Q1 of 2024 is already behind us, and while the weather might be improving, the cybersecurity threat landscape certainly is not.

Rapidly advancing AI, evolving scams, and higher-than-usual staff turnover in many organisations have created a perfect storm for cybercriminals, resulting in major breaches and increased vulnerabilities.

At Bob’s Business, we partner with several companies to support organisations through those challenges, develop their security posture, and promote positive outcomes in all forms of cybersecurity challenges.

While we’re the experts on all things cybersecurity education, we’re proud of our partnerships, and so we’re opening the floor to just a handful of our trusted partners for their thoughts on The State of Cybersecurity. Let’s get to meet our panellists:

Meet the panelists

Simon Nicholls, UK VP of Sales at Keepnet Labs

Simon Nicholls is the UK VP of Sales at Keepnet Labs, a company transforming cybersecurity by prioritising the human element through a holistic platform that integrates cutting-edge technology, behavioural psychology, and nudge theory. Simon joined the business as the first VP of Sales and is helping to scale the EMEA operation from the ground up.

Rowan Sinclair, Founder & CEO at Nayaka Security

Rowan Sinclair is the founder and CEO of Nayaka Security, a next-gen security specialist that helps SMEs navigate the wild and wonderful landscape of cybersecurity. With a handpicked suite of leading cybersecurity tools and a focus on education and awareness, Nayaka Security empowers clients to proactively protect their digital assets, forging a secure future for businesses in the digital age.

Karl Greenfield, CEO at Pentest Cyber

Karl Greenfield has been involved in cybersecurity since the 1980s and has led many successful teams and task forces globally, most recently as CEO of Pentest Cyber Ltd; specialising in the provision of Cyber Essentials Plus and high-end penetration testing services, with a focus on providing "result-driven" objective testing services beyond "auto-scans" to a discerning international audience.

We asked them a series of questions about the state of the industry and what they think the future holds for cybersecurity.

What notable cybersecurity threats have emerged or evolved so far in 2024?

Simon: In a similar trend analysis to the Allianz Risk Barometer, we have seen the largest emerging risk in 2024 as mobile devices. Specifically, in this area, there has been an astronomical rise in attacks targeting employees' MFA. Over a period of 90 days, Okta’s network logged approximately 113 million attacks targeting MFA. Email security is a well-developed space in cyber, but mobile device security has fallen behind, meaning it is the go-to attack vector for many hackers in 2024.

Rowan: Automated social engineering incorporating LLM (Large Language Models) via LinkedIn / Teams / Slack. However, traditional click-a-link phishing is still prevalent, with users consistently falling prey. In my inbox, in particular, I've noticed DocuSign, payroll, and faux-supplier phishing attempts.

Karl: The prevalence of AI-augmented techniques in everything including cybersecurity attack and defence can no longer be ignored. The persistence with which the commodity attacks can now be deployed means that any momentary drop in defences for e.g. patching or reconfiguration that would previously be well covered by “good luck alone” can now be enough to result in compromise.

What innovative approaches or strategies are being used to improve cybersecurity awareness and promote a security-conscious culture within organisations?

Simon: Behavioural-based learning is a key element of a solid human risk management strategy in 2024. A blanket approach to improving cybersecurity awareness isn’t sufficient. Our clients are specifically interested in tracking user behaviour across all known attack vectors and training the users that need it most with targeted and tailored training to their knowledge gaps.

Rowan: As the average staff age staff decreases (or we get older), the importance of shorter, bitesize content is important to trap attention spans. On-the-spot training with email security solutions like Tessian or Egress has also helped increase security awareness.

Karl: Blending several approaches together as a bespoke “force multiplier”. PTC’s “Cyber-Capability-As-A-Service” combines pen-testing with managed accreditation. Cyber Essentials Plus is a favourite since NCSC reported 50% uptake increase in a year. Add the need to build, maintain and monitor cybersecurity culture tailored to each environment. We use Bob’s Business’ strengths to convey subjects clearly, to the largest audience. Key to our needs is the integral automation of admin tasks, scheduling and deployment of learning opportunities against organisational deadlines.

How can organisations better prepare and adapt to the evolving cybersecurity landscape?

Simon: Knowledge is preparation. Immersing yourself in the new advancements in cybersecurity will help keep companies 1 step ahead. Attending well-respected events and a select number of webinars/round tables with topics that align with the overall security strategy is the best way to keep abreast of these developments in the most time-efficient way.

Rowan: Constant surveillance such as automated pen-testing solutions, rigorous IDAM, advanced inbound and outbound email security, and, of course, a fully managed user awareness training so IT teams don't drop the ball on creating a security awareness culture.

Karl: Start by deploying basic defences such as those inherent in gaining “Cyber Essentials Plus”.“Work up” bespoke to your situation, either by your own organisation’s design or in consultation with an expert such as PTC. Remember no two networks are the same so you must tailor your approach to your unique circumstances. One size, and very rarely, one product seldom “fits all”.

What cybersecurity trends and challenges do you anticipate for the remainder of 2024 and beyond?

Simon: Consolidation is a real trend amongst CISOs. With more security tools than ever on the market, CISOs have the challenge of building a robust toolkit for their security teams without the need for them to log in to multiple different platforms every day to do their job effectively. Identifying top-class consolidated solutions to help resolve this issue and reduce overall security spend will be a challenge and trend this year.

Rowan: As a trend, more security for Kubernetes-based businesses and an increased number of solutions incorporating quantum-resistant algorithms. On the challenge side, security continues to be ROI deficient at an SME level meaning continued difficulty demonstrating its value to senior management until ultimately the organisation is hit by a data breach.

Karl: AI will continue to change things in ways that we can only presently imagine. High-skilled, experienced personnel will remain essential and will become even more scarcely available when needed. New geopolitical developments will continue as a vector for “baddies” to seek to exploit us. The good news is that by taking a structured and measured approach to deploying basic defences, we can continue to protect ourselves effectively.

Partner with Bob's Business

Eight in ten businesses say that cybersecurity is a high priority for their management boards. Bob’s Business offers a range of solutions designed to reduce their risk of breaches by up to 74%.

With generous compensation, hands-on support and unique differentiation in the market, we're the best choice for companies looking for a trusted partner within the cybersecurity education space.

Learn more and book in time for a partnership chat here.