Cybersecurity Review for the year 2024 - Rajarshi Bhattacharyya, Co-Founder, Chairman and Managing Director, ProcessIT Global

We are coming to the end of 2024, that time of the year to reflect on the developments and challenges that defined the cybersecurity landscape across the last 12 months.  The cybersecurity domain underwent a significant transformation with cyber threats becoming more sophisticated and complex, in recent days.  More advanced AI-driven tools and complicated social engineering tactics were employed by cybercriminals to achieve their goals.  Adversaries operated at record AI speed, regulatory agencies began to implement stringent compliance measures, and technological innovation increased with advanced security controls leveraged to keep threats at bay.  Here’s a capture of the developments and challenges in the cybersecurity domain that defined the year.

AI revolutionized cybersecurity

In 2024, AI technology developed further to enhance advanced threat detection and response giving rise to sophisticated AI-driven security tools.  The integration of AI and ML technologies in the cybersecurity domain enhanced defensive capabilities and offered strategic advantages for talent and resource optimization reducing the workload on security teams. Besides enhancing threat detection and response times the complexity of cyber threats was addressed as well.  AI solutions were also useful in handling large volumes of data across numerous devices connected to the network.  Unfortunately, the same AI technology was exploited by threat actors too in developing AI-powered attacks such as phishing, deepfake, ransomware, Denial of Service, Advanced Persistent Threats, and many more presenting new challenges for cybersecurity teams.

Regulatory landscape intensely deepened

The year saw significant new cybersecurity rules and regulations in large economies across the globe.  As a global leader in the digital landscape with 936 million internet subscribers (till Dec 2023, TRAI), the Indian government recognizes the critical importance of a secure digital landscape and has been implementing strong policies to protect online users.  In addition to several earlier regulations implemented earlier, in November 2024, the Department of Telecommunications introduced Telecom Cybersecurity Rules, 2024 which aims to protect India’s communication networks and services.  It announced strict measures including specified timelines for telecommunication entities to report any incident. These Rules demonstrate the seriousness of the Indian government about cyber security and the plan to modernize and improve the cybersecurity framework for India’s telecom infrastructure. Additionally, the focus was on strengthening cybersecurity and safeguarding user data while ensuring service integrity.

Attacks on the cloud, mobile, and IoT were high

With people relying on mobile apps and cloud, and other smart devices, cybercriminals attempting to hack their privacy are also increasing exponentially. The number of people accessing the internet with a mobile device increased significantly and a sizable percentage of internet traffic was also generated by mobile devices.  In 2024, the attacks grew on mobile, cloud, and IoT devices.  The OT and cyber-physical systems which were earlier isolated from the Internet are now integrated into enterprise networks, with an increasing likelihood for cyber threats to thrive.  According to Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report, where a dataset comprising over 20 billion threat-related mobile transactions and associated cyber threats, between June 2023 to May 2024, India tops the list for mobile malware attacks globally surpassing the United States and Canada.

Global shortage of cybersecurity talent

In 2024 the cybersecurity skills gap widened with several security professionals lacking the skillsets to manage the rapidly growing cyber threats.  According to the World Economic Forum, the global talent shortage across nation-states and industries could reach 85 million by 2030 causing approximately USD 8.5 trillion in unrealized annual revenue.  Currently, there is an urgent requirement of 4 million professionals to plug the talent gap in the global cybersecurity industry.  The recent high-profile, AI-enabled attacks are a wake-up call for organizations to take cybersecurity seriously.  Traditionally high level of job satisfaction found in the cybersecurity sector is down 4%.  Organizations addressed the skill shortage by partnering with managed security services and investing in targeted training and upskilling of employees.  Additional AI and automation helped to fix the skills gap partially.

Sharp rise in third-party data breaches

With the fast-expanding threat landscape across the year, third-party exposure was a growing vulnerability for organizations. Cybercriminals identified third-party vendors with weaker security and targeted them to reach their primary targets.  A recent IBM Cost of a Data Breach Report revealed only 42% of companies discover breaches through their own security teams highlighting the third-party risks that organizations are blind to.  These breaches can have dire consequences leading to financial losses, operational disruptions regulatory penalties, and more.  Some of the third-party data breaches in 2024 included Infosys McCamish Bank of America Data Breach, Fortinet Data Breach, Toyota Data Breach, Truist Bank Data Breach, Shopify Data Breach, and American Express Data Breach, among others.  Third-party risk management has become a necessity in today’s rapidly evolving business world.

The cybersecurity landscape stands at the threshold of a paradigm shift today.  In today’s fast-changing digital age, securing our digital assets is more critical than ever.  Going forward, organizations have to deploy a proactive approach to navigate the complex cybersecurity landscape and ensure their digital assets are safe from both internal as well as external attacks.