Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Business Communication Risks to Watch in 2024
By Steven
Spadaccini, Chief Product Officer & Acting Chief Technology Officer,
SafeGuard Cyber
2023 was a
whirlwind year for the cybersecurity industry from the widespread adoption of Artificial
Intelligence (AI) to the rampant rise in sophisticated phishing campaigns
across communications platforms. As we head into 2024, SafeGuard Cyber's CTO Steven
Spadaccini shares the top business
communication risks that enterprises should be aware of as we enter 2024.
1. The adoption
of AI tools in the enterprise will put companies at greater risk of customer
data and intellectual property leakage.
As AI continues
to revolutionize various industries, it also brings new risks and challenges
for enterprises. With the increased use of AI platforms in sales, customer
service, marketing, and other areas, companies will be at greater risk of
customer data and intellectual property leakage. A few examples of the risks
are as follows:
Data Poisoning: AI systems are often trained on large datasets. If a
malicious insider or attacker can influence the data used for training, they
can introduce biases or false information into the system, leading to incorrect
or harmful outcomes.
Evasion Attacks: Sophisticated AI systems, like those used in customer
service, can be fooled by inputs, leading to incorrect decisions or the
revealing of sensitive information.
Privacy Issues:
AI systems that process personal data
can be a target for attackers seeking to extract private
information, leading to breaches of customer privacy.
This could lead
to a major breach that could impact not only the company itself but also its
customers and partners.
2. Regulatory
bodies will accelerate the crackdown on the use of ephemeral messaging. Large
and coordinated attacks will take place over WhatsApp.
In recent
years, there has been growing concern over the use of ephemeral messaging apps
such as Telegram and WhatsApp, which automatically delete messages after a
certain period of time. These apps can make it more difficult to monitor and
track malicious activity, making them an attractive target for cybercriminals.
As a result, regulatory bodies will start to crack down on the use of these
apps and larger coordinated attacks will take place on popular platforms such
as WhatsApp.
3. A major
breach will occur that touches three or more communication channels in the
enterprise. SMS, email, and collaboration tools like Slack or Microsoft Teams
will be affected.
While most
companies are aware of the risks of individual communication channels such as
email or SMS, they may not be fully prepared for the potential fallout of a
breach that affects multiple channels. In 2024, a major breach will occur that
touches three or more communication channels in the enterprise. This will be a
wake-up call for many companies to reassess their cybersecurity strategies and
invest in more comprehensive solutions.
4. SOC leaders
will be focused on reducing alert fatigue and closing the gap between L1 &
L3 analysts with AI technology.
Hackers are
using AI to mount more automated, aggressive, and coordinated language-based
attacks across multiple communication channels, making it challenging for
today's resource-constrained security teams to respond to every detected
threat. To make matters worse, there is a shortage of skilled professionals in
the industry to handle them. SOC leaders will prioritize reducing alert fatigue
and closing the skills gap between Level 1 (L1) and Level 3 (L3) SOC analysts
with AI technology. While breach alerts won't decrease in 2024, AI technology
will empower L1 SOC analysts to take action to break the attack chain.
5. Smishing
takes over for the easiest vector to attack.
While phishing
has long been a common tactic for cybercriminals, new vulnerabilities are
emerging all the time. In 2024, smishing (SMS phishing) will take over as the
easiest vector to attack, as cybercriminals seek out new ways to bypass email
filters and other traditional defenses.
6. Machines
against the machines - cybersecurity innovation will begin combating a cyber attack offense with machine learning and AI
tools.
As the world
becomes more reliant on artificial intelligence and machine learning,
cybersecurity experts are exploring new ways to leverage these technologies in
defense against cyberattacks. In the coming years, we'll see more battles
between machines, as cyberattack offense and defense strategies become
increasingly automated and sophisticated.
7. There will
be a significant number of executives impersonated,
and we will see the bad actors achieving success with more than just gift card
purchases.
We will see the
use of deepfake technology, AI, and social engineering to impersonate
high-level individuals with a much higher rate of success when trying to take
over critical enterprise accounts and data.
Zero Trust
requires careful planning and implementation. It demands that organizations
know their architecture and data flows intimately so that they can effectively
implement controls that verify and secure access at every stage. It's not just about preventing unauthorized access; it's also about ensuring the user's true identity.
8. Cyber focused
geopolitical tactics will increase. In 2024, a nation-state will attack another
cybersecurity company with deep ties to another foreign entity.
As geopolitical
tensions continue to rise around the world, cybersecurity experts are exploring
the potential implications of a global conflict. In World War III, there will
be significant challenges in maintaining secure communication channels and
protecting sensitive data. It's important for cybersecurity solutions with
national identities to stay one step ahead of their adversaries. Large firms
with deep state ties are often responsible for protecting many companies. This trickle-down
effect could be devastating.
9. There will
be a major breach of cloud platforms.
As more
companies move their operations to the cloud, the importance of cloud platform
security becomes increasingly clear. In 2024, we'll
see a major breach of cloud platforms, highlighting the need for better
security measures and more rigorous oversight.
10. Fraud will
move out of email and span multiple communication channels.
For years,
email has been the primary channel for fraudulent activity such as phishing and
other scams. In the coming years, we'll see a shift away from email-based
fraud, as cybercriminals explore new channels such as SMS, social media, and
other workplace messaging apps such as Slack or Microsoft Teams.
The increasing adoption of business communication channels like Slack,
Teams, WhatsApp, and Telegram significantly increases the potential for cyber
threats, necessitating a shift in security strategies. With cyber adversaries
continuously developing new methods to exploit vulnerabilities through these
communication channels, humans remain the greatest threat to businesses. As we
enter the new year, now is the time for organizations to fortify their defenses
in order to protect their critical data and operations. In
order to ensure maximum safety and compliance, maintaining multi-channel
coverage with full visibility is key.
##
ABOUT THE AUTHOR
Steven Spadaccini, Chief Product Officer & Acting Chief Technology
Officer
Steven is a seasoned senior cyber executive with more than 20 years of
experience working for some of the highest-profile cybersecurity and technology
companies in the world. Prior to joining SafeGuard Cyber, Steven held senior VP
leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix), and
DTEX Systems as well as several other cyber security startups.