As technology continues to play an increasingly crucial part in our everyday lives, cyber security has been intrinsically linked with several major events and developments in 2023.
So, we have recapped the main cyber security trends and challenges from the past 12 months — and looked to the future to see what demands will shape the industry in 2024…
The biggest cyber news from 2023
The National Cyber Security Centre’s (NCSC’s) 2023 annual review recorded an all-time high of 2,005 incident reports and 24.48 million incident notifications between September 2022 and August 2023, highlighting the ever-increasing threat of cyber crime.
But what were the main themes revealed by these incidents — and what were the driving forces behind them?
Attacks from abroad
Russia’s invasion of Ukraine in February 2022 has had a knock-on impact on the cyber security industry ever since, with Russia’s prolific cyber actors posing significant threats to the UK and other western entities.
From state-sponsored distributed denial-of-service (DDoS) attacks to intensifying spear phishing and disinformation campaigns, Ukraine’s allies have dealt with several attempts to interfere with critical national infrastructures.
Thanks to Ukraine’s well-developed cyber defences and support from international governments, the impacts of these breaches have been mostly contained. However, NCSC experts have warned that the UK’s critical infrastructure still faces ‘enduring and significant’ threats from state-aligned groups and aggressive cyber activity due to geopolitical tensions.
Alarming cyber threat figures from the International Energy Agency’s recent trends report highlighted that attacks against utilities had almost doubled in two years, with worrying implications for energy security in Europe.
Additionally, China’s vast technological capability has remained a particular challenge for the UK, with experts continuing to see evidence of China state-affiliated cyber actors deploying sophisticated cyber aggressions. Plus, in January, the NCSC issued a warning about the Iran-based TA453 criminal group, which has targeted education, defence, politicians, activists and more throughout the year.
Artificial intelligence
The swift adoption of artificial intelligence (AI) across industries has led to several opportunities and challenges for cyber security professionals.
Despite its many advantages, from enabling cost-effective automation to plugging skills gaps, the growing accessibility of advanced large language models (LLMs) has made it easier than ever for cyber criminals to exploit this technology for sophisticated cyber attacks.
As a result, 2023 has seen varied use of generative AI for phishing emails, keystroke monitoring and basic ransomware code — with Check Point Research’s 2023 Mid-Year Security Report naming next-generation AI tools as a leading cause of Q2’s 8% surge in global weekly cyber attacks.
Though AI has the potential to aid cyber security efforts in the future, short-term threats have caused anxiety amongst authorities in 2023, prompting some countries to restrict its use.
For example, the Italian data protection authority temporarily banned OpenAI’s popular ChatGPT tool in April over privacy issues, whilst digital ministers in Germany and France also expressed concerns over its compliance with the GDPR.
Rising ransomware threats
Ransomware was another primary concern for UK cyber professionals in 2023, with several high-profile attacks making headlines.
For example, hacking and ransomware group Clop claimed responsibility for the infamous MOVEit breach in May. MOVEit produces file transfer software used by the likes of Shell, British Airways, the BBC and around a dozen US government agencies — all of which had data exposed to hackers.
This was just one of many big ransomware attacks this year, with the NCSC recording 297 reports of this activity between September 2022 and August 2023 in the UK alone. According to Allianz, the number of ransomware victims surged by a whopping 143% globally in Q1, with January and February seeing the highest number of hack and lease cases in three years.
As a result, experts issued recommendations that all organisations — regardless of size or sector — should take immediate action to protect themselves against this growing threat.
The 2024 cyber security outlook
Cyber security professionals have had their work cut out for them this year — with the proliferation of accessible, advanced technology presenting a host of new vulnerabilities.
However, despite the incidents of 2023, it is not all doom and gloom. Cyber security continues to become an increasing priority for a range of businesses, with around seven in 10 companies claiming that cyber security is a high priority for their senior management.
Many organisations now acknowledge that cyber crime is not going away anytime soon. In fact, it is likely to get worse before it gets better. So, if we have learnt anything from the past year, it is that a long-term strategy is needed to provide adequate defence against mounting cyber security concerns.
As such, international governments and regulatory bodies are working on policies and approaches to accelerate security efforts and keep pace with evolving threats — especially regarding AI.
According to the NCSC, its primary objective is to ensure cyber security within AI is recognised as a primary consideration and prerequisite for these systems’ safety, reliability and ethical value — proposing a ‘secure by design’ approach to managing risk.
And as more and more businesses migrate to the cloud, where improper cyber security management can lead to disaster, having suitable measures in place to protect sensitive data, contain successful breaches and report incidents to the relevant authorities will be crucial.
With new controls and policies emerging to ensure data privacy and contain threats, organisations must act now to protect their assets whilst making the most of the latest business technology — without the constant threat of cyber attacks getting in the way of progress.
Move into the new year with confidence in your technology systems. Call 01252 843014 or email info@burningtree.co.uk to arrange a discussion with our cyber specialists.