According to a recent Federation of Small Businesses (FSB) report, 72% of SMEs have experienced cybercrime in the last two years. But what lies ahead on the threat landscape this year? We take a look…

This year, it is predicted that cybercrime will pose an even greater threat to organisations than it has in previous years, which is not exactly a surprise, what with criminals developing ever-more sophisticated approaches to target the vulnerable. But it does mean businesses need to invest even more in cyber resilience to ensure their security.

In this blog, we look at the cyber trends for 2024 and what businesses should be aware of.

Increasingly sophisticated phishing attacks

With the increasing availability of AI, such as ChatGPT, attackers can create more advanced and convincing phishing attacks, designed to trick individuals into revealing account credentials or providing access to networks. To respond to this growing threat, organisations must implement measures to raise awareness and educate employees. 

An increase in attacks in ransomware

According to research conducted by ransomware specialist Marcelo Rivero, the United Kingdom was the second most attacked country in the world for ransomware between April 2022 and March 2023.

And it's not going away. Ransomware, which is malicious software that prevents access to a computer system or data until a fee is paid, can cripple operations, cause significant financial losses, and compromise sensitive data.

Unfortunately, the frequency of these attacks is increasing and will continue to do so through 2024, making it more important than ever for SMEs and individuals to implement basic cyber security measures if they haven't already.

More attacks on SMEs

Criminals may target vulnerable organisations rather than valuable ones. Larger organisations with hefty budgets can protect themselves with high-level cyber security, making it more difficult for an attacker's nefarious plan to succeed.

However, due to a lack of funding, a lack of understanding of the threat, and a belief that they are too small to be targeted, SMEs are less likely to have cyber security procedures in place.

But, with a recent insurance sector figure indicating that over 90% of victims are indeed SMEs, that belief that they will not be targeted is misguided, and there are simple, low-cost measures that small businesses can implement without breaking the bank, such as strong and unique passwords, 2-factor authentication, and backing up all important data, as well as the EMCRC's FREE offerings, starting with our information pack.  

More cases of Double extortion

When cybercriminals use a two-pronged attack strategy, they maximise their financial opportunities. A good example of this is the ransomware tactics used by the Black Bastas cybercriminal gang. It has been active since April 2022 and has used a double extortion strategy successfully.

The gang has threatened to leak sensitive data and information in addition to encrypting victims' data. It is estimated that it has received over $107 million in Bitcoin ransom payments, implying that this criminal business model will become more common. 

Cyber security for your company, regardless of size, is critical to keeping criminals at bay, especially as their techniques become more sophisticated. At the EMCRC, we can help you put the right procedures in place to ensure your safety.

Here are just a few things you should consider:

To help strengthen an organisation's cyber resilience, ensure that employees are aware of the types of attacks and methods for identifying them. The EMCRC can provide customised employee-based Security Awareness Training based on the threats your company and employees may face. This can be in person and on prem, or online, delivered by one of our brilliant Cyber PATH students. 

Put in place policies and procedures for data control and access. Consider limiting the number of attachments employees send out at once and establishing policies for data handling and password security that employees can follow.

Make a solid incident response plan. When an attack occurs, there is a step-by-step procedure for dealing with the incident. 

If you are interested in Security Awareness Training, the EMCRC offers customised sessions for those with limited cyber knowledge. It's an excellent opportunity for businesses to help employees gain confidence in understanding and preventing cyber risks, spotting suspicious activity, and feeling empowered to raise concerns. Contact us about booking your session.

For resources, toolkits, regular cyber news, threat updates and more, sign up for the Centre’s FREE Information Pack and newsletter subscription. It's free, and it will take you a minute to complete. Remember: we exist to help businesses in our region.

Big thanks to the Cyber Resilience Centre for Wales for allowing us to re-write their excellent blog.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).