The global cost of data breaches has increased by 15% in the last three years - as we step into 2024 it is crucial to be aware of the emerging technology threats that could disrupt and harm businesses.
Cyber attacks are big money for organised crime and criminals will move with the times - much faster than businesses...
Our CEO Dan Ellis takes a look at the current landscape and makes his predictions on the four big risks for the coming 12 months….
Ransomware attacks on Microsoft 365, Google apps, Dropbox and major CRM systems...
Ransomware is when somebody breaks into your machine and encrypts your data before asking for a ransom in return for the password to release it.
Dan said he thinks the next logical step would be ransomware getting more intelligent and going after more than just the files on your computer.
He said: “Users are getting better at backing up their files on their local computer so the hackers are getting better at their targets. I think the next target will be cloud-based software.
“So if someone figures out your email password for example, they will log onto your account and encrypt all of your files in your mailbox or on attached Microsoft 365 or Google drives.”
AI-powered attacks with impersonation
An AI-powered attack could be that after an intruder gets access to your email account they may get an AI to read all of the emails you have ever sent - allowing the AI to impersonate you brilliantly.
Dan said: “They could email as you, using the same language, style and mannerisms you use whenever you send emails. They could even engage in a Teams discussion in the character of you or their victim.
"Another AI-powered attack could be Dark Web scanning. If you were on LinkedIn in 2009 when the platform was hacked - your password from 2009 is probably on the internet somewhere - I could probably hunt through the dark web and find it….but imagine an AI doing that, browsing all locations on the dark web searching for user accounts.
“They could then take millions of email addresses and millions of passwords and try all of them in a matter of hours - 300 million LinkedIn users - a lot of people won’t have changed their passwords.
“When the AI logs on it can see your contacts and how you write posts and communicate with others, it then combines that with other information, what company do you work for? It can take your first and last name and add in the company you work for .co.uk and then try all of the passwords it has found…and then it is in your company email! There is a lot of power behind an AI when it comes to cyberattacks.
"If you do anything after reading this blog today - ensure you have good, strong passwords and do not reuse passwords."
Supply chains as targets
Supply chain attacks are where they don’t break into the business, they break into the business suppliers.
There was a good example of this type of attack in 2022 where a major telephone system provider experienced problems when one of their upgrades got hacked.
Dan said: “It meant when people upgraded their systems they were upgraded with a virus version. They have always been spoken about in IT forums and conferences but I have not seen evidence of many attacks as yet - I think we will see it in 2024.”
Deep fakes in video and audio
EPX had a rule - you could not add a new payee onto any of our systems until a phone call had taken place with the supplier.
However, that had to change as we predicted the impact of deep fakes using both video and audio.
Dan says: “We are getting to the stage where someone can look at a business's YouTube activity, see them talking about their industry, and use that to make themselves look and sound like them. This is why our teams had to adapt our processes - and other businesses need to do the same.
“Deep fakes are when they can impersonate your face and your voice. There are tools right now online that can make a fake voice and I see now reason why that will not develop to video too.”
Want to be protected against Cyber Attack in 2024?
Cyber attacks are becoming more and more intelligent and therefore it is more and more important to be protected.
Our clients are protected with Cyber Secure 2023. If you would like to improve your protection or find out the options for your business do get in touch.JTNDZGl2JTIwaWQlM0QlMjJzbGlkZUJ1dHRvbiUyMiUyMGNsYXNzJTNEJTIyc2lkZS1idXR0b24lMjIlM0VHZXQlMjBJbiUyMFRvdWNoJTNDJTJGZGl2JTNF
