A regional health network in Illinois was forced to shut down two rural hospitals last summer, in part due to losses sustained during a prolonged ransomware attack two years earlier. It marked the first time a hospital closing was directly linked to a cyberattack. It probably won’t be the last.
St. Margaret’s Health System filed for bankruptcy protection shortly after closing hospitals. Officials said the organization never fully recovered from the ransomware attack that shut down computer systems for three months in 2021.
It continues the trend of escalating cyberattacks on the healthcare industry, the most-targeted industry in the U.S. The American Hospital Association estimates that 1 in 3 Americans were impacted by a healthcare data breach in 2023, and analysts expect more of the same in 2024.
Along with healthcare, other critical infrastructure sectors such as transportation, energy, utilities, financial services and education are under attack — often by state-sponsored threat actors. For example, an Iran-linked group took control of a municipal water supply in Pennsylvania in November and China-backed hackers targeted the Texas power grid in August.
In addition to escalating attacks on critical infrastructure, here are some of the other cybersecurity issues and trends that are likely to be prominent in 2024:
AI-Powered Attacks
Expect threat actors to leverage artificial intelligence (AI) to craft increasingly sophisticated attacks. AI-powered phishing attacks are particularly worrisome. With AI and machine learning, hackers can create more convincing phishing emails and messages by eliminating many of the traditional telltale signs of phishing attacks, such as spelling mistakes, grammar errors and broken English.
Password Attacks
Credential-stuffing, brute-force attacks and other types of attacks designed to break into password-protected accounts aren’t new, but they are increasing rapidly. Microsoft’s Threat Intelligence team tracked more than 4,000 password attacks every second last year, or roughly 350 million each day. The high-water mark was in April with 11,000 attacks per second.
New Reporting Rules
As of Dec. 18, publicly traded companies operating in the U.S. must disclose “material” cybersecurity incidents to the Securities and Exchange Commission (SEC) within four days. The new rules will require companies to describe the incident’s nature, scope and timing, and the “material impact or reasonably likely material impact” on the company. The new rules may also affect smaller entities in a public company’s supply chain.
Zero Trust
With the rise of remote work and cloud services, traditional network perimeters have become less defined. Zero trust acknowledges that security should not solely rely on network boundaries and assumes that threats can originate from anywhere, including within the organization. In a recent Okta survey of IT decision-makers, 61 percent said they’ve already implemented zero-trust initiatives and another 35 percent said they will soon.
Cybercrime for Hire
There is a rapidly growing cybercrime-as-a-service ecosystem in which threat actors offer tools, expertise and services to aspiring hackers for a fee. The model allows those with little technical proficiency to rent or purchase everything they need to launch large-scale phishing, ransomware and distributed denial of service (DDoS) attacks. One recent study predicts the vast majority of software-based cyber threats will be readily available via a subscription by 2030.
Ongoing Skills Shortage
Roughly two-thirds of U.S. organizations say they are struggling to find, hire, train and keep qualified cybersecurity specialists, and this talent gap is projected to continue indefinitely. Gartner analysts predict that by next year, more than half of all significant cybersecurity incidents will be directly attributable to the scarcity of skilled professionals.
Cyber threats are becoming more complex, frequent and damaging. If you need to close your organization’s cybersecurity skills gap, give us a call. Verteks has developed a portfolio of managed security services that can help you strengthen your defenses in 2024.
