Cybersecurity threats in 2024 – what do they mean for your business?
Cybersecurity threats are constantly evolving and the sheer volume is scary. For example, in 2022 there were around 236 million ransomware attacks, over 3,394,00 phishing attacks and about 2.8 billion malware attacks worldwide. And the bad news is that it’s only going to get worse as criminals take advantage of the latest advances in IT to mount increasingly sophisticated attacks.
Users of all types of speech to text and digital dictation systems are involved in the production, storage and distribution of documents containing personal and commercially sensitive information. So, what concerns should you have about keeping such data safe from prying eyes? Based on the views of leading cybersecurity experts, here are four of the major threats you are likely to encounter during the coming year.
Social engineering: The aim of social engineering to trick victims into providing sensitive information, such as login credentials or financial information. It relies on human error rather than technical vulnerabilities and is popular with hackers as it’s generally a lot easier to trick a human than it is to breach a security system. In fact, Verizon report that 85% of all data breaches involve human interaction.
Phishing is one of the commonly used methods - emails that appear to be from legitimate sources will ask the user to click a link or open an attachment that will then infect the computer with malware.
However, we are seeing a move away from simple emails mimicking communications from legitimate services. Attackers are now sending highly convincing messages through varying messaging platforms, often supported by target information they’ve gathered from data breaches. A cybercriminal can combine data from a compromised e-commerce retail site with information from social media to create customised, targeted attacks.
Ransomware: The ‘Cyber Security Threats Report 2024’ lists ransomware, along with email phishing, as the two major security concerns identified by user organisations. This type of malware encrypts a victim’s files, denies them access and demands payment in exchange for the decryption key. Such attacks can be delivered via the phishing emails mentioned above, malicious websites, or through vulnerabilities in software.
According to Microsoft, 96.88% of all ransomware infections take under four hours to successfully infiltrate their target. The fastest malicious software can take over a company’s system in under 45 minutes.
Worryingly, there is a growing belief that smaller firms will increasingly bear the brunt of ransomware attacks in 2024, not least because they do not have the same levels of money to spend on shoring up their defences as large corporates.
Ransomware attacks not only cost companies money in terms of the payments required to regain access to their files, there’s also a significant cost in the form of lost income whilst hackers deny system access until the ransom is paid; in fact, the average length of system downtime after an attack is 21 days. Consider how your own business might cope without access to its documentation, dictation systems, workflow software, business apps etc during that time…
Cloud security threats: As the global workforce continues to operate in an increasingly remote or hybrid capacity, so the move to the cloud has gathered momentum. However, whilst cloud providers are responsible for securing the infrastructure, it is their customers who are responsible for securing the data they store in the cloud.
Consequently, cybercriminals are increasingly targeting cloud providers. By targeting providers and their cloud solutions, a cybercriminal can gain access to their customers’ sensitive data and potentially their IT infrastructure. By exploiting these trust relationships between organisations and their service providers, attackers can dramatically increase the scale and impact of their attacks.
Bearing this in mind, it pays to think carefully about the cloud service providers that your software application suppliers use. For example, Philips has partnered with Microsoft Azure as its hosting provider for its SpeechLive cloud-based dictation and transcription workflow solution. Importantly, the Azure hosting service adheres to international standards for security and compliance. For example, it is certified for the ISO/IEC 27000 family of information security standards. In addition, Azure continuously performs penetration testing and work on threat detection and prevention in areas such as unauthorised intrusion and denial of service.
Mobile malware: As mobile devices have become more widely used, so mobile malware has emerged as a growing threat. Such malware, typically masquerading as legitimate and harmless applications, has become ever-more prevalent.
The latest attempts to infect users’ mobile devices are based around fake versions of legitimate apps, offered as malicious APKs via direct downloads and third-party app stores. These apps are designed to take advantage of name recognition to slip malware onto mobile devices.
The threats posed are particularly concerning given the growth in hybrid working, since remote users are relying more heavily than ever on their mobile devices. In particular, business professionals are increasingly using mobile devices whilst on the move as voice input tools for speech to text and digital dictation systems.
How to defend your business
First and foremost, it’s important to stay informed about the latest cybersecurity threats to understand what you need to protect your organisation against. You can then look to address the various threats by incorporating the following straightforward and effective practices into your day-to-day working:
- Ensure your devices and apps are kept up-to-date – regularly updating systems and software to patch any identified vulnerabilities.
- Implement robust security measures such as encryption, firewalls and multi-factor authentication, and choose unique passwords.
- Provide regular cybersecurity training to employees to help them identify and avoid potential threats - in particular, make them aware of the more common phishing scams and educate them on how to deal with these.
- Conduct regular risk assessments to identify vulnerabilities in systems and networks, and monitor regularly for suspicious activity.
- Use cloud-based services or external hard drives to back-up your business data as part of a disaster recovery plan to ensure you can quickly and effectively respond to any security breach.
Finally, it’s also important to be aware of the increasingly important role that Artificial Intelligence (AI) can play. Integrating AI into cybersecurity applications allows it to analyse historical data and current trends, and thus identify anomalies and deviations that can help in detecting and preventing security threats much earlier than other security tools.