KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has announced its 2024 cybersecurity predictions for Europe, the Middle East and Africa (EMEA) from its team of local industry experts.
Cyber threats are more sophisticated and complex than ever and evolving quickly, with new technology like artificial intelligence becoming increasingly advanced every day. Cultivating a security culture is paramount to strengthen an organisation’s human firewall.
The predicted cybersecurity trends for 2024 include:
Cloud service attacks
A rise in attacks on cloud services unfortunately means we will see successful attacks on either cloud providers or cloud-based applications, or both. This will potentially result in loss of availability of services, breach of personal data and intellectual property. It is interesting to note the United Kingdom is the most targeted country in EMEA and therefore has a higher likelihood for attacks.
Collaboration and information sharing
We will see an increased focus on collaboration and information-sharing between national and international cybersecurity agencies; and ultimately between public and private partnerships to combat cybercrime, address nation and state threats; and to proactively detect and respond to emerging cyber threats.
Legislation on AI
Much needed legislation on AI, more specifically generative AI, will come to fruition throughout Europe in the next year. The laws are incredibly vague at the moment, leaving them open for misinterpretation and abuse by organisations. The Digital Services Act and the proposed European Union AI Act are some of the legislation that will force generative AI providers in the European Union to be more transparent and adhere to disclosure requirements, which will bring about clarity for organisations in terms of what is and isn’t allowed.
Similarly, Africa lacks AI legislation right now. However, three African countries – Mauritius, Egypt and Kenya – have made efforts to advance policy documents dedicated specifically to AI.
In contrast, the Dubai International Financial Centre has already enacted amendments to its Data Protection Regulations earlier this year. New requirements on the processing of personal data via autonomous and semi-autonomous systems, like AI, were introduced and were applicable as of 1 September 2023. This marks some of the first legislation in the United Arab Emirates with regard to AI.
Ransomware attacks to aim for supply chain services
Ransomware cybercriminal groups will continue to increase their attacks, but will be more targeted and work to attack supply chain services to disrupt and damage organisations around the world.
Internal training and AI to lessen the cybersecurity skills gap
According to ISACA, the EU currently has a shortage of between 260 000 to 500 000 tech workers. Microsoft’s Digital Defense Report shows that the demand for cybersecurity skills has grown by an average of 35% in Africa in 2022 alone, and a recent study by Trellix found that 66% of IT managers in the UAE and Saudi Arabia think that their organisations do not have the right people or processes in place to be cyber-resilient.
This gaping hole in skills shortage is not going to be filled any time soon, leaving organisations vulnerable to cyberattacks. Organisations will have little choice but to employ tech workers with less desired qualifications and certifications to attempt to combat cybercrime. In addition, they will continue to fill the skills gap by training employees across departments to become the human firewall against cyberattacks; and using AI–powered defence for better threat detection and incident response.
Disinformation campaigns to lead to extortion schemes
Disinformation campaigns will be used to launch attacks or distract from ongoing attacks. We can expect to see related service offerings on the dark web, giving rise to disinformation as a service. This will impact politics and the private sector. Disinformation becomes a tool in the tool set of cybercriminals seeking to extract money from legitimate private businesses through extortion schemes. Attackers will increase their use of deep fakes, including video and voice.
Privacy by demand
Privacy regulations are forcing organisations to adapt and we will see privacy by design and user experience privacy gain traction. In particular, the use of generative AI in organisations, ethical considerations and privacy by design will become more prevalent.
Cyber resilience will become a priority
Ensuring that organisations continue to function despite cyberattacks will continue to be a top strategic priority for many, acknowledging that having such a strategy in place is vital. Organisations will place greater emphasis on developing and nurturing a security culture, as it’s one of the best ways to protect their data and systems from cyberattacks; and to ensure attacks are detected and reported quickly if successful.
“Cyberattacks like phishing are getting more difficult to detect,” says Stu Sjouwerman, CEO of KnowBe4. “It is imperative that employees keep the threat of phishing attacks top of mind and not become complacent. This is only made possible by recurrent security awareness training and simulated phishing so that end-users have the knowledge to identify phishing attacks, report them and better protect their organisations. It comes down to building a strong security culture, and we will see organisations continue to focus and build on this in 2024.”
The predicted trends were collected from KnowBe4’s EMEA’s team of security awareness advocates who are experts with decades of experience in the cybersecurity field.