Skip to main content
Cyber security in SA

03 Oct 2024

Cybersecurity 2024: Trends, Threats, and Strategy

In recognition of Cybersecurity Awareness Month, we recap some of the latest trends and developments in cyber risks and security strategies in South Africa, and beyond.

 

Get Focus insights straight to your inbox

Sending...

Please complete all required fields before sending.

Thank you

We look forward to sharing out of the ordinary insights with you

Sorry there seems to be a technical issue

 

Cyber threats affect individuals, corporations, industrial plants and governments. In fact, cybercrime is expected to cost the world $10.5 trillion annually by 2025. 

That’s exponentially bigger than the size of the global industry fighting to keep said damages at bay (in 2023, the international cybersecurity market was worth approximately US$ 172 billion). It’s an industry in an almost real-time arms race to nullify and deflect cyber threats seeking to disrupt, steal, or compromise our data. 

Here’s what you need to know about some of the top threats in 2024.

 

Listen to podcast

In this episode of the No Ordinary Wednesday podcast, Jeremy Maggs and guests, Investec’s head of information security and governance in South Africa, Noma Hlazo, and her UK counterpart Tash van den Heever, the latest trends and how to keep yourself and your business safe from attacks.

 

What is cybersecurity?

Cybersecurity is a collection of systems and technologies designed to protect smart devices and computer systems, networks, and data from theft, damage and unauthorised access. 

Cybersecurity exists wherever digital information is used: in merely browsing the web or doing your banking online, to industrial plants and critical infrastructure, all the way up to the level of national (and international) security. 

Effective cybersecurity measures are vital to prevent disruption, financial loss and harm to individuals and society, and, as technology continues to advance, becomes pivotal in managing these risks.

 

Top cybersecurity threats in 2024

The frontlines of cyber warfare

Phishing and spear phishing

Phishing is a cybercrime where deceptive emails or messages impersonate trusted entities, including banks, e-commerce websites, or social media platforms, to trick users into revealing personal information, credentials or clicking malicious links. 

Spear phishing is a more targeted form of phishing that tailors these deceptive messages to specific individuals or organisations, often containing information that is relevant to the target, such as their job title, location, or recent activities, making them even more convincing and dangerous.

 

Noma Hlazo
Noma Hlazo, Information Security Officer, Investec South Africa

Advanced phishing attacks are leveraging AI capabilities to become more convincing in targeting people. There’s also advanced malware that is using AI to attempt to evade detection.

 

Deepfakes

Generative AI has enabled synthetic voice and face techniques that can mimic the person(s) required to provide access or authorise specific transactions, tricking the victims into processing payments or revealing sensitive information.

Deepfakes are one of the fastest growing forms of ‘adversarial’ AI, with damages growing at 32% compound annual growth rate, on track to top US$ 40 billion in 2027, according to Deloitte.

 

Tash Van den Heever
Tash van den Heever, Information Security Officer, Investec UK

We are anticipating an increase in vishing attacks in the near future, which are voice automated phishing attacks with deepfakes as a modus operandi.

 

What is social engineering?

Social engineering scams trick people into authorising fraudulent transactions and are responsible for most online banking fraud.

Protecting your business from the latest cyber crimes

In episode 2 of What's Next in Business Banking with Aki Anastasiou, Investec experts Kevin Hogan and Thivian Moodley discuss the new tactics cyber criminals are using to defraud businesses.

 

Malware

Malware is malicious software designed to harm, infiltrate, or compromise computers, devices, or networks and can take many forms. It includes viruses, worms, trojans, spyware, adware, and ransomware, which are spread through normal interactions with technology, often leading to data theft, system damage or unauthorised access.

Last year, it is reported that some 300 000 fresh malware instances were generated daily, with an average detection time of 49 days.

Ransomware

Ransomware is a type of attack that is a result of malware – malicious software that encrypts files or locks users out of their systems. This malware is often spread through email attachments, website downloads, or other means of downloading software onto a computer and spreads on devices and networks to targeted data.

Attackers demand a ransom for a decryption key to restore access to the data, holding data hostage until payment is made, yet with no guarantee of recovery. Disclosed ransomware attacks showed an increase of approximately 50% year-on-year for the first half of 2023.

“Ransomware still remains a top priority. It continues to be a growing threat with a number of successful ransomware and data breaches related to extortion attacks being reported. What's changing is that the victim profile is actually getting wider, with more small nonprofit organisations, schools and legal firms also getting targeted.”

Noma Hlazo, Information Security Officer, Investec South Africa

“Many companies that pay the ransom do not necessarily get the decryption key or all of their data back. Due to the anonymous nature of payment methods such as cryptocurrency, the attackers are difficult to identify.”

Insider threats

Insider threats refer to security risks posed by individuals within an organisation who misuse their access or privileges – intentionally or merely negligently – leading to compromised data, systems, or confidential information. 

Insider threat-related risks can include fraud, theft of intellectual property (IP) or trade secrets, unauthorised trading, espionage and IT infrastructure sabotage.  In 2024, the average cost of an insider threat incident is estimated at some US$ 15 million.

Distributed Denial of Service (DDoS) attacks

Distributed Denial of Service (DDoS) attacks overwhelm online services by flooding them with fake traffic. Attackers use networks of hijacked devices to disrupt websites or networks, causing slow or unavailable services for legitimate users. 

A DDoS attack was behind the massive Microsoft outage in July this year that saw users around the world being unable to access several Microsoft services for almost an entire day.

Cloudflare, one of the biggest global security online providers, reported that it alone mitigated 5.2 million HTTP DDos attacks in 2023.

Supply chain attacks

Supply chain attacks target organisations by exploiting vulnerabilities within the supply chain network, such as third-party suppliers, service providers or partners who have access to the target organisation's systems, data, or infrastructure. 

Larger and more complex organisations often do not have a full view of their supply chains, making them more susceptible to this kind of attack.

Man-in-the-Middle (MitM) attacks

Man-in-the-Middle (MitM) attacks are cyber threats where an unauthorised party intercepts or eavesdrops on communications between two parties, enabling them to secretly monitor, manipulate, or steal information exchanged between the victims.

The financial services sector and government agencies are highly targeted by MitM due to the large amount of critical data they manage.

 

Trends in cybersecurity

AI and machine learning in threat detection

Artificial intelligence (AI) will play a critical role in cyber defence as it has already proven excellent in detecting and responding to new, complex cyber threats in real-time. 

By analysing vast amounts of data, it identifies anomalies and patterns, and rapidly processes this threat intelligence to predict and thwart potential risks – even those not yet identified. 

AI is also improving cyber security modelling, says Hlazo: “We're moving away from traditional models that use the pyramid or the network as a security point, towards ones that look at identity, using continuous verification to make sure that the right people have the right access to the right data at the right time.

Quantum computing

Beyond the immediate threats mentioned above, more ominous risks lurk in the future, including the sheer advances in quantum computing. As Reuven Aronashvili, CEO of CYE, an industry-leading cybersecurity platform, suggests, “Encryption that we consider unbreakable today will be easily broken with quantum computing in future.” 

On the other side of the coin, cyber defenders can harness quantum computing to reinforce security. “It's immense processing power gives us the ability to process vast amounts of data and solve complex problems. Research is ongoing around how we can use it to develop more robust cryptography to help us improve encryption and protection for our digital data,” says Hlazo.

Read more: Quantum computers: is your company ready for Q-day?

Cloud security

Multi-cloud data protection, encryption, and compliance needs to constantly remain ahead of the dynamic threat landscape. Key security trends include the widespread adoption of Zero Trust Architecture, which prioritises stringent access controls irrespective of location, while the integration of security into the DevOps process (DevSecOps) has proved invaluable in enhancing overall safety. 

Blockchain security

In blockchain security, the growth of decentralised finance (DeFi) has highlighted vulnerabilities and smart contract exploits, prompting increased scrutiny through auditing and code reviews. Other significant trends, such as the adoption of layer 2 scaling solutions like optimistic rollups and ZK rollups, have helped overall scalability while maintaining robust security standards. 

Privacy has also taken centre stage, with the emergence of privacy-focused blockchains and technologies like zero-knowledge proofs, which are designed to enhance the protection of user data without compromising transparency. 

Read more: How a former convicted hacker is now employed by the world’s leading tech companies to detect security flaws in their software.

 

Countering cybersecurity risks in 2024

Both individuals and organisations must stay vigilant, adapt to evolving threats, and continuously improve their cybersecurity measures to reduce cyber risk effectively.

“Today, we're in an information age where data is available to everyone. So, the more information we make available online about ourselves, the easier it becomes to target corporates and individuals with real world context that makes scams believable.”

Tash van den Heever, Information Security Officer, Investec UK

Cybersecurity for business: implementing better cyber risk controls

Cyber risk controls are put in place to manage and mitigate an organisation’s cybersecurity risks. These controls include technical measures like firewalls and encryption, as well as policies, procedures, and training to protect against cyber threats.

Organisations should implement a combination of controls to safeguard their digital assets and data from cyberattacks and breaches, such as:

Watch video: Protecting your business from the latest cyber crimes

Risk Assessment
  • Thorough and regular cybersecurity risk assessments to identify vulnerabilities, threats, and potential impact on the organisation
  • Prioritising identified risks based on severity and likelihood, considering the potential financial, operational, and reputational consequences
  • A risk mitigation strategy that outlines how risks will be managed, including the implementation of appropriate cybersecurity controls
Incident response planning
  • A comprehensive incident response plan (IRP) that outlines the steps to be taken in the event of a cybersecurity incident
  • Defining roles and responsibilities for incident response team members, including communication protocols and escalation procedures, which should be integrated into the overall disaster recovery and business continuity plans.
  • Continuously updating the IRP to incorporate lessons learned from previous incidents and adapt to evolving threats
Employee training
  • Cybersecurity awareness and training programs for all employees, including best practices for recognising and reporting security threats
  • Fostering a culture of cybersecurity awareness and responsibility throughout the organisation
  • Ensuring that employees understand the importance of following security policies and procedures
Regular auditing
  • Regular cybersecurity audits and assessments to evaluate the effectiveness of security controls, policies, and procedures
  • Utilising external auditors or penetration testing to provide an independent evaluation of the organisation's security posture
  • Continuously monitoring and reviewing access logs, system configurations, and user activities to detect anomalies and potential security breaches
  • Address identified vulnerabilities and weaknesses promptly and make necessary improvements to enhance overall security

 

Top tips for how to protect your online privacy

Being cybersecure needs a multi-layered defence-in-depth approach to reduce your risk of privacy breaches and enhance your overall online security.

Strong passwords

Use unique, complex passwords for each online account, and consider a password manager.

Regular software updates

Keep your system, apps, and antivirus software up to date for security patches.

Two-factor authentication (2FA)

Enable 2FA to add an extra layer of security to your accounts.

Privacy settings

Adjust privacy settings on social media, browsers, and apps to limit data sharing.

Email caution

Beware of phishing emails, verify senders, and avoid clicking on suspicious links.

Online shopping

Shop from reputable websites and monitor credit card statements for unauthorised charges.

Data minimisation

Share the least amount of personal information necessary online.

Review app permissions

Periodically review and revoke app permissions that aren’t needed.

Secure your devices

Lock devices with strong PINs or passwords, enable remote tracking and wiping, and use encryption for sensitive data.

Related Questions:

  • What are social engineering attacks?

    Social engineering attacks are manipulative tactics used to deceive individuals into divulging confidential information or performing actions that compromise their (or their organisation’s) security. Social engineering techniques can include phishing, impersonation (deepfakes), pretexting, and baiting. 

    Social engineering techniques likely represent the biggest cybersecurity threat, and require good AI threat intelligence capabilities to identify and shut down bad actors.

    Read more about social engineering.

  • When did cybersecurity really become an issue?

    Cybersecurity became a prominent issue with the rise of the internet in the 1990s. As digital systems and online connectivity expanded, so did vulnerabilities to cyber threats. High-profile incidents like the "ILOVEYOU" virus in 2000 highlighted the urgent need for robust cybersecurity measures to protect digital assets and data.