Seven cyber security predictions for 2024

By Prof Danny Myburgh, MD of Cyanre – the Digital Forensic Lab and CyberCom Africa
Putting out the fires of cyber crime.
Putting out the fires of cyber crime.

The digital economy is growing, but so is its dark underbelly, cyber crime. According to Statista, the ‘Estimated Cost of Cybercrime’ indicator is estimated to reach US $13.82 trillion by 2028. Unfortunately, escalating numbers of mobile and online interactions are creating millions of attack opportunities, with data breaches threatening both people and businesses.

The good news is that forewarned is forearmed and, although cyber crimes are on the rise, technological advancements – particularly in cyber security and digital forensics – are increasingly sophisticated, particularly in the fields of artificial intelligence (AI) and machine learning.

Here are the top trends that we believe will shape 2024 and beyond.

1. The cyber security skills shortage will reach an all-time high

The cyber security skills shortage in South Africa is nothing new. In fact, according to Fortinet’s 2023 Global Cybersecurity Skills Gap report, 40% of South African companies struggle to hire and retain cyber security experts, and 64% believe that the shortage of cyber security skills in their organisations creates additional cyber risks, with 86% believing they suffered a breach partially due to a lack of internal cyber security skills.

This is no small problem. In the 12 months leading up to the report, 39% of South African organisations experienced breaches that cost over US $1 million (R18 million) to remediate.

The challenge is that the need for cyber security skills far outpaces new talent entering the market. In addition, it takes immersion in the cyber security world, dealing with daily attempted breaches to understand the landscape and how it is continuously evolving. This takes time – there is simply no way around that. Companies should focus on investing in training, development and upskilling programmes today to address future needs, and look for expert partners to support them with external skills.

2. Cyber security professionals need to build their soft skills

There may be a cyber security skills shortage, but for cyber security professionals already in the field, there is an increasing need – and industry expectation – for the soft skills required to help experts navigate the challenges that the digital economy presents for organisations. This involves taking on more complex workloads as the threat landscape continues to grow in sophistication. With social engineering on the rise and a need for training, better interpersonal communication, relationship building across the business and problem-solving skills, cyber security professionals are at the heart of everything an organisation does. This is no longer a ‘tech’ position. It is strategic to the entire organisation’s operations and survival.

3. Cyber security will be on every board’s strategic agenda

Cyber security is a strategic priority. Organisations can no longer leave IT to IT departments. Digitisation means that technology touches every aspect of an organisation, providing vast opportunities and threats. Gartner has predicted that 70% of boards will include at least one cyber security expert by 2026, enabling businesses to capitalise on new opportunities while evaluating and proactively preventing threats.

4. Generative AI is both threat and solution

Generative AI is increasingly being used in smarter, more complex attacks, from automated malware that evades detection through intelligently adapting to systems, to deepfake social engineering attempts that are extremely difficult to identify. However, AI tools are also already helping us detect, evade or neutralise threats thanks to multi-factor authentication, real-time anomaly detection, self-healing abilities and automated incident response. It’s a powerful strategic advantage if used correctly.

5. The internet of things (IOT) is a huge opportunity for cyber attackers

The more devices are connected to the internet, the more opportunities cyber criminals have to access a network. Most organisations have adopted a hybrid approach to work, with employees moving between home offices and their traditional office spaces. The threat perimeter has therefore grown, and employees are logging on to devices through networks that could also be connecting to home security systems, fridges, smart televisions and an abundance of other devices, none of which will have the same level of security as business devices. Unfortunately, most home consumer IOT devices have weak security protocols and passwords, a vulnerability that will continue to be a cyber security weak spot.

6. Cyber resilience will be 2024’s watchword

We’ve highlighted how much cyber breaches are costing the global economy – and South African businesses – each year. While this will continue to be a concern, most organisations are moving from a reactive posture to a proactive cyber security focus. Cyber resilience is critical, and business leaders are recognising that their organisations should not only focus on preventing attacks, but ensuring business continuity when an attack does occur. The sooner an attack is identified, the sooner an incident response plan can be triggered, ensuring vulnerabilities are closed and business as usual can continue. Developing the capability to recover in an agile manner while minimising data loss and downtime is a strategic priority.

7. Zero trust must become adaptive and holistic

If 2023 was the year of ‘zero trust’ – the assumption that there is no perimeter within which network activity can be assumed to be safe and that identities should always be verified – 2024 will take this entire concept a step further. Fundamentally, zero trust states that individuals should only have access to data and workloads that are specifically required for their jobs, but with an ecosystem of hybrid workers, third-party suppliers, cloud-based solutions and IOT devices, zero trust must evolve from being a technical network security model to something holistic and adaptive, enabled by continuous AI-powered real-time authentication and activity monitoring.

The future and beyond

Technologically, we are experiencing exciting advancements that are impacting both personal and professional lives. With every opportunity comes risk, however, and we expect sophisticated cyber security threats to shape 2024 and beyond. Working with the right partners who understand this evolving landscape and who have the in-house expertise and technology to prevent, detect and respond, is paramount.

Share