Johannesburg, 22 October 2024 – As cyber threats continue to grow in both scale and sophistication, businesses in 2024 must remain more vigilant than ever to safeguard their sensitive data and financial assets. With cyber risks advancing alongside technological progression, cybersecurity can no longer be treated as an afterthought; it is as crucial as any other core business policy.
According to the World Economic Forum Global Risks Report 2024, cyberattacks now rank fifth in the global risk landscape at a staggering 39%. The cost of global cybercrime is expected to reach $9.5 trillion by the end of this year according to Cybersecurity Ventures. Small businesses, in particular, are vulnerable, with nearly half of all cyberattacks targeting this sector—many of which do not survive the aftermath of a breach.
Joe Szemerei, Chief Operations Officer (COO) of financial services provider, Indwe Risk Services (Indwe), emphasises the growing risk: “Businesses need to be more vigilant now than ever, as cybercriminals are increasingly finding new and innovative ways to bypass security measures. Cybersecurity should be a priority for every organisation, regardless of size, and it requires proactive risk management.”
The rise of cyber threats and new attack vectors
In 2024, Business Email Compromise (BEC) tops the list of cyber threats, with a 20% rise in BEC scams this year. AI-generated BEC content is responsible for nearly 40% of such attacks, with fraudsters increasingly using artificial intelligence to impersonate internal communications and deceive employees.
Cloud-based systems, while highly beneficial, are another area of vulnerability. Cybercriminals can easily penetrate weak firewalls, exposing sensitive information. Additionally, the rise of AI tools—many available on platforms like GitHub—makes it easier for attackers to automate phishing, malware, and Distributed Denial of Service (DDoS) attacks.
Common cyber threats and the associated business risks
In this ever-evolving cyber landscape, attackers are increasingly using AI tools to create sophisticated and adaptive attack vectors to target businesses. These include:
- Phishing and social engineering: AI-powered phishing attacks have become increasingly sophisticated, capable of generating nearly indistinguishable emails and social engineering schemes from legitimate communications. These highly convincing messages pose a significant threat to organisations, as a single compromised account can lead to both reputational damage and substantial financial losses.
- Malware: Attackers can use AI to create new kinds of malware that can evade traditional security measures.
- Vulnerability checks: AI tools can be used for automating and accelerating the discovery of possible entry points by analysing datasets to recognise vulnerabilities in systems or networks.
- Deepfakes: Deepfakes pose a significant security threat, enabling attackers to create highly convincing audio and video impersonations of trusted individuals. By manipulating these deepfakes, malicious actors can gain unauthorised access or manipulate targets into revealing sensitive information. The increasing realism of deepfakes makes them a particularly dangerous tool in the hands of cybercriminals.
- AI Poisoning: Cyber-attackers can influence the training data of AI models to introduce biases or vulnerabilities, in turn compromising the integrity of the AI-based applications.
The financial and reputational costs of cybercrime
The consequences of cyberattacks go beyond financial losses. Szemerei says: “When clients feel that their data isn’t secure, they lose trust—not only in your business, but in the products or services you provide.” In addition to reputational damage, businesses face operational disruptions, asset loss, and lengthy system recovery processes.
Cyberattacks increase during holiday seasons
Holidays often bring heightened cybersecurity risks for businesses. As demand rises and operations rely on minimal staffing, networks can become unsupervised, creating opportunities for cybercriminals. This is especially true for businesses in eCommerce, where vulnerabilities are frequently exploited.
Preventative measures to protect your business
There are multiple, easy-to-implement measures that businesses can take to mitigate their risk of cyberattacks. These include:
- Implement strong password protection policies with multi-factor authentication.
- Regularly upskill employees through training and awareness programs.
- Keep security software up to date with auto-download options for updates.
- Conduct regular security audits and have detailed incident response plans.
Protecting your businesses with cyber insurance
Despite the best preventative measures, cybercriminals can still find ways to breach systems. This is why cyber insurance is an essential part of any business’s risk management strategy. Indwe offers cyber insurance to protect businesses from financial losses due to data breaches, cyber extortion, and third-party liability.
Szemerei concludes: “We urge businesses to reassess their cybersecurity protocols and consider cyber liability insurance as part of their overall risk management plan. Being proactive is critical to avoid the damage caused by breaches.”
For more information on Indwe’s cyber insurance offerings and risk mitigation strategies, speak to a broker for their expert guidance, contact Indwe on 0860 13 13 14 or email on: indwe@indwe.co.za.