The first quarter of 2024 is the perfect time to look back at the cybersecurity predictions of 2023. If they came true or not, the expected challenges of 2024, and how seriously small and medium-sized businesses should take future predictions.
Predictions from Gartner, CISO, and the Center for Internet Security will serve as our source of information about the cybersecurity landscape of 2023. According to Gartner, AI would be leveraged to manage threat detection and incident response plans. CISO put a number to Gartner’s prediction and stated that approximately 61% of enterprises or cybersecurity officers would leverage AI by the end of 2023. Next, a survey on ransomware experiences stated that 96% of enterprises will be attacked, and most victims will pay up in 2023. Finally, Gartner predicted the increase in privacy regulations, but only approximately 10% of organizations will utilize it to their advantage.
Scrutinizing these predictions shows that they generally came through. Approximately 72% of businesses were attacked using ransomware in 2023, and most victims paid up to regain access to stolen data. AI-driven cyberattacks increased as expected, but only 28% of enterprises leveraged AI for cybersecurity operations, far from the 61% predicted for 2023. Lastly, the integration of privacy regulations occurred but at a slower rate than expected.
Cybersecurity Threats and Challenges to SMBs in 2024
While yesterday’s cybersecurity challenges were unprecedented, today’s challenges are even more dynamic. Hence, capturing the depth of 2024’s cybersecurity challenges for small and medium-sized businesses required extensive predictive analysis by industry-leading research groups. The top 5 cybersecurity challenges include:
- AI-driven Social Engineering – 85% of data breaches involve human interactions and error. Consequently, bad actors employ diverse social engineering techniques to trick humans into making mistakes that leave IT systems open to attacks. SMBs are even more vulnerable to social engineering tactics due to the limited cybersecurity tools and employee training. The application of social engineering techniques to exploit humans is expected to increase in 2024. AI will drive this increase. Hackers continue to exploit AI to create compelling messages, documents, and files that mimic original correspondence. AI-powered dissemination methods also enable sending tens of thousands of emails daily and the ability to draft quick and accurate replies when phishing mails are answered.
- Third-Party Exposure – The interconnected cyber-physical space creates multiple end points that are exploitable. Cybercriminals are expected to consistently check for less-protected networks or devices, such as IoT device, mobile devices, or check printers, that belong to third-parties but have authorized access to the criminal’s primary target. An example was the theft of Okta’s employee data.
Okta, a secure identity cloud service provider, provides cloud services to SMBs interested in streamlining multiple work functions through a singular platform. In October 2023, hackers exploited vulnerabilities within a healthcare vendor’s network connected to Okta’s cloud. The hackers were able to exploit the vulnerability to steal the personal identifiable information of 5,000 Okta employees.
SMBs are more vulnerable to third-party exposure due to the number of third-party services they subscribe to, and cybercriminals know this. These vulnerabilities are expected to be exploited, and successful breaches will be leveraged in 2024. - Increased Cloud Attacks – At the onset
of the paradigm shift from physical or onsite storage to cloud in the 2010’s,
many predicted the cloud to offer safer computing options in time. Although
multiple security frameworks dedicated to the cloud have been introduced, the
cloud remains vulnerable. According to IBM, cloud vulnerabilities have increased by 150% between
2015 and 2020. This increase is due to the unprecedented growth in attacks on
cloud-based infrastructure.
SMBs must remain aware of the threats associated with cloud vulnerabilities as the increased threat to cloud security will continue in 2024. Adopting Zero Trust security architecture and other access control models can and will be leveraged to address the increasing cyber security threats to cloud infrastructure. - Privacy in Remote Work – The pandemic took remote working to new heights and by 2023, 80%
of small businesses have adopted remote work and working with freelancers in
diverse capacities. With remote work comes new privacy challenges and approximately
70%
of SMBs say they are not prepared to handle the security challenges that
come with remote work and outsourcing. Furthermore, only 45% of SMBs provide
adequate cybersecurity training to employees.
The privacy challenges for remote work includes unsecured networks due to the use of third-party applications, inadequate security measures, human error, configuration issues, and endpoint security challenges. 2024 will see hackers continue to exploit vulnerabilities caused by the IT infrastructure needed to manage remote workloads. - Inadequate Data Management Policies – Over 85%
of SMBs recognize the importance of adopting new digital transformative
solutions and most have embraced it to varying extent. Today, the average SMB
leverages digital technologies to process payments and deliver services to
customers thus collecting data that could prove insightful to optimizing
customer service. However, collecting customer data is just one phase of the
data management process while protecting collected data is crucial to the
survival of most SMBs.
The fact that 75% of SMB go out of business after experiencing a data breach underscores the importance of integrating an incident response or cybersecurity policy in place. But this is not the case. 36% of SMBs are not concerned about cybersecurity and only 17% utilize encryption to protect data. This means lack of an enforceable data management policy will continue to provide cybercriminals with loopholes to exploit.
Planning for the Future
The cybersecurity challenges SMBs face is expected to continue at an accelerated pace in 2024. Hence, decision-makers or owners of SMBs must make conscious efforts to understand today’s threats and to be able to implement measures in place to mitigate these challenges. Embracing digital technologies is no longer enough for success. Today’s recipe for success includes actively protecting your business and the customers it serves from cyberthreats and the criminals behind them.