exhausting smaller, easier-to-hack targets. Looking ahead, we predict attackers will take a “go big or go home” approach, with adversaries turning their focus to critical industries—such as healthcare, finance, transportation, and utilities—that, if hacked, would have a sizeable adverse impact on society and make for a more substantial payday for the attacker. They’ll also expand their playbooks, making their activities more personal, aggressive, and destructive in nature.

It’s a new day for zero days: As organisations expand the number of platforms, applications, and technologies they rely on for daily business operations, cybercriminals have unique opportunities to uncover and exploit software vulnerabilities. We’ve observed a record number of zero-days and new Common Vulnerabilities and Exposures (CVEs) emerge in 2023, and that count is still rising. Given how valuable zero days can be for attackers, we expect to see zero-day brokers—cybercrime groups selling zero-days on the dark web to multiple buyers—emerge among the CaaS community. N-days will continue to pose significant risks for organizations as well.

Playing the inside game: Many organisations are leveling up their security controls and adopting new technologies and processes to strengthen their defenses. These enhanced controls make it more difficult for attackers to infiltrate a network externally, so cybercriminals must find new ways to reach their targets. Given this shift, we predict that attackers will continue to shift left with their tactics, reconnaissance, and weaponisation, with groups beginning to recruit from inside target organisations for initial access purposes.

Ushering in “we the people” attacks: Looking ahead, we expect to see attackers take advantage of more geopolitical happenings and event-driven opportunities, such as the 2024 U.S. elections and the Paris 2024 games. While adversaries have always targeted major events, cybercriminals now have new tools at their disposal—generative AI in particular—to support their activities.

Narrowing the TTP playing field: Attackers will inevitably continue to expand the collection of tactics, techniques, and procedures (TTPs) they use to compromise their targets. Yet defenders can gain an advantage by finding ways to disrupt those activities. While most of the day-to-day work done by cybersecurity defenders is related to blocking indicators of compromise, there’s great value in taking a closer look at the TTPs attackers regularly use, which will help narrow the playing field and find potential “choke points on the chess board.”

Making space for more 5G attacks: With access to an ever-increasing array of connected technologies, cybercriminals will inevitably find new opportunities for compromise. With more devices coming online every day, we anticipate that cybercriminals will take greater advantage of connected attacks in the future. A successful attack against 5G infrastructure could easily disrupt critical industries such as oil and gas, transportation, public safety, finance, and healthcare.

Navigating a New Era of Cybercrime

Cybercrime impacts everyone, and the ramifications of a breach are often far-reaching. However, threat actors don’t have to have the upper hand. Our security community can take many actions to better anticipate cybercriminals’ next moves and disrupt their activities: collaborating across the public and private sectors to share threat intelligence, adopting standardized measures for incident reporting, and more.

Organisations also have a vital role to play in disrupting cybercrime. This starts with creating a culture of cyber resilience—making cybersecurity everyone’s job—by implementing ongoing initiatives such as enterprise-wide cybersecurity education programs and more focused activities like tabletop exercises for executives. Finding ways to shrink the cybersecurity skills gap, such as tapping into new talent pools to fill open roles, can help enterprises navigate the combination of overworked IT and security staff as well as the growing threat landscape. And threat sharing will only become more important in the future, as this will help enable the quick mobilization of protections.