Q3 Earnings Alert! Plan early for this week’s stock reports with all key data in 1 placeSee list

3 Trends Set to Drive Cyber-attacks in 2024

Published 2024/03/18, 13:58
Updated 2024/03/18, 14:00
© Reuters.  3 Trends Set to Drive Cyber-attacks in 2024
ALVG
-

Following two years of high but stable loss activity, 2023 saw a worrying resurgence in ransomware and extortion losses, as the cyber threat landscape continues to evolve. Hackers are increasingly targeting IT and physical supply chains, launching mass cyber-attacks, and finding new ways to extort money from businesses, large and small. It’s little wonder that our customers and clients rank cyber risk as their top concern in the annual Allianz (ETR:ALVG) Risk Barometer survey.

Ransomware claims activity was up by more than 50% year-on-year in 2023. Meanwhile, so-called Ransomware-as-a-Service (RaaS) kits, where prices start from as little as US$40, have been a key driver in the rising frequency of attacks overall. Gangs are also carrying out more attacks faster, with the average number of days taken to execute one falling from around 60 days in 2019 to four. Most ransomware attacks now involve the theft of personal or sensitive commercial data for, increasing the cost and complexity of incidents, as well as bringing greater potential for reputational damage. As a global insurer, Allianz Commercial’s analysis of large cyber losses (€1mn+) in recent years shows that the number of cases in which data is exfiltrated is increasing – doubling from 40% in 2019 to almost 80% in 2022, with activity in 2023 tracking even higher.

Protecting an organization against intrusion therefore is a cat-and-mouse game, in which cyber criminals have the advantage. Threat actors are now exploring ways to use artificial intelligence (AI) to automate and accelerate attacks, creating more effective malware and phishing. Combined with the explosion in connected mobile devices and 5G-enabled Internet of Things (IoT), the avenues for cyber-attacks look only likely to increase in the future.

At Allianz, our global team of risk engineers regularly monitors the cyber landscape, assisting companies with mitigating emerging risks. Threats currently on our radar include:

  • The power of AI (to accelerate cyber-attacks)
  • Threat actors are already using AI-powered language models like ChatGPT to write code. Generative AI can help less proficient threat actors create new strains and variations of existing ransomware, potentially increasing the number of attacks they can execute. We expect an increased utilization of AI by malicious actors in the future, necessitating even stronger cybersecurity measures.

    Voice simulation software has already become a powerful addition to the cyber criminal’s arsenal. There was the case of the CEO of a British energy provider transferring around US$250,000 to a scammer after they received a call from what they thought was the head of the unit’s parent company, asking them to wire money to a supplier. The voice was generated using AI. Deepfake video technology designed and sold for phishing frauds can also now be found online, for prices as low as US $20 per minute.

    It is not all bad news though. We might see more AI-enabled incidents in the future, but investment in detection backed by AI should also help to catch more incidents earlier.

  • Mobile devices expose personal and corporate data
  • Lax security and the mixing of personal and corporate data on mobile devices, including smartphones, tablets, and laptops, is an attractive combination for cybercriminals. Allianz Commercial has seen a growing number of incidents caused by poor cyber security around mobile devices. During the pandemic, many organizations enabled new ways of accessing their corporate network via private devices, without the need for multi-factor authentication (MFA). This also resulted in several successful cyber-attacks and large insurance claims.

    Criminals are now targeting mobile devices with specific malware to gain remote access, steal login credentials, or deploy ransomware. Personal devices tend to have less stringent security measures. Utilizing public wi-fi on such devices can increase their vulnerability, including exposure to phishing attacks via social media.

    The rollout of 5G technology is also an area of potential concern if not managed appropriately, given it will power even more connected devices, including sophisticated applications – from driverless cars to smart cities. However, many IoT devices do not have a good record when it comes to cyber security, are easily discoverable, and will not have MFA mechanisms, which, together with the addition of AI, presents a serious cyber threat. Even today we see devices with default passwords that are available on the internet.

  • Cyber security skills shortage affects the cost and frequency of incidents
  • A growing shortage of professionals will increasingly complicate cybersecurity efforts. The current global cyber security workforce Gap stands at more than four million people with demand growing twice as fast as supply. Gartner predicts that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025.

    In short, because technology is moving so fast, there are not enough experienced people to keep pace with the threats. It’s very hard to get good cyber security engineers, which means companies are more exposed to cyber events. Without skilled personnel, it is more difficult to predict and prevent incidents, which could mean more losses in the future. The shortage of cyber security experts also impacts the cost of an incident. Organizations with a high level of security skills shortage had a US$5.36mn average data breach cost, around 20% higher than the actual average cost, according to the IBM (NYSE:IBM) Cost of a Data Breach Report 2023.

    Early detection is key to combating emerging cyber threats

    Preventing a cyber-attack is becoming harder, and the stakes are higher. As a result, early detection and response capabilities and tools are becoming ever more important. If you have an undetected loophole in your network, it is a potential Achilles heel. And if you do not have effective early detection tools it can lead to longer unplanned downtime, increased costs, and have a greater impact on customers, revenue, profitability, as well as your reputation.

    The lion’s share of IT security budgets is currently spent on prevention with around 35% directed to detection and response. However, if undetected an intrusion can quickly escalate, and once data is encrypted and/or stolen, the costs snowball – as much as 1,000 times higher than if an incident is not detected and contained early. The difference between a €20,000 loss turning into a €20mn one.

    Looking forward, detection tools will be the next logical step for most companies to invest in. Ultimately, early detection and effective response capabilities will be key to mitigating the impact of cyber-attacks, as well as ensuring a sustainable cyber insurance market going forward.

    By Scott Sayce is the Global Head of Cyber Insurance at Allianz Commercial

    The post 3 Trends Set to Drive Cyber-attacks in 2024 first appeared on IT News Africa | Business Technology, Telecoms and Startup News.

    Read more on ITNewsAfrica.com

    Latest comments

    Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
    Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
    Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
    It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
    Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
    © 2007-2024 - Fusion Media Limited. All Rights Reserved.