Cyber Security Market Update: May 2024

• Increased Sophistication: Cybercriminals continually evolve their tactics, techniques, and procedures (TTPs) to bypass security measures. As technology advances, so do their methods, potentially leading to more sophisticated attacks. Cybersecurity professionals will increasingly be expected to take on more complex workloads during 2024 as the threat landscape grows ever more sophisticated, this will include soft skills becoming essential for professionals.

• Rise of AI in Cyber Attacks: Artificial intelligence (AI) and machine learning (ML) have been increasingly utilized by cybercriminals to automate attacks, identify vulnerabilities, and create more effective malware. This trend may continue, making cyber attacks more efficient and harder to detect.
  “GenAI is occupying significant headspace of security leaders as another challenge to manage, but also offers an opportunity to harness its capabilities to augment security at an operational level,” said Richard Addiscott, Senior Director Analyst at Gartner. “Despite GenAI’s inescapable force, leaders also continue to contend with other external factors outside their control they shouldn’t ignore this year.”

• Targeting of Critical Infrastructure: With the growing reliance on digital infrastructure, critical sectors such as energy, healthcare, transportation, and finance become attractive targets for cybercriminals. Attacks on these sectors could have significant societal and economic impacts.
  The eruption of the Israel-Hamas conflict on October 7, 2023, sparked a surge of hacktivist activity, with a notable predominance of pro-Palestine actions over pro-Israel ones. Hacktivists from the conflict zone and worldwide, both known and previously unidentified, claimed responsibility for a substantial portion of these activities. Many of these actions focused on disrupting Israel's aerial projectile warning systems and critical infrastructure, either attempted or alleged.

• Emergence of New Threat Vectors: As technology advances, new threat vectors emerge. For instance, the proliferation of Internet of Things (IoT) devices introduces new vulnerabilities that cybercriminals may exploit. Additionally, the adoption of emerging technologies like 5G and quantum computing may introduce new security challenges.

• Ransomware Evolution: Ransomware attacks have become increasingly prevalent, and attackers have been refining their tactics, such as double extortion schemes and targeting cloud service providers. The evolution of ransomware may lead to more targeted and sophisticated attacks in 2024.
  According to The 2024 Ransomware Threat Landscape, published earlier this year by the Symantec Threat Hunter Team; Ransomware continues to be one of the most lucrative forms of cybercrime and remains a critical threat for organizations of all sizes. 

• Regulatory Responses: Governments and regulatory bodies worldwide are enacting stricter cybersecurity regulations and standards to combat cybercrime. Compliance with these regulations will become increasingly important for organizations, and non-compliance may lead to significant penalties.
  The EU is bringing out its Information Security Directive, expected to take effect in October 2024, by which time each member state must have enacted and implemented all relevant cyber security laws. In addition, the new EU Data Act is expected to harmonise rules on fair access and use of data.

• Cybersecurity Skills Gap: The demand for cybersecurity professionals continues to outpace supply, leading to a significant skills gap. This shortage of qualified personnel may make it challenging for organizations to defend against cyber threats effectively.
  The world economic forum has stated the global talent shortage, which spand nations states and industries, could reach 85million workers by 2023, causing approximately $8.5trillian in unrealised annual revenue. They predict four million professionals are urgently needed to plug the talent gap in the global cyber security industry.

• Global Cooperation and Information Sharing: Collaboration among governments, law enforcement agencies, and private sector organizations is essential for combating cybercrime effectively. Efforts to improve information sharing and international cooperation may help mitigate the impact of cyber threats.

Overall, while the specific tactics and targets of cybercriminals may evolve in 2024, the fundamental challenges of cybersecurity, including the need for proactive defense measures, robust incident response capabilities, and collaboration across sectors, will remain constant.