SoSafe reveals its predictions for cybercrime trends in 2024

London, 15 December 2023 – SoSafe, fastest-growing security awareness European company, is today revealing its cyber security trends for 2024. At a time when nearly half of British companies (43%) have been the victim of a cyberattack in the past three years, according to SoSafe’s latest annual Human Risk Review report, these predictions aim to provide an overview of what individuals and organisations should expect in 2024, to stay ahead of the threats.

1. We are yet to see the full impact of Generative AI in cyber security.

Generative AI and its role in cyber security will continue to make headlines throughout 2024, as it did in 2023. Throughout the past year, we have seen that malicious actors have relied on commercial cybercrime tools such as WormGPT to not only enhance the speed at which they create content, such as phishing emails, but to also increase the sophistication and effectiveness of their attacks. Yet this is just the tip of the iceberg. This technology is only in its infancy, the full extent of its potential for cybercrime has not yet been reached as its accessibility and commercialization continues to rise. Hackers will optimize their use of AI, for instance by creating voices or deepfakes in large scale to imitate anyone, which cannot be detected by the naked eye, to trick their victims. The bar for entry to becoming a cyber-criminal will become lower than ever before because of this technology, which means that everyone can access to an arsenal of techniques on the dark web to commit cybercrimes. As a result, traditional cyber security defenses will become increasingly ineffective and organizations will have to continue to step up their cyber security measures, adopting a more flexible approach to it.

2. Digital dissent: The hacktivist movement is gaining momentum in an increasingly fragmented world

Geopolitical instability has not only accelerated cybercrime. It has also given hacktivist groups around the world incentives to execute targeted cyberattacks against actors and organizations with whom they have political or social motivations against. These include Anonymous Sudan targeting X to pressure Elon Musk to activate Starlink in Sudan, or the pro-Russian Killnet group initiating DDoS attacks against western defence targets since the start of the Ukraine war. With security experts witnessing a 27% increase in hacktivism in the last quarter, 2024 will continue to see targeted hacktivism activity increase – particularly in relation to the current conflict in Gaza – as geopolitical instability continues in regions across the world. The chaos resulting from hacktivist activity will be exploited by cybercriminals, making it increasingly difficult for organisations to identify who is targeting them and in turn adapt their cyber security strategies accordingly.

3. Disinformation-as-a-service to become a crucial tool in hackers’ arsenal to destabilize organizations

2023 has seen disinformation as a service rapidly evolved into a potent tool in the arsenal of cybercriminals. This tactic, involving the deliberate spread of false information, is increasingly being harnessed to manipulate public opinion, damage reputations, and influence business and political landscapes. With major elections coming up in both the UK and US next year, and these services becoming more commercialized and readily available, cybercriminals and politically motivated groups will launch new strategies to destabilise organisations, and potentially even national political processes, while evading detection.

4.Burnout in security teams will be worse than ever – and cybercriminals will continue exploiting this

The extensive threat landscape that has developed over the course of 2023 shows no signs of slowing down, and as cybercriminals become increasingly professional, innovating new and sophisticated schemes quicker than ever, the pressure on security teams is intensifying. While cybercriminals become more organised and effective, businesses’ security teams are often still understaffed. Indeed, the cyber security industry is currently grappling with a shortfall of 3.5 million workers, putting additional pressure on the already overstretched existing teams.  SoSafe’s 2023 Human Risk Review found that security teams themselves are one of the most at-risk departments susceptible to cyberattacks, with 63% of security experts stating they feel stressed due to the increasing cyber security threats. This will continue to be exploited next year and become organizations’ Achilles’ heel. Unless companies allocate proper budgets and focus on   career plans to boost employee retention, hence preventing their teams from being understaffed and over worked, security teams will remain prime targets for cyberattacks in 2024.

5. 2024: A challenging year ahead for public sector

Public sector organizations have faced a deluge of cyber security risks. This was illustrated by the European Union Agency for Cybersecurity which ranked this sector as the most targeted one in terms of incidents being reported. In 2024, these organizations will remain a magnet for cybercriminals. Indeed, the high volume of data they handle, the often-out-dated IT structures they rely on as well as their limited security budget make them the perfect target. In addition, the current geopolitical context where cyberwarfare and state-sponsored prevail also encourage cyberattacks against these entities. In 2024, defending public organizations from these digital onslaughts will become more urgent than ever. Allocating the right resources strategically and adopting the right approach to cyber security to bolster their defences will have to be a focus in 2024.

6. More cyber security breaches will involve the human element

Economic turmoil, geopolitical unrests, chronic uncertainties and the stress and fear resulting from these global events have presented new opportunities for cybercriminals. With cybercrime gangs such as Lapsus$ frequently utilising social engineering tactics including bribery, extortion phone-based phishing, 2023 has seen an almost uninterrupted string of successful cyberattacks resulting from human elements. With generative AI enabling the creation of increasingly complex social engineering tools and the prevalence of communication channels that make social engineering attacks simpler and faster, 2024 will see human psychology at the centre of more cyberattacks than ever before.