Predicted trends for 2024 include legislation on AI, ransomware attacks to aim for supply chain services, disinformation campaigns to lead to extortion schemes and more
JOHANNESBURG, South Africa, December 6, 2023: KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, announced its 2024 cybersecurity predictions for Europe, the Middle East and Africa (EMEA) from its team of local industry experts.
Cyber threats are more sophisticated and complex than ever and evolving quickly with new technology like AI becoming increasingly advanced every day. Cultivating a security culture is paramount to strengthen an organization’s human firewall.
The predicted cybersecurity trends for 2024 include:
Cloud service attacks
A rise in attacks on cloud services unfortunately means that we will see successful attacks on either cloud providers or cloud-based applications or both. This will potentially result in loss of availability of services, breach of personal data and intellectual property. It is interesting to note that the UK is the most targeted country in EMEA and therefore has a higher likelihood for attacks.
Collaboration and information sharing
We will see an increased focus on collaboration and information sharing between national and international cybersecurity agencies; and ultimately between public and private partnerships to combat cybercrime, address nation and state threats; and to proactively detect and respond to emerging cyber threats.
Legislation on AI
Much needed legislation on AI, more specifically generative AI, will come to fruition throughout Europe in the next year. The laws are incredibly vague at the moment leaving them open for misinterpretation and abuse by organizations. The Digital Service Act and the proposed European Union AI Act are some of the legislation that will force generative AI providers in the EU to be more transparent and adhere to disclosure requirements, which will bring about clarity for organizations in terms of what is and isn’t allowed.
Similarly, Africa lacks AI legislation right now. However, three African countries, Mauritius, Egypt and Kenya, have made efforts to advance policy documents dedicated specifically to AI.
In contrast, the Dubai International Financial Centre (DIFC) has already enacted amendments to its Data Protection Regulations earlier this year. New requirements on the processing of personal data via autonomous and semi-autonomous systems, like AI, were introduced and were applicable as of 1 September 2023. This marks some of the first legislation in the UAE with regards to AI.
Ransomware attacks to aim for supply chain services
Ransomware cybercriminal groups will continue to increase their attacks but will be more targeted and work to attack supply chain services to disrupt and damage organizations around the world.
Internal training and AI to lessen the cybersecurity skills gap
According to ISACA, the EU currently has a shortage of between 260,000 to 500,000 tech workers. Microsoft’s Digital Defense Report shows that the demand for cybersecurity skills has grown by an average of 35% in Africa in 2022 alone, and a recent study by Trellix found that 66% of IT managers in the UAE and Saudi Arabia think that their organizations do not have the right people or processes in place to be cyber resilient.
This gaping hole in skills shortage is not going to be filled any time soon, leaving organizations vulnerable to cyber attacks. Organizations will have little choice but to employ tech workers with less desired qualifications and certifications to attempt to combat cybercrime. In addition, they will continue to fill the skills gap by training employees across departments to become the human firewall against cyber attacks; and using AI-powered defense for better threat detection and incident response.
Disinformation campaigns to lead to extortion schemes
Disinformation campaigns will be used to launch attacks or distract from ongoing attacks. We can expect to see related service offerings on the dark web, giving rise to disinformation as a service. This will impact politics and the private sector. Disinformation becomes a tool in the tool set of cybercriminals seeking to extract money from legitimate private businesses through extortion schemes. Attackers will increase their use of deep fakes, including video and voice.
Privacy by demand
Privacy regulations are forcing organizations to adapt and we will see privacy by design and user experience privacy gain traction. In particular, the use of generative AI in organizations, ethical considerations and privacy by design will become more prevalent.
Cyber resilience will become a priority
Ensuring that organizations continue to function despite cyber attacks will continue to be a top strategic priority for many, acknowledging that having such a strategy in place is vital. Organizations will place greater emphasis on developing and nurturing a security culture, as it’s one of the best ways to protect their data and systems from cyber attacks; and to ensure that attacks are detected and reported quickly if successful.
“Cyber attacks like phishing are getting more difficult to detect,” said Stu Sjouwerman, CEO, KnowBe4. “It is imperative that employees keep the threat of phishing attacks top of mind and not become complacent. This is only made possible by recurrent security awareness training and simulated phishing so that end users have the knowledge to identify phishing attacks, report them and better protect their organizations. It comes down to building a strong security culture and we will see organizations continue to focus and build on this in 2024.”