Take a Virtual, Interactive Tour 

Cyber Security

  |  
8 Min Read

The Current State of Cybersecurity - Fall 2024

Has the cyber landscape changed in the last five years? Yes and no. Let's discuss.

While Artificial Intelligence (AI) technology isn't new, its widespread adoption through readily available Large Language Models (LLMs) such as ChatGPT and Gemini has streamlined both the learning and application of cyber threats across the entire spectrum of cyber-based technologies. Despite efforts by AI model authors to curtail explicit guidance for criminal activity, creative solutions through prompt engineering and home-grown models enable users to fast-track the development and use of exploits, especially zero-day vulnerabilities, at an increasing and alarming rate.

Ransomware as a cyber tool used to exploit individuals and high-value targets alike, has seen significant growth in the last five years. While not new (recall the WannaCry attack in 2017), ransomware is now more sophisticated and easier to use through exploit kits and Ransomware-as-a-Service (RaaS) offerings, further enabling cyber as a force for harm. Recent statistics show a half a billion ransomware attacks detected in 2022 alone, with the average ransom payment rising to $1.85 million in 2023 (Varonis, 2024).  Additional sources cite 72.7% of all organizations globally fell victim to a ransomware attack in 2023 (Cobalt, 2023).

Although the COVID-19 pandemic appears to be in the rearview mirror, we continue to cite it as a force of change in all facets of life. The landscape of cybersecurity is no exception. As many organizations shifted to remote work, disrupting remote-enabling technologies became a focal point for exploitation. The expansion of these techniques is expected to continue despite the growing trend to return workers to the office. In fact, a recent study illustrated on average a cyber attack occurring every 32 seconds throughout 2023 (Cobalt, 2023) with remote work being a significant contribution to the vulnerabilities exploited.

Larger and more frequent data leaks seem to be largely desensitizing the public to the loss of personal sensitive information. In many ways, we appear to be moving from "trust but verify" to "zero trust" to "zero privacy". Regulations such as General Data Protection Regulation (GDPR) enforced by the European Union have largely improved data security requirements for our European counterparts and those conducting business overseas, but the US continues to lag in setting similar standards stateside. However, the proposed American Data Privacy and Protection Act (ADPPA) shows promise in addressing this gap.

 

1123_SOC-Bunce9

Each of these examples highlights the evolution of cyber exploitation, and it's certainly notable that security researchers are equally at task in identifying solutions. Nations are developing coalitions to cooperatively combat cybercrime. But at the heart of today's cyber landscape are nation-state endorsed cyber threats.

In a war that has largely become an afterthought for many Americans, the future of cyberwarfare is playing out in real time. As common as missiles and bullets, attacks on cyber infrastructure in Russia and Ukraine are laying the foundation for expectations in war for years to come. The NotPetya attack of 2017, initially targeting Ukraine but spreading globally, serves as a stark reminder of the potential collateral damage in cyber conflicts.

While supply chain attacks have been a technique for exploiting enemy weaknesses nearly as long as war itself, Israel's leverage of this ancient technique to implant devices with explosives and coordinate remote detonation is strikingly impressive and alarming in the same breath. This demonstrates the evolving intersection of physical and cyber warfare.

In the age of technology, evolution isn't an expectation; it's directly woven into the fabric of all things. The nature of cybersecurity and exploitation, and the principles that drive security at large, have changed very little over the last five years (or twenty, for that matter). However, the speed, scope, and delivery of threats and security responses drive the constant shift of the cyber landscape we can expect to see for the foreseeable future. 

Looking ahead, emerging technologies like quantum computing pose both new threats (potentially breaking current encryption methods) and opportunities (quantum-resistant cryptography) for cybersecurity. Additionally, the growing Internet of Things (IoT) ecosystem continues to expand the attack surface, necessitating new approaches to security in an increasingly connected world.

Want to learn more? Check out UAT's suite of Cyber security degrees here.

References

Varonis. 2024. Ransomware statistics, data, trends, and facts [updated for 2024]. https://www.varonis.com/blog/ransomware-statistics

Cobalt. 2023. Top Cybersecurity Statistics for 2024.  https://www.cobalt.io/blog/cybersecurity-statistics-2024

Comment

Sixth Day of Techmas: Six-Degree Suites

On the sixth day of Techmas, we’re spotlighting the six-degree suites at University of Advancing Technology (UAT). These distinct yet interconnected areas of study define the innovative, hands-on ...

Fifth Day of Techmas: Five Cybersecurity Facts

As the Twelve Days of Techmas continue at University of Advancing Technology (UAT), we spotlight cybersecurity—a rapidly growing field that protects our digital world. UAT’s Cybersecurity degrees, ...

The Second Day of Techmas: Two Top Tech Trends of 2024

As we continue the Twelve Days of Techmas at the University of Advancing Technology (UAT), we’re exploring two of the most exciting tech trends set to define 2024. These innovations are reshaping ...