Key trends impacting cybersecurity

In today's fast-paced digital world, staying ahead of cybersecurity threats is critical for businesses. Here we summarise some of the technology, macroeconomic, and regulatory trends shaping the cybersecurity industry. For a more in-depth analysis of all trends relevant to the cybersecurity landscape, download GlobalData’s latest cybersecurity report.

AI as a threat and a solution 

Artificial intelligence (AI) is revolutionizing cybersecurity, offering significant benefits and challenges. While AI enhances threat detection, hunting, and incident response, it also empowers cybercriminals. Generative AI, for instance, can refine phishing attacks by eliminating typical indicators like poor grammar, making them harder to detect. 

Organizations now face AI-powered cyberattacks that adapt and exploit specific vulnerabilities. Cybercriminals may use large language models (LLMs) trained on malware to craft sophisticated attacks. Key risks include prompt injection, where attackers manipulate AI applications into unauthorized actions, and insecure output handling, allowing malicious instructions if outputs aren't properly validated. 

Despite these threats, AI provides substantial defensive benefits. It enables deeper network insights and faster threat identification. A 2023 IBM report revealed that organizations using AI and automation could identify and contain breaches 108 days quicker than those without these technologies. AI applications in cybersecurity include biometric authentication, threat detection, and incident response. For example, CrowdStrike's Falcon uses AI to detect anomalies like unusual traffic patterns and unauthorized data access. 

The AI-driven security landscape is transforming cybersecurity roles. A February 2024 survey by the International Information System Security Certification Consortium (ISC2) found that 88% of professionals expect AI to impact their jobs significantly. However, 82% foresee increased efficiency, and 56% believe AI will handle routine tasks, allowing them to focus on higher-value activities. 

Ransomware attacks are on the rise 

The evolving ransomware threat continues to challenge businesses globally with its increasing sophistication and frequency. 2023 was notable for relentless cyberattacks. Some criminals started copying and stealing data, demanding ransom for not publicizing it, and selling it on the dark web.  

Check Point reports that one in every 10 organizations worldwide faced attempted ransomware attacks in 2023, a 33% increase from 2022. Organizations globally experienced over 60,000 attacks on average, equating to 1,158 attacks per organization per week. High-profile victims included MGM Resorts, Boeing, and the UK’s Royal Mail. 

Ransomware payments in 2023 surpassed $1 billion, marking a record high, excluding the economic impact of productivity loss and repair costs. The ransomware industry attracted numerous new players, with Recorded Future identifying 538 new ransomware variants in 2023. The trend of "big game hunting" became dominant, focusing on fewer attacks but demanding larger ransoms, with payments increasingly involving sums of $1 million or more. 

Leading anti-ransomware companies include Gen Digital (Avast and Norton), Bitdefender, Check Point Software, CrowdStrike, Illumio, and Sophos. 

Supply chain attacks 

Cyberattacks targeting software supply chains are increasingly prevalent and highly disruptive. These attacks can cripple an entire supply chain, causing massive business interruptions.  

According to IBM’s 2023 Cost of a Data Breach report, it takes an average of 233 days to identify and 74 days to contain such breaches, totaling 307 days. This is 37 days longer than other types of data breaches. In 2023, 15% of organizations reported supply chain compromises as the source of data breaches. 

Supply chain attacks gained prominence in 2020 with the SolarWinds hack, where Russian hackers inserted malicious code into the company's software, affecting thousands of organizations, including the US government.  

The UK government's Cyber Security Breaches Survey 2023 indicates that most large businesses now review their supply chain risks, with 55% of large businesses assessing immediate supplier risks, up from 44% in 2022. 

A significant 2023 attack involved MOVEit, a managed file transfer software. Exploiting SQL injection vulnerabilities, attackers manipulated data, disclosed sensitive information, gained administrative privileges, exfiltrated files, and deployed ransomware. This attack impacted organizations such as the BBC, Zellis, and Norton, underscoring the critical need for robust supply chain security measures. 

Cloud-based security 

The COVID-19 pandemic accelerated cloud adoption as companies transitioned to remote work, increasing their exposure to cyber threats. Misconfigured security settings in cloud environments have become a significant issue, making it easier for attackers to steal data.  

A 2023 Thales study highlights that businesses face numerous challenges due to a cloud-first, multicloud approach, with 79% of respondents using more than one cloud provider. Each additional provider introduces new security controls and data protection models, complicating the security landscape.  

The survey found that 38% of respondents identified software as a service (SaaS) applications as the primary target for cyberattacks, followed by cloud storage at 36%. Nearly half (46%) reported experiencing a data breach in their cloud environments, underscoring the risk associated with cloud data exposure. As cyber threats evolve, organizations must enhance their security measures to protect cloud-based resources. 

Leading players in cloud security include Amazon, Broadcom, CrowdStrike, Microsoft, Alphabet, Netskope, Palo Alto Networks, and Zscaler.  

Chip-based security 

The evolution of chip-based security is becoming essential as more chips are integrated into mission-critical servers and safety-critical applications. The increasing trend of systems vendors and original equipment manufacturers (OEMs) designing their own chips has shifted the focus of security requirements to a more internalized concern.  

The 2017 discovery of high-profile security vulnerabilities like Meltdown and Spectre forced chip vendors to patch security holes with software, resulting in reduced performance improvements for upgraded servers. Consequently, vendors began developing custom chip architectures to achieve better performance and power gains while maintaining control over chip security. 

The economic landscape of hardware attacks has changed, making hacking tools accessible to ordinary criminals. As computing becomes more pervasive and connected, the attack surface expands, increasing the likelihood of hardware attacks. The OpenTitan coalition's February 2024 announcement of the first commercial silicon chip with open-source built-in hardware security exemplifies this trend. OpenTitan provides an on-chip source of cryptographic keys that are inaccessible remotely, ensuring tamper-free security infrastructure. 

The Ukraine conflict 
​​​​​​​
Since the annexation of Crimea in 2014, Russia has employed cyberattack tactics against Ukraine, with notable incidents like the 2015 attack on the Ukrainian power grid and the 2017 NotPetya ransomware attack. The full-scale Russian invasion of Ukraine in February 2022 escalated the frequency of cyberattacks on Ukraine, with Russian-affiliated groups targeting critical infrastructure and communication systems. High-impact attacks, such as the December 2023 assault on Kyivstar, Ukraine's largest mobile network operator, highlight the severe disruptions caused by cyber warfare. 

State-sponsored attacks 

The frequency of state-sponsored cyberattacks is expected to rise in 2024, driven by numerous national elections worldwide. These events often catalyze targeted cyberattacks aimed at disrupting electoral campaigns or the voting process. The US and UK are among the countries facing significant cyber threats during their elections. Previous instances, such as the unsuccessful cyberattacks during Estonia's 2023 parliamentary elections and the disruptions during the US midterm elections in 2022, underscore the growing threat of state-sponsored cyber activities. 

Cybersecurity skills shortages

The global cybersecurity workforce gap reached a record four million people in 2023, despite a 9% increase in the workforce to 5.5 million. The demand for cybersecurity talent continues to outpace supply, driven by the increasing complexity of technology and the relentless task of securing systems, networks, and data against cyberattacks. The rise of AI-based attacks further exacerbates the need for skilled cybersecurity professionals. 

Ransomware regulations 

Ransomware attacks pose a significant threat to businesses, often resulting in substantial financial losses. Involving law enforcement in ransomware incidents can reduce the total cost of breaches. According to IBM's 2023 report, organizations that involved law enforcement experienced lower breach costs compared to those that did not. Although paying a ransom is not illegal in many jurisdictions, organizations are advised against it due to the minimal cost savings and potential legal consequences if payments are made to sanctioned entities. 

EU cybersecurity legislation 

The EU's NIS2 directive, adopted in November 2022, sets stricter cybersecurity obligations for member states, including risk management, reporting, and information sharing. EU countries have until October 2024 to transpose the directive into national law. The directive aims to harmonize cybersecurity measures across the EU, enhance cooperation, and establish a European vulnerability database. Additionally, the European Commission plans to adopt regulations for a European cybersecurity certification scheme (ECCS) in 2024, covering a wide range of IT products and setting high standards for security components.