By Professor Danny Myburgh
The digital economy is growing, but so is its dark underbelly, cybercrime. According to Statista, the ‘Estimated Cost of Cybercrime’ indicator is estimated to reach 13.82 trillion U.S. dollars by 2028. Unfortunately, escalating numbers of mobile and online and mobile interactions are creating millions of attack opportunities, with data breaches threatening both people and businesses.
The good news is that forewarned is forearmed and although cybercrimes are on the rise, technological advancements – particularly in cybersecurity and digital forensics – are increasingly sophisticated, particularly in the fields of artificial intelligence (AI) and machine learning.
Here are the top trends that we believe will shape 2024 and beyond.
1. The cybersecurity skills shortage will reach an all-time high
The cybersecurity skills shortage in South Africa is nothing new. In fact, according to Fortinet’s 2023 Global Cybersecurity Skills Gap report, 40% of South African companies struggle to hire and retain cybersecurity experts, and 64% believe that the shortage of cybersecurity skills in their organisations creates additional cyber risks, with 86% believing they suffered a breach partially due to a lack of internal cybersecurity skills.
This is no small problem. In the 12 months leading up to the report, 39% of South African organisations experienced breaches that cost over 1 million U.S. dollars (R18 million) to remediate.
The challenge is that the need for cybersecurity skills far outpaces new talent entering the market. In addition, it takes immersion in the cybersecurity world, dealing with daily attempted breaches to understand the landscape and how it is continuously evolving. This takes time – there is simply no way around that. Companies should focus on investing in training, development, and upskilling programs today to address future needs, and look for expert partners to support them with external skills.
2. Cybersecurity professionals need to build their soft skills
There may be a cybersecurity skills shortage, but for cybersecurity professionals already in the field, there is an increasing need – and industry expectation – for the soft skills required to help experts navigate the challenges that the digital economy presents for organisations. This involves taking on more complex workloads as the threat landscape continues to grow in sophistication. With social engineering on the rise and a need for training, better interpersonal communication, relationship building across the business, and problem-solving skills, cybersecurity professionals are at the heart of everything an organisation does. This is no longer a ‘tech’ position. It is strategic to the entire organisation’s operations and survival.
3. Cybersecurity will be on every board’s strategic agenda
Cybersecurity is a strategic priority. Organisations can no longer leave IT to IT departments. Digitisation means that technology touches every aspect of an organisation, providing vast opportunities and threats. Gartner has predicted that 70% of boards will include at least one cybersecurity expert by 2026, enabling businesses to capitalise on new opportunities while evaluating and proactively preventing threats.
4. Generative AI is both threat and solution
Generative AI is increasingly being used in smarter, more complex attacks, from automated malware that evades detection through intelligently adapting to systems, to deepfake social engineering attempts that are extremely difficult to identify. However, AI tools are also already helping us detect, evade, or neutralise threats thanks to multi-factor authentication, real-time anomaly detection, self-healing abilities, and automated incident response. It’s a powerful strategic advantage if used correctly.
5. The Internet of Things (IoT) is a huge opportunity for cyberattackers
The more devices are connected to the internet, the more opportunities cybercriminals have to access a network. Most organisations have adopted a hybrid approach to work, with employees moving between home offices and their traditional office spaces. The threat perimeter has therefore grown, and employees are logging on to devices through networks that could also be connecting to home security systems, fridges, smart televisions and an abundance of other devices, none of which will have the same level of security as business devices. Unfortunately, most home consumer IoT devices have weak security protocols and passwords, a vulnerability that will continue to be a cybersecurity weak spot.
6. Cyber resilience will be 2024’s watchword
We’ve highlighted how much cyber breaches are costing the global economy – and South African businesses – each year. While this will continue to be a concern, most organisations are moving from a reactive posture to a proactive cybersecurity focus. Cyber resilience is critical, and business leaders are recognising that their organisations should not only focus on preventing attacks, but ensuring business continuity when an attack does occur. The sooner an attack is identified, the sooner an incident response plan can be triggered, ensuring vulnerabilities are closed and business as usual can continue. Developing the capability to recover in an agile manner while minimising data loss and downtime is a strategic priority.
7. Zero Trust must become adaptive and holistic
If 2023 was the year of ‘Zero Trust’ – the assumption that there is no perimeter within which network activity can be assumed to be safe and that identities should always be verified – 2024 will take this entire concept a step further. Fundamentally, Zero Trust states that individuals should only have access to data and workloads that are specifically required for their jobs, but with an ecosystem of hybrid workers, third party suppliers, cloud-based solutions, and IoT devices, Zero Trust must evolve from being a technical network security model to something holistic and adaptive, enabled by continuous AI-powered real-time authentication and activity monitoring.
The future and beyond
Technologically, we are experiencing exciting advancements that are impacting both personal and professional lives. With every opportunity comes risk, however, and we expect sophisticated cybersecurity threats to shape 2024 and beyond. Working with the right partners who understand this evolving landscape and who have the inhouse expertise and technology to prevent, detect and respond is paramount.