Spotlight on cybersecurity: 10 things you need to know in 2024

In January, the World Economic Forum's Global Risks Report 2024 found that cyber insecurity is a global risk over multiple time horizons, with cyber risks such as malware, deepfakes and misinformation threatening supply chains, financial stability – and democracy.

In the same month, the Forum’s Global Cybersecurity Outlook 2024 warned that the “same attack vectors that have been employed by cybercriminals are still being used; however, new technology paves the way for nefarious activity.”

Since then, we have seen misinformation and deepfakes become ever-more ubiquitous, sometimes involving high-profile individuals and leading to significant financial scams, while everything from the Olympics to global financial institutions has been the target of cyber-attacks.

As the world grapples with an era of artificial intelligence (AI)-generated disinformation and misinformation and heightened cyber risks, here are 10 headline events and stats you need to know about global cybersecurity in 2024.

Last month, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting, a joint public service announcement to reassure voters.

It did note, however, that in previous US and foreign elections, “malicious actors have sought to spread or amplify false or exaggerated claims about cyber incidents in an attempt to manipulate public opinion, discredit the electoral process, or undermine confidence in US democratic institutions”.

But, it went on: “As of the date of this report, the FBI and CISA have no reporting to suggest cyber activity, to include ransomware, has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of vote tabulation or voter registration information.”

During the two weeks of Olympic events in Paris, French authorities reported more than 140 cyberattacks – but none disrupted the events.

Between 26 July and 11 August, France's cybersecurity agency ANSSI recorded 119 low-impact security events and 22 incidents where malicious actors targeted information systems, according to AFP.

The attacks primarily affected government entities, sports, transport and telecoms infrastructure, ANSSI said.

Additionally, the Grand Palais and around 40 other French museums experienced a ransomware attack in early August, which did not affect Olympic systems.

In June, the Forum reported on the “unprecedented level” of cyber threat the Olympics faced.

In May, the FBI dismantled a network of 19 million computers across almost 200 countries that had been infected with malware.

These ‘zombie devices’, collectively known as 911 S5, were thought to comprise the world’s largest botnet. The operator sold access to these devices to enable billions of dollars of financial fraud, identity theft, bomb threats and access to child exploitation materials around the world.

Read our full write-up of the arrest operation the FBI described as something “ripped from a screenplay” and more on how the Forum’s Centre for Cybersecurity is working to drive public-private action against cybercrime.

The world is facing a big cyber skills gap, with a global shortage of nearly 4 million cyber professionals, according to the Centre for Cybersecurity. At the same time, almost 90% of organizations experienced a breach in the last year, which they can partially attribute to a lack of cybersecurity skills. So how can we close this gap?

The Forum’s Strategic Cybersecurity Talent Framework, published in April, advocates for a multi-pronged, collaborative approach to closing the skills gap. The framework serves as a reference for public and private decision-makers committed to developing and nurturing cybersecurity talent across their respective sectors.

In July, businesses and governments worldwide were disrupted by a major IT outage affected 8.5 million Microsoft Windows devices and caused widespread disruptions to airlines, banks, broadcasters, healthcare providers, retail payment terminals and cash machines globally. The outage was caused by a flawed update to a cloud-based security software of CrowdStrike, one of the leading cybersecurity companies.

It was a stark reminder of the importance of cyber resilience in an increasingly digital world, write William H. Dutton, Oxford Martin Fellow, University of Oxford and Luna Rohland, Specialist, Cyber Resilience, World Economic Forum.

Jurgen Stock, Secretary General of INTERPOL, highlighted the connection between cybercrime and human trafficking when the Global Cybersecurity Outlook was launched.

“What we clearly see is a relation between internet activities and human trafficking,” he told the Forum.

“Very often the most vulnerable in our societies are invited to follow job offers that are being provided through emails or social media and then those victims found themselves in slavery.”

Watch the full video:

Cyber-attacks in the financial sector pose a serious threat to global financial stability, a report from the International Monetary Fund (IMF) warned in May.

In the past two decades, almost one in five reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms, according to the IMF’s Global Financial Stability Report. Since 2020, direct losses amounted to an estimated $2.5 billion.

"While largely recognized as leaders from a cyber maturity standpoint, financial institutions are as vulnerable to steady increase in the frequency and sophistication of cyberattacks as any other sector," said Akshay Joshi, the Head of Industry and Partnerships at the Forum's Centre for Cybersecurity.

In March, INTERPOL released its Global Financial Fraud assessment, which found that technology is "enabling organized crime groups to better target victims around the world".

Criminals, it said, were increasingly using deception strategies like ‘pig-butchering scams’, where fraudsters gain the trust of victims before stealing from them.

Read our blog for a full explanation of the term, which references fattening up a pig ready for slaughter.

Much has been written about how AI has been used to create deepfakes and spread disinformation, as well as its potential to augment the effectiveness of cyberattacks.

But the impact of these attacks can be offset by using AI technologies to enhance cyber defence capabilities, write Giulia Moschetta, Research and Analysis Specialist, Centre for Cybersecurity, World Economic Forum and Joanna Bouckaert, Community Lead, Centre for Cybersecurity, World Economic Forum.

Harnessing the advantages brought by AI will require global public-private cooperation to ensure its applications can be translated equitably and securely across society.

Back in February, an international law enforcement task force called Operation Cronos took down the world’s “most harmful cyber group”, LockBit.

Read here about how the operation, led by the UK’s National Crime Agency and the US FBI, exposed the operations and capabilities of the group, and made two arrests.

The Forum’s Cybercrime Atlas provides a platform for cybercrime investigators to generate actionable insights into cybercrime networks using open-source research.