2024: The Cybersecurity Landscape in Ireland and the UK

October 2024 is cybersecurity month, so it’s an ideal time to review the cybersecurity landscape, along with the trends and threats organisations can expect in the coming year.

Globally, both 2023 and 2024 have been significant years for cybercrime with major attacks including the theft of US state department records, the DarkBeam data protection lapse, the Royal Mail ransomware attack and the MOVEit data theft.

Costs of attacks such as these are predicted to reach US$23.84 trillion by 2027. Clearly, cybersecurity threats are on the rise, they’re becoming more sophisticated and they’re causing more damage. And while this is happening across the entire world, two of the countries most at risk are the UK and Ireland.

Ireland is seeing more than its share of cyberattacks. The HSE ransomware attack of 2021 might be a distant memory, but a survey from CWSI the following year revealed that 54% of Irish companies had experienced a cyberattack – the highest level in Europe.

Things haven’t improved much since then. Ireland remains increasingly vulnerable due to more sophisticated attacks, such as the use of AI technologies by bad actors. In 2024, according to Jan Carroll, founder of Fortify Institute, a cybersecurity training firm, the cyberthreat landscape is more ‘complex and aggressive’ than ever.

PwC’s 2024 Irish CEO survey revealed that 90% of organisations believe their organisation is exposed to cyber risks. Furthermore, while cybersecurity budgets are rising, they aren’t rising to the extent that they are elsewhere in the world – 69% of Irish respondents are increasing their budgets, compared to 80% of their global peers.

In the UK, the National Cyber Security Centre (NCSC) also highlights an increasingly unpredictable threat landscape, particularly in relation to critical infrastructure such as utilities, communications, transport, financial services and connectivity. In fact, the UK is currently the third most targeted country in the world after the US and Ukraine. 23% of businesses and 24% of charities were targeted during 2023.

Financial services provider, Allianz, in its most recent report said that cyberattacks are the biggest single risk to businesses in the UK in 2024. This is backed up by Microsoft report that found that 87% of UK businesses are either ‘vulnerable’ or at ‘high risk’ of a cyberattack. According to a report by cybersecurity company, Techforce, that’s 2,814 incidents and 8,214,886,660 breached records.

So where are the threats coming from and how are organisations tackling the problem?

Artificial intelligence – The availability of AI technologies is fuelling much of the growth in ransomware, phishing and social engineering attacks. Real-time cloning software is already able to use AI to swap a video-caller’s face and voice with someone’s else. Businesses must adapt by using AI and ML to identify potential attacks.

Cloud vulnerabilities – As more organisations migrate to the cloud, we’re seeing more issues appearing. 39% of data breaches in the UK were linked to cloud misconfigurations and vulnerabilities. In response to this, the NCSC has launched an initiative known as ‘Secure by Design’ to encourage organisations to adopt more vigorous cloud security practices.

Cyber extortion – 48% of companies have experienced cyber extortion in 2024, making this type of attack more common than ransomware. Cyber extortion is a broader form of cybercrime threatening to harm a victim by threatening to expose data – unless a ransom in paid.

Securing endpoints – With remote working, securing endpoints, including IoT devices, has become increasingly complex. Traditional endpoint security measures are no longer enough. Now there is a shift towards Extended Detection and Response (XDR) solutions. XDR offers a unified response by integrating multiple security tools across security layers improving the speed and accuracy of threat detection.

Voice infrastructure – As more businesses move their voice communications to VoIP and other digital platforms, these too are coming under increased attack, as cybercriminals identify and target vulnerabilities. Cian Maher, Head of Voice Technology and Infrastructure at DigitalWell says voice security is often overlooked:

‘Companies need to realise that VoIP systems transmit data over the Internet, which means it’s just as vulnerable as standard network data. A robust voice security strategy should be a critical component of maintaining business integrity.’

As a result, we will see more companies turning to solutions specifically designed to protect voice infrastructure, such as siprotect from DigitalWell.