Recent forecasts by Gartner indicate that global end-user spending on security and risk management is expected to reach $215 billion in 2024, reflecting a substantial 14.3% growth from the previous year. This surge underscores the increasing complexity of digital risks facing businesses today.
Since the average cost of the breach is getting higher each year with more companies experiencing this problem, NordLayer cybersecurity expert shares that this year, data breaches in the healthcare industry will still be prominent, remote work will raise challenges, and generative AI will be a cyber threat, among others.
“Almost all of the attacks today are caused by the human element, since it is a person who clicked on a phishing link or is connected to a public Wi-Fi. As long as we don’t pay attention to basic cybersecurity, we will have a high cost of breaches and a flourishing ransomware industry,” adds Carlos Salas, a cybersecurity expert at NordLayer.
Top 5 Cybersecurity Trends Of 2024
“While there is no panacea that would cure all cybersecurity ills, staying informed about what danger is awaiting can minimize these risks. The growth of AI impacts other types of cyberattacks, making them more effective and easier to create. So, prevention and education should really pay off this year,” says Salas.
Salas has identified the top 5 cybersecurity trends awaiting in the upcoming year:
Rising data breaches in healthcare: Strict regulations like the Health Insurance Portability and Accountability Act (HIPAA) set strict rules for patient data protection in the healthcare sector. However, despite this, healthcare continues to face the most cyber breaches. Besides, such breaches are also the most expensive.
Security challenges in remote work: The hybrid work model introduces new cybersecurity risks, with various devices and networks expanding the perimeter for cyber threats. In addition, the shift towards hybrid work presents cybersecurity challenges, including issues with remote device security and compliance with data privacy laws.
Generative AI as a cyber threat: Deepfakes, a type of generative artificial intelligence, have become a new menace in cyberspace. For instance, deepfake video technology has already been developed and used for phishing schemes. Also, with the help of AI chatbots, it is much easier to create more convincing phishing scam scenarios.
Cyber attacks on a national level: The shadow of 2016 cyber intrusions haunts the 2024 U.S. presidential elections, raising concerns about cybersecurity in the political landscape. On the other side of the globe, Russian cybercriminals disrupt Ukrainian and European supply chains, while a new group, "Cyber Toufan," backed by Iran, targets Israeli companies. Past examples show nation-state cyber warfare is growing in sophistication, impacting international relations.
Human error as a leading cause: Human error remains a predominant factor in cybersecurity breaches, accounting for 95% of incidents. What is worse, targeting individuals with appropriate access to a company's data is the goal of social engineering attacks, which are getting more focused.
What Are The Ways Of Staying Safe Online?
Salas advises first following basic cybersecurity hygiene: “Always use multi-factor authentication (MFA) for working tools and network access. Also, secure remote devices with VPNs. This will help employees working abroad to stay secure, too. Lastly, enforce strong, regularly-changed passwords.”
Speaking of investments for 2024, Salas recommends looking at a few things when considering cybersecurity solutions: “There is no pill that will help protect your business from various cybersecurity threats. All of the purchased tools must go hand-in-hand with the right culture and attention, so invest in your employees' cybersecurity education.”
“When considering network security, make sure to assign minimal user privileges in line with Zero Trust principles. Employ intrusion detection systems/intrusion prevention systems (IDS/IPS) for in-depth threat tracking,” Salas says.
“Lastly, conduct regular security system tests and risk assessments, and ensure staff are trained to detect phishing attacks.”