Cyberthreats are more sophisticated and complex than ever and evolving quickly with new technology like AI becoming increasingly advanced every day. Cultivating a security culture is paramount to strengthen an organisation’s human firewall, says security specialist KnowBe4 in its 2024 cybersecurity predictions for the EMEA region.
The predicted cybersecurity trends for 2024 from KnowBe4’s team of local industry experts include:
- Cloud service attacks – A rise in attacks on cloud services unfortunately means that we will see successful attacks on either cloud providers, or cloud-based applications, or both. This will potentially result in loss of availability of services and a breach of personal data and intellectual property. It is interesting to note that the UK is the most targeted country in EMEA and therefore has a higher likelihood for attacks.
- Collaboration and information sharing – We will see an increased focus on collaboration and information sharing between national and international cybersecurity agencies – and ultimately between public and private partnerships to combat cybercrime, address nation and state threats, and to proactively detect and respond to emerging cyberthreats.
- Legislation on AI – Much needed legislation on AI, more specifically generative AI, will come to fruition throughout Europe in the next year. The laws are incredibly vague at the moment leaving them open for misinterpretation and abuse by organisations. The Digital Service Act and the proposed European Union AI Act are some of the legislation that will force generative AI providers in the EU to be more transparent and adhere to disclosure requirements which will bring about clarity for organisations in terms of what is and isn’t allowed. Similarly, Africa currently lacks AI legislation. However, three African countries – Mauritius, Egypt, and Kenya – have made efforts to advance policy documents dedicated specifically to AI. In contrast, the Dubai International Financial Centre (DIFC) has already enacted amendments to its Data Protection Regulations earlier this year. New requirements on the processing of personal data via autonomous and semi-autonomous systems like AI were introduced and were applicable as of 1 September 2023. This marks some of the first legislation in the UAE with regards to AI.
- Ransomware attacks to aim for supply chain services – Ransomware cybercriminal groups will continue to increase their attacks, but will be more targeted and work to attack supply chain services to disrupt and damage organisations around the world.
- Internal training and AI to lessen the cybersecurity skills gap – According to ISACA, the EU currently has a shortage of between 260 000 to 500 000 tech workers. Microsoft’s Digital Defense Report shows that the demand for cybersecurity skills has grown by an average of 35% in Africa in 2022 alone – and a recent study by Trellix found that 66% of IT managers in the UAE and Saudi Arabia think that their organisations do not have the right people or processes in place to be cyber resilient. This gaping hole in skills shortage is not going to be filled any time soon leaving organisations vulnerable to cyberattacks. Organisations will have little choice but to employ tech workers with less desired qualifications and certifications to attempt to combat cybercrime. In addition, they will continue to fill the skills gap by training employees across departments to become the human firewall against cyberattacks – and using AI-powered defence for better threat detection and incident response.
- Disinformation campaigns to lead to extortion schemes – Disinformation campaigns will be used to launch attacks or distract from ongoing attacks. We can expect to see related service offerings on the dark web, giving rise to disinformation as a service. This will impact politics and the private sector. Disinformation becomes a tool in the toolset of cybercriminals seeking to extract money from legitimate private businesses through extortion schemes. Attackers will increase their use of deep fakes – including video and voice.
- Privacy by demand – Privacy regulations are forcing organisations to adapt and we will see privacy by design and user experience privacy gain traction. In particular, the use of generative AI in organisations, ethical considerations, and privacy by design will become more prevalent.
- Cyber resilience will become a priority – Ensuring that organisations continue to function despite cyberattacks will continue to be a top strategic priority for many – acknowledging that having such a strategy in place is vital. Organisations will place greater emphasis on developing and nurturing a security culture as it’s one of the best ways to protect their data and systems from cyberattacks and to ensure that attacks are detected and reported quickly if successful.
“Cyberattacks like phishing are getting more difficult to detect,” says Stu Sjouwerman, CEO of KnowBe4. “It is imperative that employees keep the threat of phishing attacks top of mind and not become complacent. This is only made possible by recurrent security awareness training and simulated phishing so that end users have the knowledge to identify phishing attacks, report them, and better protect their organisations. It comes down to building a strong security culture and we will see organisations continue to focus and build on this in 2024.”