The second half of 2024 is poised to bring significant shifts in the cybersecurity landscape, according to a newly released industry report.
As organisations continue to grapple with the rising tide of cyber threats, the report, titled: ‘Breaking Down H1 Threats like a Weight Loss Journey,’ released by Cybervergent, highlights five key trends expected to shape the field over the next few months. These trends are zero-day exploits; Cloud security focus; Cybercrime‑as‑a‑Service (CaaS); Ransomware surge and Insider Threats.
Explaining further, the chief solutions officer (CSO), Cybervergent, Gbolabo Awelewa, at a media roundtable discussion, said zero-day exploits is one of the methods hackers exploit to attack organisations, adding that in the first half of 2024 alone, over 1,200 zero‑day vulnerabilities were discovered across various software applications, according to a report by Cybersecurity firm RiskIQ. This represents a 25 percent increase compared to the same period in 2023, he added. Awelewa urged companies to step-up their vulnerability scanning and patching routine. “Regularly assess your systems for weaknesses and prioritise fixing them before attackers land a knockout blow,” he advised.
On cloud security focus, the CSO disclosed that in March 2024, a major cloud storage provider suffered a data breach due to a misconfigured cloud storage bucket, adding that the exposed data belonged to millions of users, including sensitive information like social security numbers and credit card details. “This can be avoided when organisations strengthen their perimeter defences. Implement firewalls, intrusion detection systems, and other security measures to make it harder for attackers, regardless of their skill level, to infiltrate your network,” he stated.
“Also, in June 2024, a software company experienced a major supply chain attack. Hackers infiltrated a third‑party vendor used by the company and injected malicious code into a widely used software update. This code allowed hackers to gain access to the systems of thousands of companies that had installed the update,” he revealed. To avoid this, Awelewa advised companies to vet their third‑party vendors carefully.
“Ensure they have adequate security practices in place to minimise the risk of them becoming a vulnerability in your supply chain,” he added.
Cybercrime is becoming a service, with easy‑to‑use tools available for even newbie attackers, Awelewa said, while citing a recent report by McAfee which suggests that the CaaS market is expected to reach a staggering $20billion by 2025. “This significant growth highlights the growing accessibility of cybercrime tools and the need for heightened vigilance. To this end, organisations should strengthen their perimeter defences. Implement firewalls, intrusion detection systems, and other security measures to make it harder for attackers, regardless of their skill level, to infiltrate your network,” he stated.
Ransomware isn’t going anywhere, the CSO averred, while telling organisations to expect attackers to use even more sophisticated encryption and sneaky tactics to avoid detection and maximise the impact. He stated that a new ransomware variant called “Hades” emerged in April 2024. “Hades encrypts a victim’s data and threatens to leak it on the DarkWeb if the ransom demand is not met. Unlike traditional ransomware, Hades also targets a victim’s social media accounts, exfiltrating personal information and using it to pressure them into paying.
“To avoid this, back up your data regularly. Implement a robust backup and recovery plan to ensure you can restore your data quickly in the event of a ransomware attack. Additionally, train your employees to identify and avoid phishing attempts, a common tactic used to deploy ransomware,” he advised.
Insider threats also pose a significant risk to an organisation’s cybersecurity, Awelewa said, adding that these threats come from within–employees, contractors, or partners who have legitimate access to your systems but misuse it, either intentionally or accidentally.
According to a 2024 Insider Threat Report by Cybersecurity Insiders, 74 per cent of organisations feel vulnerable to insider threats, with 34 per cent reporting an increase in insider incidents over the past 12 months. In May 2024, a major financial institution discovered that a disgruntled employee had been slowly exfiltrating customer data over a period of six months before being detected. The employee had used their authorised access to bypass many of the company’s security controls, he stated.
Awelewa therefore tasked organisations to implement robust access controls and monitoring systems. “Use the principle of least privilege to ensure employees only have access to the data and systems they need for their roles. Deploy User and Entity Behavior Analytics (UEBA) tools to detect unusual patterns that might indicate insider activity. Additionally, foster a positive work culture and provide channels for addressing employee grievances to reduce the risk of malicious insider actions,” he added.
Despite facing a tough regimen of challenges and obstacles, Awelewa said Cybervergent helps clients level-up, by equipping them with state-of-the-art tools, intensive security knowledge and strategic partnerships, thereby boosting their overall strength and resilience. The Cybervergent digital trust platform has been a game‑changer,” he stated.He however reiterated that Cybervergent is committed to being organisations’ long‑term fitness partner. “By automating routine tasks, we’ve freed up security teams to focus on more challenging activities like threat hunting. Looking ahead, we will continue to develop innovative tools and provide expert guidance to help organisations navigate the ever‑changing threat landscape,” he assured.
