Cybersecurity Awareness Month is a great opportunity for public and private organizations to take stock of their cybersecurity goals, measure their progress, and prepare for what lies ahead. To that end, below are five emerging trends that are transforming how we drive our security programs to defend against cyber threats:

1. AI is a key player in the fight against cybercrime

AI offers significant benefits due to its ability to process vast amounts of data, identify patterns, and detect signs of an attempted attack. It’s a useful tool for detecting malicious activity in a system or network, spotting anomalies or suspicious behaviors, and automating many manual cybersecurity tasks, freeing up time and resources.

But while the cybersecurity industry is focused on how to use AI to stop bad actors, cybercriminals often use AI to increase the speed, scale, and intensity of their attacks.

For example, phishing emails have evolved from simple deceptive emails to becoming more advanced, harder to spot, and significantly more dangerous. Attackers are also successful at using deepfakes to perpetrate fraud or manipulate an audience into action.

AI’s adaptive nature is one of its most potent features in social engineering attacks, manipulating people into giving away sensitive information or compromising security.

In fact, a UNODC report saw by than a 600 percent increase in mentions of deepfake-related content targeting criminal groups in Southeast Asia across online platforms in the first half of 2024.

By using AI in these attacks, cybercriminals can appear more credible and trustworthy, leading more victims to fall for fraud attempts or manipulation, which could lead to system compromise.

2. Cyber, cyber everywhere

We’re more connected now more than ever, which can have devastating consequences if proper cyber awareness isn’t applied.

The uptick in cybersecurity incidents has coincided with the shift to remote working, as criminals seek to take advantage of the increased attack surface available. Perimeter security deployed at the office is no longer suited to adequately defend employees in this new environment or with modern interconnected capabilities.

For example, a single click on a seemingly harmless link in WhatsApp can open the door to cyber threats and can compromise your personal information and potentially put your organization’s data at risk.

In September 2024 alone, Singapore saw at least 100 cases reported, with total losses amounting to at least S$6.7 million.

For years we have looked to control Shadow IT devices and systems in the workplace that are connected to networks without permission. Now, we’re faced with Shadow AI (the use of AI systems and tools within an organization without formal approval or oversight), which is a growing problem and has real consequences around the confidentiality of our data, thus we must implement capabilities to continuously detect and control possible cyberattacks.

One solution is a zero-trust strategy (a cybersecurity model requiring users to be authorized at every level of network access), which could prevent sensitive resource compromise in the workplace, even if a specific device is breached. Remember, zero trust is not a discrete solution but rather a strategy driver and mindset backed by technology.

3. Attacks can target critical infrastructure–and our homes

When the lights go out or the gas is cut, most people are unlikely to think it’s the result of a cybersecurity breach. But operational technology (OT) is an emerging battleground for cyberattacks, with the systems that control and automate factories and critical civil infrastructure (including power stations, water-treatment plants, and dams) becoming a target.

To keep pace with this and make sure we’re as ready as can be, Singapore has launched the OT Cybersecurity Masterplan 2024 as part of the government’s increasing efforts to enhance the security and resilience of industrial control systems and organizations utilizing OT technologies.

And with ongoing geopolitical tensions, industries must ensure they stay one step ahead by baking in cybersecurity protection across their operations.

Global events can increase the threat level

In times of crisis, an upsurge in cyber-attacks is common. Threat actors are often hard at work taking advantage of vulnerable individuals, systems, and government resources for financial, political or other gains.

Such attacks can have profound implications for critical infrastructure and industrial sectors around the world. For example, instead of targeting end-users directly, attackers now compromise the supply chain itself, becoming a primary vector for large-scale data breaches and cyber incidents.

5. The Talent Issue

As organizations confront the complexities of escalating cyber threats, they need people with the right skills to protect their data and systems.

We hear a lot about how the global cybersecurity skills gap is widening, leaving many organizations vulnerable to increasing cyber threats. Almost overnight, companies have realized that they need a dedicated cybersecurity professional—or an entire team—on staff.

One way around this is to broaden the candidate pool to bring junior candidates into the fold and grow them with on-the-job training. This can include candidates who might not have the specialized skills required, but come with analytical potential, problem-solving skills, and technical promise. And by providing proper training to existing employees, organizations can empower them with career mobility and become the first line of defense against potential threats.

AI and machine learning can also work as a force multiplier for smaller security teams, which gives organizations a better chance against the newest strains of malware.

This is not meant to replace valuable and scarce expertise, but rather augment it by using AI to support overtaxed security analysts, identity management professionals, and incident responders who need to sort through an increasing amount of information to do their jobs. And with the help of AI to automate analyst functions at machine speed, security teams can focus their attention on higher-value tasks.

As cybersecurity threats become increasingly sophisticated, organizations must adopt proactive defensive strategies, leveraging AI and machine learning to enhance security. Challenges posed by evolving sophisticated cyber threats, such as those targeting critical infrastructure and exploiting global events, underscore the need for comprehensive risk management and robust third-party oversight.

#CybersecurityAwareness #AIinCybersecurity #ZeroTrust #CriticalInfrastructure #CyberTalent #Ifvex