The average number of days taken by cyber criminals to execute a single attack has moved from around 60 days in 2019 to four today, the World Economic Forum says.
In its recent cybersecurity trends update for the year 2024, the lobby attributes the development to the fast-growing Artificial Intelligence (AI), which potentially, is increasing the number and frequency of attacks.
“Threat actors are already using AI-powered language models like ChatGPT to write code. Generative AI is also helping the less proficient threat actors create new strains and variations of existing ransomware, increasing the number of attacks they can execute,” the lobby says.
“We, therefore, expect an increased utilisation of AI by malicious actors in the future, necessitating even stronger cybersecurity measures.”
The lobby also expresses concern over the increasing number of people owning smart phones, tablets and laptops, terming it an attractive combination for cybercriminals.
During the pandemic, many organisations enabled new ways of accessing their corporate network via private devices, without the need for multi-factor authentication, a move the lobby says resulted in several successful cyberattacks.
“Criminals are now targeting mobile devices with specific malware to gain remote access, steal login credentials, or to deploy ransomware,” WEF says.
It adds that personal devices tend to have less stringent security measures, and utilising public wi-fi on such devices can increase their vulnerability, including exposure to phishing attacks via social media.
It further cautions that the 5G technology rollout is also an area of potential concern if not managed appropriately, given it will power even more connected devices, including sophisticated applications, from driverless cars to smart cities.
Picturing the looming increased cyber threats on the back of AI and digitisation, is the worrying resurgence in ransomware and extortion losses.
WEF says the proportion of cases in which data is exfiltrated globally, increases year-on-year, moving from 40 per cent in 2019 to over 77 per cent in 2023.
In Kenya, the latest data shows the number of cyber threats recorded an increase in the three months to December, with more than 1.2 billion cases reported.
This is from 123 million threats detected in the previous quarter, representing a 943 per cent jump.
The Communications Authority of Kenya attributed the increase to the enhancement of the country’s cyber threat monitoring capabilities, and the increased exploitation of ‘system vulnerabilities’ fuelled by increased deployment and use of Internet devices.
Malware, brute force, web application and mobile application attacks stood at 13.2, 9.7, 0.07 and 0.05 million cases, respectively.
Even so, the lobby further alarms the growing shortage of professionals in the ICT sector, saying the trend will increasingly complicate cybersecurity efforts.
“The current global cybersecurity workforce gap stands at more than three million people, with demand growing twice as fast as supply. We predict that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025,” WEF says.
by ALFRED ONYANGO