Cyber security is no longer a luxury, but a necessity for small and medium businesses (SMBs) in the digital age. According to a recent report by Verizon, the average cost of cybercrime for SMBs will rise by 15% to $10.5 trillion1. Moreover, SMBs are more likely to be targeted by cybercriminals than larger enterprises, as they often lack the resources and expertise to defend themselves effectively.
As we enter 2024, the cyber threat landscape is expected to evolve and become more complex, posing new challenges and opportunities for SMBs. Here are some of the key trends and predictions that SMBs should be aware of and prepare for in the coming year.
“We anticipate a rise in cybersecurity investments among SMBs in 2024. The main driver will be obligations and security standards imposed by their customers whether those customers are businesses or consumers. Businesses will ask SMBs to comply with specific requirements, especially data privacy in order to use their services. Any threat or incident will affect their reputation. The integration of cybersecurity into business operations is becoming more prevalent and cost-effective, thanks to the expanding use of cloud services, AI, and machine learning.”
Ransomware Attacks Will Continue to Rise
Ransomware, a type of malware that encrypts the victim’s data and demands a ransom for its release, has been one of the most prevalent and damaging cyber threats in recent years. In 2023, ransomware attacks on SMBs and Enterprises increased to 46% globally. According to Opentext Cybersecurity Ransome Reality Check 2023, nearly 90% of SMBs are worried about ransomware.
In 2024, ransomware attacks are expected to continue to rise, as cybercriminals leverage more sophisticated techniques and tools, such as ransomware-as-a-service (RaaS), double extortion (when data is both encrypted and threatened to be made public), and encryption of cloud data. SMBs are particularly vulnerable to ransomware, as they often lack adequate backup and recovery systems, and may be tempted to pay the ransom to avoid business disruption and reputational damage. However, paying the ransom does not guarantee the restoration of data, and may encourage further attacks.
To protect themselves from ransomware, SMBs should implement a comprehensive and multi-layered cyber security strategy, which includes:
- Regularly updating and patching their systems and applications to prevent exploitation of known vulnerabilities.
- Educating their employees on how to recognize and avoid phishing emails and other social engineering tactics that may deliver ransomware.
- Implementing strong authentication and access control measures to prevent unauthorized access to their networks and data.
- Backing up their data regularly and securely, both on-site and off-site, and testing their restore capabilities.
Having a ransomware incident response plan in place, which outlines the roles and responsibilities of the key stakeholders, the communication channels, and the recovery steps.
“We observe two main things happening, on one side, the potential for more attacks will increase. Criminal Hackers are starting to automate more and use AI to their advantage. Unprotected businesses pose an easy target. Even a small business can generate a hefty profit from a ransomware attack – especially because they’re unprepared in the event of an attack.
On the other hand, we’re observing attack surface complexity increase. More systems mangled together mean more potential for exploitation. This isn’t limited to big organizations exclusively – small businesses also rely on third-parties which contain vulnerabilities, meaning they themselves are at risk.”
Cloud Security Will Become a Top Priority
The COVID-19 pandemic accelerated the adoption of cloud computing by SMBs, as they seek to enhance their agility, scalability, and resilience in the face of uncertainty and disruption. In 2023, 63% SMB workloads end up being hosted in the cloud as well as 62% of SMB data.
However, moving to the cloud also introduces new cyber security risks and challenges, such as data breaches, misconfigurations, unauthorized access, and compliance issues.
In 2024, cloud security will become a top priority for SMBs, as they seek to leverage the benefits of the cloud without compromising their security and privacy. SMBs should adopt a shared responsibility model, which recognizes that both the cloud provider and the cloud user have roles and obligations in ensuring the security of the cloud environment. SMBs should also follow the best practices for cloud security, such as:
- Choosing a reputable and trustworthy cloud provider that offers robust security features and guarantees.
- Reviewing and understanding the terms and conditions of the cloud service agreement, especially the security and privacy policies and the service level agreements (SLAs).
- Configuring and managing their cloud resources and services according to the principle of least privilege, which grants the minimum level of access and permissions required for each user and function.
- Encrypting their data in transit and at rest, and managing their encryption keys securely.
- Monitoring and auditing their cloud activities and events, and using tools and services that provide visibility and alerts on potential threats and anomalies.
“Small and medium businesses (SMBs) are adopting cloud services to gain scalability, cost savings, and performance by moving data, apps, and IT systems from on-site servers to cloud platforms.
With increased cloud usage, SMB attack surfaces expand as more cloud service entry points can be exploited for unauthorized access, elevating data breach risks.
Complex cloud migrations can overwhelm limited SMB IT skills, leading to misconfigurations that inadvertently create security gaps and expose sensitive data.”
While adopting cloud services transfers some security responsibilities to providers, SMBs retain responsibility for securing data, apps, identities – requiring ongoing vigilance.
Artificial Intelligence Will Enhance Cyber Security and Cyber Attacks
Artificial intelligence (AI) is a branch of computer science that enables machines to perform tasks that normally require human intelligence, such as learning, reasoning, and decision making. AI has been increasingly applied to various domains and industries, including cyber security, where it can help to automate and improve the detection, prevention, and response to cyber threats.
For example, AI can help to analyze large volumes of data and identify patterns and anomalies that may indicate a cyber attack. AI can also help to generate and update security rules and policies based on the changing threat landscape and the specific needs of the organization. AI can also help to orchestrate and coordinate the actions of different security tools and systems, and provide recommendations and guidance to the security teams and users.
However, AI can also be used by cybercriminals to enhance their cyber attacks, such as:
- Generating realistic and convincing phishing emails and websites, using natural language processing and generative adversarial networks (GANs).
- Bypassing security defenses and controls, such as biometric authentication and captcha, using image and voice recognition and synthesis.
- Evading detection and analysis, using adversarial machine learning and polymorphic malware.
- Automating and scaling up their attacks, using botnets and swarm intelligence.
- In 2024, AI will play a dual role in cyber security, as both a friend and a foe. SMBs should embrace the opportunities and benefits that AI can offer for their cyber security, while also being aware of the risks and challenges that AI can pose for their cyber security. SMBs should also adopt a human-centric approach to AI, which ensures that the human users and operators are always in control and accountable for the AI systems and outcomes.
“With the accelerated adoption and application of AI, it is becoming increasingly difficult to distinguish real from fake, thus we face an increasing number of incidents related to phishing and data leakages. Companies are seeking ways to ensure trustworthy and secured digital operations and exchange of information. Adoption of trust services such as regulated digital identities, e-signing, e-sealing of data will face accelerated adoption both by individuals and companies to address cyberthreats.”
Cyber security is a dynamic and evolving field, which requires constant vigilance and adaptation by SMBs. In 2024, SMBs will face new and emerging cyber threats, as well as new and emerging cyber solutions. SMBs should stay informed and updated on the latest cyber security trends and predictions, and take proactive and preventive measures to protect their data, assets, and reputation. SMBs should also seek professional and expert assistance and guidance, when needed, to enhance their cyber security posture and resilience.
“As global regulations tighten in 2024, SMEs are cornered into an unavoidable decision: elevate cybersecurity standards or be prepared to shut their doors. This isn’t just a warning, it’s the harsh new reality of the digital age. Compliance has shifted from being optional to a matter of existential importance. Our experience with over 100 clients isn’t just confirming this – it’s screaming it. Here’s the kicker: the real threat to SMEs isn’t just the law; it’s their own customers, especially the big enterprise players. We’re seeing a growing trend where enterprises don’t just request, but demand and enforce high security standards, ready to cut ties with anyone who doesn’t measure up. In this new world, failing to prioritize cybersecurity doesn’t just risk fines – it risks your entire business relationships and market presence.”
About the Author: Farid Singh is the General Partner for the Cybersecurity Fund at Startup Wise Guys. As leader of Wise Guys Cyber, he is also the Program Director for our Cybersecurity Acceleration Programs. The accelerator program is aimed at elevating B2B cyber startups by giving them personalised guidance to transform their businesses.
