Optimus Think

In 2024, cyber security is not just a technical issue – it’s a business imperative central to all Canadian organizations, irrespective of size or sector. According to the Canadian Centre for Cyber Security, it has become a major concern for Canadians as ransomware incidents, data breaches, and false information have become rampant online. With the cyber security market forecasted to hit $300 billion in 2024¹, and the global cost of online crime predicted to reach a staggering $10.5 trillion annually by 2025², the numbers speak to the severity of the situation.

Considering the pervasiveness and potential impact of cyber threats, we advocate for a proactive defense strategy. This approach encompasses understanding emerging cyber security trends, creating cyber security awareness, ongoing testing, and implementing mitigation methods. Employing best practices for cyber security will elevate your cyber resilience and help shield your organization from the ever-looming threat of cyber attacks.

Key Cyber Security Trends and Challenges for 2024

According to the Canadian Centre for Cyber Security (Cyber Centre)³, the national technical authority on cybersecurity, some of the key cyber security trends and challenges for 2024 are:

Credential Protection

Multi-factor authentication (MFA) is now a necessity. This security measure requires users to provide more than one piece of evidence to verify their identity when accessing online services. MFA has become increasingly important for cyber security in Canada, as cyber threats continue to evolve and target critical infrastructure, organizations, and individuals. According to the National Cyber Threat Assessment 2023-2024, Canada faces a high likelihood of ransomware attacks, data breaches, online espionage, and foreign interference in the next two years⁴. MFA can help reduce the risk of these attacks by making it harder for hackers to compromise accounts and systems. However, MFA is not a silver bullet, and it also comes with challenges, such as user convenience, cost, and compatibility. Therefore, Canadian organizations need to adopt a holistic approach to cyber security that includes MFA as well as other best practices, such as encryption, backup, patching, and awareness training.

Increased Use of Artificial Intelligence (AI) by Cyber Attackers

AI is not only a powerful tool for good but also a potential weapon for evil. Cyber attackers can use AI to enhance their malicious activities in a variety of ways. For example:

• Modifying Hacks to Evade Detection: AI can help attackers create malware that adapts to different environments and security systems, making it harder to identify and stop.
• Increasing Instances of Denial-Of-Service Attacks or Ransomware: AI can help attackers launch more sophisticated and targeted attacks that overwhelm the network or encrypt the data of their victims, demanding ransom for restoration.
• Using Social Engineering and Deepfakes to Manipulate Victims: AI can help attackers create realistic and convincing fake images, videos, or voices of people or organizations, tricking victims into revealing sensitive information or performing harmful actions.

More Zero-Day Exploits

Zero-day exploits are cyber attacks that target software vulnerabilities that are unknown to the software vendor or the security provider. These attacks can compromise the confidentiality, integrity, and availability of data and systems and cause significant damage to organizations and individuals.  Canadian organizations are not immune to these risks as they rely on various platforms, applications, and technologies for their daily operations. Some of these sectors such as energy, transportation, public safety, finance, and healthcare, are considered critical infrastructure and have a high impact on national security and the economy. For example, in March 2023, Microsoft disclosed a zero-day vulnerability (CVE-2023-23397) affecting Microsoft Outlook that allowed a threat actor to steal NTLM credentials from the victim’s Outlook client by sending a malicious email. This vulnerability was exploited by sophisticated actors and targeted critical infrastructure sectors in Canada.

Connected Technology Attacks (5G & IoT)

With the standardization of the fifth generation of wireless cellular technology (5G) and the Internet of Things (IoT), the increase in connected devices/technologies has expanded the number of opportunities cyber attackers have to gain access to your organization. In Canada, this is a serious concern as the average person has 5.9 IoT devices such as a smart speaker, thermostat, or security camera⁵ . These devices often have weak security features and can be easily hacked or compromised by malicious actors. Moreover, 5G networks enable faster data transmission and lower latency which can facilitate more sophisticated and coordinated attacks on critical infrastructure such as power grids, water systems, or healthcare facilities. This underscores the need for Canadian organizations to adopt robust cyber security measures and practices to protect their data and assets from these emerging threats.

Growth of Cybercrime-As-A-Service (Caas) Operations

Cyber attackers will offer their services and tools to other criminals, increasing the quantity and capability of cyber threats. CaaS operations will also compete for targets and introduce more variants to differentiate themselves from competitors.

How to Take a Proactive Approach to Cyber Security

The cyber security trends above highlight the need for organizations to adopt a proactive and holistic approach to cyber security that includes awareness, training, testing, and implementing AI solutions.

Awareness

Organizations should educate their employees, customers, and partners on cybersecurity best practices and how to recognize and report cyber incidents. Refresh sessions should be conducted quarterly to ensure that awareness becomes second nature to everyone. According to the Cyber Centre, human error remains one of the primary causes of cyber breaches.

Training

Organizations need to invest in specialized training for their IT and cyber security staff to stay ahead of cyber attackers and keep up with the latest technologies and standards. Training should also include simulations and exercises to test and improve their cyber response capabilities and establish a baseline for employees.

Testing

Organizations need to conduct regular assessments and audits of their cybersecurity posture and readiness, including vulnerability scans, penetration tests, compliance checks, and risk analyses. Testing should also cover third-party vendors and suppliers who may pose a cyber risk.

AI Solutions

Organizations need to leverage AI solutions to enhance their cybersecurity defenses such as detecting anomalies, automating responses, optimizing processes, and improving decision making. AI solutions can also help organizations gain insights from their data and identify opportunities for improvement.

A Final Thought

While a business can never be fully protected, ensuring you, your employees, and your customers are up to date with the latest cyber security trends and are following proactive approaches to keeping your organization safe, you can significantly reduce the risk of falling victim to easily avoidable cyber exploits.

Optimus SBR’s Technology & Data Services Practice

At Optimus SBR, we have a dedicated Technology & Data services team that’s committed to helping Canadian organizations achieve their cyber security goals and objectives. We offer a range of cyber security services and solutions that are tailored to your specific needs and challenges. Whether you need awareness training, vulnerability testing, AI tools, or anything in between, we have you covered.

Contact us today to learn about how we can help you protect your organization from cyber threats in 2024 and beyond.

Doug Wilson, Senior Vice President and Technology & Data Practice Lead
Doug.Wilson@optimussbr.com

Nas Farzan, Vice President, Technology Services Group
Nas.Farzan@optimussbr.com

References:

¹Global Market Insights Inc. 2019. “Cybersecurity Market Worth Over $300bn by 2024: Global Market Insights, Inc.” Last modified January 16, 2019. https://www.prnewswire.com/news-releases/cybersecurity-market-worth-over-300bn-by-2024-global-market-insights-inc–863930577.html.

²Steve Morgan. Cybercrime Magazine. 2020. “Cybercrime to Cost the World $10.5 Trillion Annually By 2025.” Last Modified November 13, 2020. https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/.

³Communications Security Establishment Canada. 2022. “Canadian Centre for Cyber Security releases National Cyber Threat Assessment 2023-2024.” Last Modified October 31, 2022. https://www.canada.ca/en/communications-security/news/2022/10/canadian-centre-for-cyber-security-releases-national-cyber-threat-assessment-2023-20242.

⁴Communications Security Establishment Canada. 2021. “Ransomware.” Last Modified December 15, 2021. https://www.cyber.gc.ca/en/guidance/ransomwar.

⁵ House Grail. 2024. 15 “Smart Home Statistics in Canada”. Last Updated January 3, 2024.
https://housegrail.com/smart-home-statistics-canada/#6_About_40_of_the_smart_home_market_revenue_ comes_from_the_United_States_and_Canada_Statista_Statista.