If 2023 was marked by cybercriminals’ remarkable adaptability and relentless pursuit of new avenues to achieve their goals – be it through exploiting vulnerabilities, gaining unauthorised access, compromising sensitive information, or defrauding individuals – the year ahead is likely to be defined by similar challenges.

“Business cybersecurity needs will depend on how advanced and persistent threat (APT) groups adjust their strategies in 2024. Fortunately, threat intelligence can help organisations to prioritise where to focus limited resources for maximum effect,” says Carey van Vlaanderen, CEO of ESET Southern Africa.

By collecting, analysing, and contextualising information about cyber threats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk.

“In the latter half of 2023, ESET’s global Threat Reports detailed several significant cybersecurity incidents, emphasising the industry’s need for vigilance and innovation. As Artificial Intelligence entered the mainstream, we saw a rise in AI-enabled cyberattacks. The use of AI is effective in automating certain forms of hacking while simultaneously lowering the bar for less technically able cybercriminals,” notes van Vlaanderen.

Along with criminals leveraging AI tools to create malicious code and legitimate-sounding email messages, ESET pinpointed campaigns specifically targeting ChatGPT users and attempts to access malicious domains mimicking the name, such as ‘ChapGPT’.

“The advancement of AI in IT and its integration into business operations in South Africa is a significant industry development. ESET has long incorporated AI in its Machine Learning technology, recognising the great potential as well as the risks associated with this rapid technological advancement.”

Van Vlaanderen adds that the previous 12 months also saw an increase in the sophistication of more common online scams, including cryptocurrency romance schemes, OTP bot scams, and business email compromise (BEC) attacks.

“Unfortunately, there’s little sign of attackers switching to other tactics, especially when malware-laden phishing links, emails, and ransomware are so effective. This is why prevention in the form of multilayered protection technology is so critical for businesses and individuals alike.”

ESET’s introduction of Patch Management and VPN services for SME clients in 2023 was a key milestone in creating a more secure environment for South African businesses, says van Vlaanderen. “Despite a challenging local economic environment, we’ve enhanced our set of comprehensive security solutions to ensure the South African market benefits from our award-winning digital security.”

Looking ahead, van Vlaanderen says Managed Detection and Response (MDR) services are set to be a major trend for businesses to watch. MDR, the specialised service offered by external providers, is designed to help organisations proactively search for and respond to cybersecurity threats as soon as they are identified.

“MDR tackles several key challenges faced by modern businesses at once, most especially the shortfall of in-house security expertise. Establishing and training dedicated security teams for continuous threat monitoring is possible for larger organisations with ample resources, but much harder for SMEs. Added to the challenge is that SMEs are attractive and therefore frequent targets of cyberattacks, but simply cannot maintain a dedicated team of skilled security professionals to monitor and manage the sheer volume of evolving threats.”

Given the prevalence of advanced and persistent threats, van Vlaanderen predicts sustained growth in the MSP channel area, particularly where the cybersecurity needs in southern and eastern African countries can be addressed more thoroughly.

“Similar to other regions, including South Africa, east Africa is confronted with various cyber threats such as phishing, malware, ransomware, and data breaches. These threats are aimed at both individuals and businesses, with cybercriminals pursuing financial profit, data theft, or disruption to key services, all in an environment where exchange rate challenges and persistent skills shortages only add to the hurdles to be overcome.”

As the new year picks up pace, van Vlaanderen says businesses will have to navigate a complex and evolving terrain of cyber threats. “Today’s cybercriminals are well-resourced, dynamic, and often rely on the element of surprise in their attacks.

“One of the best ways organisations can level the playing field and gain the upper hand is by understanding the threat landscape to make more informed decisions.

“In addition to greater awareness, having robust security solutions in place is the best way to prevent attacks from happening, and help businesses build the necessary resilience they need for the future.”