Cyber security trends for 2024

Looking after your charity’s cyber security is an ongoing process. New threats emerge, old ones grow in sophistication, adapting to the world around us and the changing ways we use technology. Cyber criminals have used recent crises as part of their phishing scams, touting fake energy rebates during the cost-of-living crisis and posing as health services during the pandemic, while geopolitical tensions and increasing hacktivism have also posed a risk to organisations online.  

The 2023 Cyber Security Breaches survey, from the Department for Science, Innovation, and Technology, found that around a quarter of charities recalled a cyber breach or attack over the previous 12 months. And charities, in particular, remain a tempting prospect for cyber criminals, housing a wealth of data but with often limited resources to protect it.  

Cyber attacks can occur anywhere charities connect to the internet, including donation platforms, web forms, and cloud services. In 2024, in an increasingly online world, it is critical that charities prioritise cyber security in order to mitigate the threat.  

Below, we explore three cyber security challenges charities might face in 2024, from the growth of artificial intelligence to managing risks from third-parties.  

Browse the Cisco catalogue 

Cyber security challenges for charities in 2024 

Artificial Intelligence  

Artificial Intelligence (AI) tops any trend list in 2024. Advancements in AI technology are happening rapidly, with research suggesting that a quarter of people in the UK had used generative AI as of July 2023. Inevitably, this surge in AI use will have an impact on our online experience and as a result, our cyber security. 

The National Cyber Security Centre (NCSC) has warned about the impacts of Artificial Intelligence on cyber security, suggesting that AI “will almost certainly increase the volume and impact of cyber attacks in the next two years”. The NCSC also says that AI could enhance existing cyber attack tactics and adds that it may even make cyber attacks more impactful “because threat actors will be able to analyse exfiltrated data faster and more effectively, and use it to train AI models.”  

However, AI could also be part of the solution when it comes to cyber security. The NCSC suggests AI could help enhance cyber security resilience through “detection and improved security by design”. Likewise, Michelle Drolet, CEO of cyber security firm Towerwall, points to AI’s analytic capabilities as a potential upside, saying “With cyberattacks becoming more sophisticated, AI’s ability to analyze vast datasets and identify patterns will be pivotal. 

Supply chain risk 

Two thirds of senior compliance professionals cited third-party risk as an area of concern in 2023, according to management firm FTI Consulting. Research from TES found that seven in ten charities outsource some or all of their IT provision, while charities are more likely to have volunteers and employees working on their own devices in a hybrid working environment. With so many different audiences having access to their networks at any one time, it is vital that charities can rely on their cyber security protocols to limit any threats.  

Tools such as firewalls and VPNs can help charities close any vulnerabilities in their network from users. In fact, firewalls and VPNs are a key part of the Cyber Essentials certification’s five core measures to prevent against the most common cyber attacks.  

Firewalls allow charities to block certain incoming and outgoing traffic for your network based on defined security rules, working as a barrier between secured and controlled internal networks and untrusted outside networks. 

Virtual private networks (VPNs) ensure that sensitive data is transmitted without external parties gaining unauthorised access. VPNs use an encrypted connection, which scrambles the data into a secret code that can’t be read by anyone other than the intended recipient. 

Such technology does not need to be expensive for charities. Cisco offers cyber security appliances at a discount to charities on the Charity Digital Exchange, from routers to firewalls and VPNs. You can learn more about Cisco cyber security products here. 

Cyber security training  

As cyber threats become increasingly sophisticated, it is crucial that cyber security training and education keeps pace. The ability to spot potential cyber security threats is the key to preventing them, empowering people to report suspicious activity and avoid clicking on potentially harmful links.  

Paul Baird, Field Chief Technical Security Officer at Qualys, writes: “Insider threats are a leading problem for IT/security teams — many attacks stem from internal stakeholders stealing and/or exploiting sensitive data, which succeed because they use accepted services to do so. In 2024, IT leaders will need to help teams understand their responsibilities and how they can prevent credential and data exploitation.” 

Baird advises avoiding the usual cyber security training techniques, such as videos which can be easily ignored or forgotten, but recommends using humour and memorable tropes alongside simple examples tailored to audiences in specific departments of the organisation.