8 cybersecurity trends & threats for 2024
Mention the word ‘cybersecurity’ today and the term AI is not far behind. But the cyberattack footprint extends much further. On the other hand, new and solid defence mechanisms are also available. Proximus NXT and its security partners explain.
1. Human-operated ransomware
Human-operated ransomware attacks have increased by more than 200% in one year, according to research carried out by Microsoft. Security officer Bart Asnot explains: “With this form of ransomware, cybercriminals remain in control during an attack. It allows them to continually adjust their tactics and it creates a direct connection between the attacker and the victim. This increases the risks because the hacker can see whether their victim is trying to scale up the security mechanisms. Based on this information, they further adjust their attack plan. Human-operated ransomware usually affects SMEs, which often have less maturity and experience to prevent and combat such practices.”
2. IT versus OT security
Against a background of automation and mutual connections, the flawless integration of OT and IT is crucial. Silos between operational technology and information technology hinder the deployment of a cybersecurity strategy. “In an industrial environment, for example, applications were once created to operate within an isolated network,” says Filippo Cassini on behalf of Fortinet. “Now that they are connected to the wider corporate network and the outside world, exposure to cyber threats is increasing. It is therefore important to let IT and OT interact optimally with each other. This often requires a cultural change within the company. So, there is a need for a security solution that breaks through silos.”
3. Generative AI
Generative AI, the IT concept of 2023, is making its mark on cybersecurity. “The technology is a welcome tool for criminals,” explains Andy Quaeyhaegens of Netskope. “For example, generative AI writes malicious code in a relatively simple way. Which means hackers require less knowledge and skills to attack organisations. The so-called script kiddies, who mainly hack for the thrill of it, are inflicting damage with the help of generative AI, often without being aware of the consequences.”
4. AI malware
Malware no longer looks like the ridiculous message from an unknown uncle asking for an advance on an inheritance. Generative artificial intelligence compiles messages that are almost genuine. “Attempts at business email compromise are increasing within company walls. This is where a hacker gains access to an email account of a company to incite employees to take action and hand over their cash," says Lieven Van Rentergem of Check Point. “On the other hand, artificial intelligence and machine learning help to identify subtle nuances and intercept such malicious emails.”
5. Simplification
According to Steven De Ruyver of Cisco, simplification manifests itself within different dimensions of cybersecurity. “Organisations implement platforms that centrally control the security environment. Within such platforms, there is room for applications from different suppliers. Security is becoming more and more invisible to the end user. For example, if they log in the same way every day, from the same location and with the same device, they will not have to enter a password every time to access the application. If this happens suddenly from another place or device, stricter controls will take effect. For the IT departments of companies, security providers bundle their offerings into packages that bring together different applications around a certain security domain. This also counts as a simplification.”
6. The ripple effect of NIS2
Organisations not only have to comply with the NIS2 directive themselves, but they also have to identify and address the security risks among their suppliers. In this way, they prevent a situation in which an incident with a supplier brings their own services to a standstill. Wouter Vandenbussche of Proximus NXT explains: “It means that even smaller SMEs must indirectly comply with NIS2 requirements. Within many small and medium-sized companies, the IT and security infrastructure has often grown historically, which does nothing to simplify matters. An assessment is often necessary in order to gain additional insights and to simplify the architecture where possible."
7. Security Consolidation
In recent years, the number of applications within each organisation has risen sharply. “That has led to a proliferation of security solutions for each company,” explains Bart Salaets of F5. “Many applications are often located within different (cloud) environments. Consequently, there is a need for consolidation. More and more companies are opting for a central platform that helps them tackle security and business problems. Through a step-by-step migration of security tools to those platforms, you can often also reduce the number of software suppliers. The managed security provider has an important role to play here.”
8. AI Act and cybersecurity
The AI Act is the first European regulation that specifically focuses on artificial intelligence. “That act is also closely linked to cybersecurity,” says Jesper Bork Olsen of Palo Alto Networks. “There can be no question of secure AI use when the systems are susceptible to cyber threats. From that perspective, it is therefore also important to map out all processes and safety measures. A major challenge is to find out how your suppliers and partners use AI. Accurately documenting all processes is worth its weight in gold.”
Ready to dive deep into this topic?
Latest insights & stories
Why your AI project is also a data project
AI needs quality data to realize its full potential. Yashfeen Saiyid, Data & AI Practice Lead at Proximus NXT, explains how to use a data-driven approach to lay the foundations for a successful AI project.
“There are more and more business applications, these days, based on artificial intelligence. And the accelerating rise of generative AI, with ChatGPT as its flagship, is simply breathtaking. According to Gartner, 90% of companies will use AI in the workplace by 2025,” begins Yashfeen Saiyid, Data & AI Practice Lead at Proximus NXT and Managing Director at Codit.
THE FLEMISH PORT STRATEGY
Flanders has 3 major seaports and they all have their own interests and emphases: Port of Antwerp-Bruges, North Sea Port and the Port of Ostend. The aim of the Flemish Port Strategy is to complement and strengthen the individual strategies of these ports. But to do that, we need to join forces. That is the only way we can efficiently address the challenges for the ports and logistics sector and create tailor-made solutions, including for Flanders.
What does the NIS2 directive mean for your business?
The NIS2 Directive will come into force on October 18, 2024. Companies must take the appropriate measures to ensure their cybersecurity. Valéry Vander Geeten of the CCB and Bart Callens of Proximus NXT set out the preparations you should prioritize.