5 cyber security trends for 2024
As technology advances, so do the cyber security needs of businesses of all sizes. With many businesses relying on cloud-based solutions across various business functions it’s important to stay on top of how cyber security threats are evolving.
Attacks are becoming more sophisticated and multi-faceted. This is underpinned by trends in artificial intelligence (AI) and the emergence of 'as a service' cyber criminals. So, businesses need to be more aware than ever of how they can help secure their systems against potential data breaches.
By staying on top of emerging cyber security threats you’ll be better placed to consider how to protect your business and be ready to respond to any changes in the regulatory environment. Here are five areas where changes in the cyber landscape may have implications for your business.
1. The emergence of deep fakes
Cyber security threats are becoming more sophisticated. Cyber criminals are using new technologies, such as AI, in their attacks. This can make it even more difficult for people to distinguish between what is real and what is a potential scam.
Deep fakes are a fairly new type of threat. According to VMWare’s 2022 Global Incident Response Threat Report, two out of three cyber security professionals saw malicious deep fakes used as part of a strike against businesses in 2022.
Deep fakes involve digitally altering a video or voice of a person (the cyber-criminal) to appear to be someone else. Typically, the ‘fake’ person might be known to the business, such as a supplier or partner, trying to extract sensitive information or for financial gain.
The use of deep fakes may have implications for front facing areas of small businesses. Customer service or finance teams dealing with phone and video calls may be particularly susceptible to deep fakes.
These types of threats can also be viewed as an evolution of existing scams, such as phishing. The end objective is the same. But the means through which cyber criminals attempt to gain access is becoming more sophisticated.
Educating people remains one of the most important ways to stay secure. If you're being pushed to act quickly, slow down, think and validate the communication is genuine before acting. Make sure your team know to do the same. This is particularly important for banking or personal information.
2. ‘Blended’ cyber threats
In the past, cyber threats were typically one dimensional. For example, you might receive a suspicious email or text message. However, ‘blended’ cyber threats are becoming increasingly commonplace and targeting small businesses.
With cybercrime becoming more sophisticated, you may be at more risk for ‘blended’ threats. That is, threats that are multifaceted, with multiple elements at play to put your business at risk.
What is a blended threat?
A blended threat represents a sophisticated form of attack that can combines various forms of malicious software and potentially includes deceptive practices, like social engineering. By combining tactics, criminals can exploit a wider range of vulnerabilities, leading to a higher likelihood of increased severity and more significant impacts compared to isolated threats.
These threats can involve several stages. For example, first, you might receive an email from what appears to be a known contact. This is followed up by a phone call from someone purporting to be that contact. They in turn might send a link and gain access to company systems, such as your customer relationship management (CRM) database.
These types of blended threats rely on building trust with people in your business. They target multiple touch points across the business. Ensure people are diligent across all communication points and aware of the potential of coordinated threats.
Investing in training to help develop a cyber secure mindset is important. You need to make sure cyber security is front of mind and becomes embedded in your business culture.
3. The impact of regulation
Recent high-profile attacks on Australian businesses have placed regulation in the spotlight. One of these is the proposed removal of the exemption to the Privacy Act for small businesses.
Currently, businesses with a turnover of $3 million or less are not required to keep personal information secure. Additionally, they do not need to notify affected people if there is a data breach.
The removal of this exemption may have implications for small businesses. This includes current privacy practices, as well as how and what information must be kept secure.
In preparation for any changes, consider what data you hold, where it's stored and how secure it is. Take proactive steps to better secure your customer data. Also be sure to keep updated as to any changes or key dates that could affect your business.
4. Securing your cloud
The use of cloud technologies continues to grow among small businesses. The Australian Bureau of Statistics (ABS) reports 76 percent of companies (20 to 199 employees), 65 percent (5 to 19 employees) and 49 percent (0 to 4 employees) were using cloud technologies.
Cloud technologies offer greater accessibility to advanced technologies and increased productivity. But security challenges remain. These include securing your data in third party applications.
As cloud uptake increases, small businesses can help keep their information secure by asking the right questions to cloud partners. For example, when accessing cloud applications, is multi-factor authentication used? Or, if dealing with a website provider, what kind of security is used to keep the site and network secure?
This can help you understand the cyber measures your cloud partner looks after, and what capabilities you may need to acquire.
5. Phishing as a service
Phishing has been commonplace for decades. It usually involves sending emails or other messages to obtain personal information, such as passwords and credit card numbers. An emerging cyber security trend is phishing as a service. This is making it easier for criminals to execute more sophisticated scams.
What is Phishing as a Service (PHaaS)?
Phishing-as-a-Service (PaaS) operates on a software-as-a-service model, providing access to phishing ‘know how’ in exchange for a fee. In this arrangement, cyber criminals act as the ‘service provider’, offering other criminals access to tools and knowledge for a phishing attack.
Phishing and AI
Phishing is also reaching new levels of sophistication through AI. They can help write emails with perfect spelling and grammar. They may have built-in translation capabilities, enabling attackers with limited English skills to write high-quality emails.
While the sophistication of phishing attacks is rising, small businesses can put in place measures to help prevent successful attacks. Steps you can take include:
- Educating yourself and your people on the risks associated with phishing.
- Slowing down to assess any unexpected requests that come in, especially if they relate to any form of payments or personal data requests.
- Considering other legitimate ways to contact the sender to check the communicate is genuine.
You can also consider implementing processes and email security solutions to help safeguard against phishing attacks.
How to help reduce risk and keep your business as secure as possible
Cyber security is an ever-evolving space. While the tools for helping to prevent cyber-attacks grow in sophistication, so too unfortunately, do the capabilities of cyber criminals.
There are things you can do to help make your business less of a target. Here are six steps that can help reduce the risk of a cyber-attack:
- Manage your passwords well: use unique passwords for all accounts via a password manager application.
- Set up multifactor authentication (MFA): It can help secure your various accounts from unauthorised access as a first line of defence. So, if it’s available set it up – it’s a simple place to start.
- Educate your team: Education helps keep your business secure. Be aware of the latest threats and build a strong culture of cyber security.
- Build a plan: Create a cyber incident response plan. If you lack cyber understanding, AI tools can help to build knowledge quickly.
- Create processes: Run tests and cyber drills with your team. This helps them understand what do to in the event of an attack.
- Always back-up: Regularly back-up your data and have a disaster recovery plan. Test your back-ups to ensure they work. If an attack occurs, your business-critical information will still be accessible.
- Get support: Look for support from a service provider when you need to. Consider your technology eco-system holistically rather than as individual solutions.
Help fight security breaches
By signing up for Cyber Wardens, a program from the Council of Small Business Organisations of Australia (COSBOA) that aims to educate businesses like yours on how to help fight online threats.