2024 is well underway, and now is an excellent time to look at what advancements and challenges we can expect to see throughout the coming year. As cyberattacks increase in sophistication, AI and new regulations seem poised to dominate the conversation for 2024. The Nordics cybersecurity market was estimated at 12 billion USD, with expectations to grow drastically over the next five years. The year is expected to be marked by innovations and increasingly advanced cyberattacks globally. The landscape is known for its strong focus on data privacy and technological advancements while battling increasingly severe cyberattacks. Let us look at some of the challenges and opportunities we can expect to see in the coming year.
1 – Attacks On Critical Infrastructure To Continue
European regions face an increased risk of cyberattacks targeting their critical infrastructure in 2024, especially those in the energy sector which proves problematic as power generation and distribution is not only more connected than ever before but also more complex than ever. There was over a 100% surge in cyberattacks against industrial operations including attacks against both the IT and OT networks over the last year, most of which stemmed from Ransomware. This industry is vital for the EU’s economic stability, and increasing geo-political tensions make it a key target for nation-state attacks. We have also seen one of the most significant cyber attacks on record in Denmark, where attackers connected with Russia executed highly sophisticated attacks against the country’s energy infrastructure. Attacks on hospitals and airports were faced in response to alleged geo-political situations in Denmark and Sweden. We have also seen that the main targets for critical infrastructure attacks outside of energy include manufacturing, transportation, public services, and telecommunications – all of which provide fundamental resources globally. Ransomware also remained a significant threat, with some countries like Finland and Sweden witnessing a fourfold increase in Cyberattacks after applications to join NATO. Given these trends, we can expect external actors to continue to cause widespread chaos and disruption by targeting critical infrastructure. The Nordic and European regions must prioritize the Cybersecurity of these crucial assets and improve their cyber resilience against such attacks.
2 – AI-Powered Cyberattacks
It is impossible not to mention Artificial Intelligence (AI) in a talk about 2024, with organizations and governments racing with each other in the AI arms race. Generative AI like ChatGPT has added audio/visual capabilities and Custom GPTs, showing that autonomous AI is almost upon us. AI will continue to be a double-edged sword as cyber-criminals leverage its capabilities to improve the sophistication of their attacks. AI-powered deepfakes that impersonate voices and videos of trusted individuals will become more mainstream as attackers enhance their cybercrime capabilities with the power of AI. Tools like FraudGPT have already demonstrated the power of Generative AI for crafting deceptive campaigns and phishing attacks to facilitate cyberattacks. Companies in the region will need to overhaul and update their security awareness progress and incident response plans to prepare for these threats as we are currently seeing with Finland, who are planning to increase their cybersecurity defenses in the 2024 national budget by 30%. AI-powered security tooling will also help to identify tell-tale signs of AI-generated content in audio and video, complementing user awareness.
3 – A more Complex Regulatory Landscape
2024 will be a landmark year for cybersecurity regulations with frameworks like the NIS2, IT-SiG 2.0, eIDAS 2.0, CER Directive, DORA, AIA, CRA, and others aimed at creating a more resilient framework against cyberattacks. The NIS2 directive entered into force in January 2023 and is designed to enhance the cybersecurity posture across the EU by focusing on sectors like energy, water, transport, etc., This particular regulation closely ties in with our trend #1 from above, which focuses on critical infrastructure – and requires a robust and cohesive risk and incident management system. The upcoming EU AI Act is expected to be a landmark moment for AI and has the same impact on AI safety and governance as the GDPR did on data regulation. We can expect clauses of the act to be reflected in similar legislations across the globe as governments align with the new regulation. DORA has already made waves throughout the financial services industry throughout the Nordics, and broadly Europe, as it is requiring (in many cases) a significant effort to reach compliance. By creating a common Digital Resilience Framework, financial services entities shall be able to return to business as usual with more ease in the event of a hindering event. As these regulations on cybersecurity and data privacy continue to intensify, organizations must not only comply, but also embrace these frameworks as catalysts for enhancing overall cybersecurity resilience.
4 – Navigating IoT Cybersecurity Challenges
Over the last few years, we have seen many organizations throughout the Nordics grapple with the escalating threat landscape of IoT cybersecurity risks, with now over 30 billion IoT devices currently in circulation – creating a vast attack surface. Various incidents have demonstrated vulnerabilities across sectors including manufacturing, healthcare and technology due to the complexity of networks (including companies, equipment, devices and software). This complexity benefits cyber attackers, and it also reinforces the importance of maintaining an SSDLC across all stages of a product’s lifecycle. Automotive, Consumer, Healthcare, Smart Cities, Industrial and Manufacturing IoT devices have been on the rise – specifically in the innovation hub of Sweden, which requires more diligent cyber practices throughout. Simple protection will further need to be leveraged such as secure-boot, network segmentation/isolation and secure-update to mitigate against common vulnerabilities found in smart-devices. The IoT landscape is set to evolve this year with new and emerging threats. It is crucial to be aware of these risks and appropriately secure IoT devices and networks, as humanity looks for new and improved ways for everyday living.
5 – Supply Chain Security
2023 proved to be a tumultuous year regarding Supply Chain security, with the Nordic and European regions facing significant issues due to the global geopolitical climate. A rise in cyber attacks followed the Russian invasion of Ukraine, with the NSA warning that ransomware was being used to disrupt the supply chain of countries supporting them. We also saw the MOVEit cyberattack impacting thousands of companies across the globe, with third-party software proving to be a significant blind spot in most company’s cybersecurity defences. Further, the vulnerability found in Jfrog Artifactory throughout Microsoft was exploited back in February of last year- proving that even our tech giants are not immune to software supply chain cyberattacks. The Nordics and European regions must embed cyber resilience within their strategies to ensure cybersecurity incidents from third parties do not disrupt critical business operations. This will mitigate the direct impact and help minimize the domino effect of cascading issues arising from supply chain security compromises.
The Way Forward
To summarize, 2024 is shaping to be another exciting year in Cybersecurity. It will be characterized by more sophisticated cyberattacks, threats to critical infrastructure, and more complex legal frameworks to navigate. Underscoring it all will be the continued rise of AI as a tool for and against cyberattacks. While the landscape may look grim, increased collaboration amongst Nordic countries (such as NORDEFCO) will help provide improved responses and coordinated strategies against such attacks.
The evolving threat landscape requires continuous innovation in various defensive strategies, new technologies including machine learning and behavioral analytics, collaboration across industries, and investments in cybersecurity education are essential pillars for fortifying the Nordic region’s defenses against emerging cyber threats.
How We Can Help
Our firm can help you navigate this complex landscape with our diverse array of services which include Cyber Resilience, Identity and Access Management (IAM), Privilege Access Management (PAM), Operational Technology (OT) Security, Zero Trust architectures, Cyber Audits, Third-Party Risk Management (TPRM), and Data Privacy and Protection.
Our Cyber Resilience services can help you strengthen your ability to withstand the most advanced cyberattacks like ransomware and other events that disrupt business operations. We can help you design Zero Trust Architectures to guard against threats to critical infrastructure and internal networks. Additionally, our firm excels in Digital Identity solutions, empowering organizations to strengthen their digital perimeters, streamline access controls, and enhance overall security posture through tailored IAM and PAM solutions. Our expertise in cybersecurity audits and third-party risk management can help you become compliant with an increasingly complex regulatory landscape. No matter your requirements, our firm is well-equipped to provide comprehensive cybersecurity services to address your needs. Reach out – to see how we can help you!