Top Cyber Security Tips in 2024
Insights - What We Think

In 2024, it’s more important now than ever for businesses to make sure they can defend themselves against cyber-attacks. As technology continues rapidly developing, cybercriminals have access to more sophisticated and unpredictable ways to commit crimes online. 
So, what do we need to consider when protecting ourselves and our businesses from cyber criminals? As part of fulfilling our purpose to connect people with their assets - safely and securely, our Sydney based Chief Information Security Officer, Tom Heathwood, offered some insight into how businesses can level-up their cyber security practices.

Top vulnerability indicators you need to know

Understanding vulnerability, in this context, means knowing how attackers identify weaknesses within your company’s digital environment. Tom explained, “one contributing factor that makes any type of business a possible target is easy access to cheap tools that attackers use to get into organisations. Many of these tools were once only accessible through specialised channels but can now be bought through the dark web and other illegal marketplaces for only a few pounds”. 

Across the internet, it is now common place for businesses to be subjected to constant automated scans. These scans collect information to identify potential vulnerabilities within your environment which attackers typically look to exploit. “Attackers are able to use publically available information about critical vulnerabilities that you haven’t patched within your network to gain an entry point. Thus, it’s important to be aware of what your digital environment looks like and take the necessary steps to protect it”.

Tom’s key cyber security tips 

Twenty-Four IT services reported that cybercrime cost UK businesses an estimated £21 billion per year, while only 15% of UK businesses have a formal cybersecurity incident management plan in place. UK businesses put themselves at risk of significant loss due to inefficient digital due diligence and preparation. Tom offered methods of reducing this risk, including:

Managing access to your online environment

• Identifying the users within your organisation
• Assessing whether they have an appropriate level of access to your systems and information
• Regularly reviewing employees’ levels of access to ensure employees can access the appropriate amount of data according to their role or employment status

Establishing a resiliency plan

• Having a plan that documents how business leaders will respond in the event of a company-wide cyber-attack
• Ensure your plan is updated and tested regularly via a table top incident response exercise with your executives
• Updating your companies’ traditional back-ups (if necessary) and testing how you would restore your system information from a backup that’s held offline
• Decide how you would communicate with your stakeholders and employees, including what comms you would distribute and who. Also consider including regulators and government bodies such as NCSC who may need to be notified

Promoting employee digital safety 

• Ensure that your devices software is regularly updated/patched and is using a reputable and up to date anti-virus and malware protection software
• Mandate the use of Multi Factor Authentication (MFA) in the workplace, and encourage staff to use it for all personal accounts to protect their sensitive information 
• Providing employees with a secure way to report spam emails
• Encourage staff to use password managers that generate long complex passwords. These are more secure and prevent the need to reuse password across accounts.
• Remember that security doesn’t stop when they leave the workplace, and encourage conversation about good security hygiene with their family and friends

Is Artificial Intelligence the solution? 

In January, the UK National Cyber Security Centre (NCSC) ran a report on the near-term impact of AI on the cyber threat. The findings from this report paint a scary picture of what AI could be capable of in the wrong hands, such as, ‘increasing the volume and heighten the impact of cyber-attacks over the next two years’.

When asked if he thought AI would lead to a significant rise in cyber-attacks, Tom explained that attackers mainly use AI to propagate their attacks and fast-track their attack processes, “particularly AI generated phishing emails and templates that are more sophisticated, making it harder for recipients to detect the email’s inauthenticity.”

While the malicious use of AI is certain to increase over time, it can also use it in defence. Tom explained, “these attackers have very limited amounts of information about your organisation, and they’re looking for weaknesses in what they can see to exploit those to gain access. However, as defenders of an organisation, we have full visibility of everything about an organisation, so there’s an opportunity for using AI to help us secure our entire footprint.”

Businesses must remain vigilant to cyber threats, including emergent AI, and ensure adequate monitoring, detection, response and recovery measures in place to protect their environment.

Key Takeaways

Levelling up business cyber security requires everyone at each level of your organisation to be vigilant and informed. Cybercrime rates (especially AI enhanced attacks) will become more frequent, meaning businesses will have to start focusing more on ensuring their defences are just as sophisticated as cyber criminals attacks will become. Don’t underestimate the damage that cyber-attacks can have on your business, even on a smaller scale, and make sure you are prepared by following the common tips above. You can find more help and guidance on the National Cyber Security Centre - NCSC.GOV.UK.