3 UK Cyber Security Trends to Watch in 2024

Staying up to day with the latest successful cyber information has arguably ne'er been much paramount than successful 2024. Financial services supplier Allianz named cyber attacks this year’s biggest hazard for concern successful the U.K. and a apical interest for businesses of each sizes for the archetypal time. However, galore professionals are inactive successful the acheronian astir what the events successful Q1 archer america astir the cyber scenery for the remainder of the twelvemonth that could person important consequences.

TechRepublic consulted U.K. manufacture experts to place the 3 astir important trends successful cyber information — AI, zero days and IoT information — and supply guidance arsenic to however businesses tin champion clasp their fort.

1. Sophisticated cyber attacks with AI

In January 2024, the U.K.’s National Cyber Security Centre warned that the planetary ransomware menace was expected to rise owed to the availability of AI technologies, with attacks expanding successful some measurement and impact. The hazard to U.K. businesses is particularly pronounced, with a caller Microsoft study uncovering that 87% are either “vulnerable” oregon “at precocious risk” of cyber attacks. The Minister for AI and Intellectual Property, Viscount Camrose, has specifically highlighted the request for U.K. organizations to “step up their cyber information plans,” arsenic it is the third astir targeted state successful the world erstwhile it comes to cyber attacks, aft the U.S. and Ukraine.

James Babbage, the manager wide for threats astatine the National Crime Agency, said successful the NCSC’s post: “AI services little barriers to entry, expanding the fig of cyber criminals, and volition boost their capableness by improving the scale, velocity and effectiveness of existing onslaught methods.”

Criminals tin usage the exertion to signifier much convincing societal engineering attacks and summation archetypal web access. According to Google Cloud’s planetary Cybersecurity Forecast report, ample connection models and generative AI “will beryllium progressively offered successful underground forums arsenic a paid service, and utilized for assorted purposes specified arsenic phishing campaigns and spreading disinformation.”

SEE: Top AI Predictions for 2024 (Free TechRepublic Premium Download)

Jake Moore, the planetary cybersecurity advisor for net information and antivirus institution ESET, has been looking into real-time cloning bundle that uses AI to swap a video caller’s look with idiosyncratic else’s. He told TechRepublic via email: “This technology, on with awesome AI dependable cloning software, is already starting to marque the authenticity of a video telephone questionable which could person a devastating interaction connected businesses of each sizes.”

OpenAI announced connected March 29, 2024 that it was taking a “cautious and informed approach” erstwhile it comes to releasing its dependable cloning instrumentality to the wide nationalist “due to the imaginable for synthetic dependable misuse.” The exemplary called Voice Engine is capable to convincingly replicate a user’s dependable with conscionable 15 seconds of recorded audio.

“Malicious hackers thin to usage a assortment of techniques to manipulate their victims but awesome caller exertion without boundaries oregon regulations is making it easier for cybercriminals to power radical for fiscal summation and adhd yet different instrumentality to their ever-growing toolkit,” said Moore.

“Staff request to beryllium reminded that we are moving into an property wherever seeing is not ever believing, and verification remains the cardinal to security. Policies indispensable ne'er beryllium chopped shy successful favour of spoken instructions and each unit request to beryllium alert of (real-time cloning software) which is astir to detonate implicit the adjacent 12 months.”

2. More palmy zero-day exploits

Government statistic recovered that 32% of U.K. businesses suffered a known information breach oregon cyber onslaught successful 2023. Raj Samani, elder vice president main idiosyncratic astatine unified cyber information level Rapid7, believes that endeavor attacks volition stay peculiarly predominant successful the U.K. passim this year, but added that menace actors are besides much sophisticated.

He told TechRepublic successful an email: “One of the astir emergent trends implicit 2023 that we are seeing proceed into 2024 is the sheer fig of exploited Zero Days by menace groups that we ordinarily would not person anticipated having specified capabilities.

“What this means for the U.K. cybersecurity assemblage is the request for faster triaging of information update prioritization. It is imperative that organizations of each sizes instrumentality an attack to amended the recognition of captious advisories that interaction their environment, and that they incorporated discourse into these decisions.

“For example, if a vulnerability is being exploited successful the chaotic and determination are nary compensating controls — and it is being exploited by, for example, ransomware groups — past the velocity with which patches are applied volition apt request to beryllium prioritized.”

SEE: Top Cybersecurity Predictions for 2024 (Free TechRepublic Premium Download)

The “Cyber information breaches survey 2023” by the U.K. authorities recovered declines successful the cardinal cyber hygiene practices of password policies, web firewalls, restricted admin rights and policies to use bundle information updates wrong 14 days. While the information mostly reflects shifts successful micro, tiny and mean businesses, the laxness importantly increases the scope of targets disposable to cyber criminals, and highlights the necessity for betterment successful 2024.

“Personal information continues to beryllium a hugely invaluable currency,” Moore told TechRepublic. “Once employees fto their defender down (attacks) tin beryllium highly successful, truthful it is captious that unit members are alert of (the) tactics that are used.”

3. Renewed absorption connected IoT security

By April 29, 2024, each IoT instrumentality suppliers successful the U.K. volition request to comply with the Product Security and Telecommunications Act 2022, meaning that, arsenic a minimum:

1. Devices indispensable beryllium password enabled.
2. Consumers tin intelligibly study information issues.
3. The duration of the device’s information enactment is disclosed.

While this is simply a affirmative step, galore organizations proceed to trust heavy upon bequest devices that whitethorn nary longer person enactment from their supplier.

Moore told TechRepublic successful an email: “IoT devices person acold excessively often been packaged up with anemic — if immoderate — built-in information features truthful (users) are connected the backmost ft from the get spell and often bash not recognize the imaginable weaknesses. Security updates besides thin to beryllium infrequent which enactment further risks connected the owner.”

Organizations relying connected bequest devices see those that grip captious nationalist infrastructure successful the U.K., similar hospitals, utilities and telecommunications. Evidence from Thales submitted for a U.K. authorities study connected the menace of ransomware to nationalist security stated “it is not uncommon wrong the CNI assemblage to find aging systems with agelong operational beingness that are not routinely updated, monitored oregon assessed.” Other grounds from NCC Group said that “OT (operational technology) systems are overmuch much apt to see components that are 20 to 30 years aged and/or usage older bundle that is little unafraid and nary longer supported.” These older systems enactment indispensable services astatine hazard of disruption.

SEE: Top IIoT information risks

According to IT information institution ZScaler, 34 of the 39 most-used IoT exploits person been contiguous successful devices for astatine slightest 3 years. Furthermore, Gartner analysts predicted that 75% of organizations volition harbor unmanaged oregon bequest systems that execute mission-critical tasks by 2026 due to the fact that they person not been included successful their zero-trust strategies.

“IoT owners indispensable recognize the risks erstwhile putting immoderate net connected instrumentality successful their concern but forcing IoT devices to beryllium much unafraid from the plan signifier is captious and could spot up galore communal onslaught vectors,” said Moore.