Cybersecurity firms are sounding the alarm about a rise in almost all malicious activities. But which threat is the most dangerous? Is it highly resourced nation-state actors, aiming to score geopolitical points on the world stage? Criminal gangs running ransomware, malware, and infostealer scams? Or could it be just the simple negligence of big tech? The Cyber pros on Reddit seem to have a unique view.
In a recent thread on the Cybersecurity community (r/cybersecurity subreddit), Kapildev Arulmozhi, a tech expert with more than 17 years of experience in software, asked: ”What are the biggest cybersecurity threats this year? Any new trends or attacks we should know about?”
And the most upvoted answer, with 882 upvotes, far ahead of any other, was this:
“Users... Untrained, unaware, unprepared... Users!”
Many shared the sentiment. “Bob in accounting” was to blame. One user bluntly stated: “You can have the highest, most secure network stack in the world configured with every security product/license in the book, and people will always be the #1 weak link.”
Cyber pros struggle to understand why cybersecurity basics are so hard for casual computer users.
“Literally, had to train the entire company on not clicking phishing links from both email and text messages. I mean, how oblivious do you have to be,” one Redditor responded.
Jokingly or not, some admitted trying to set a password to 12345, which is still one of the most popular passwords.
Generative AI introduces more risks
The second most upvoted threat (207 upvotes) was voice duplication technology, which apparently has improved significantly.
“I'd suspect a rise in malicious activities using easily clonable voices. Especially since it can start speaking in a matter of two or three seconds,” one security architect shared.
Many argue that voice duplication, while having the potential to become the most significant threat, is still not there in 2024. There haven’t been that many scams using this technology recently.
“I still think the largest threat is phishing – simple yet effective,” one user argued.
A recent CrowdStrike outage, which disrupted 8.5 million Windows systems worldwide, was also considered.
“Untested/negligently testing content-updates for EDR deployed with the “full-send” methodology on a Thursday evening/Friday morning,” this answer got 172 upvotes.
With 132 upvotes, the fourth-place answer was from a security analyst who doesn’t see “any unique new threats” in 2024 compared to the previous couple of years.
“Stolen creds and authentication-related cyberattacks (spraying, stuffing, brute force) will most likely still be at the top,” the expert said.
Threats related to generative AI were in fifth place by upvotes.
“We already got blast radius and some of the first round of AI social engineering attacks. This year is gonna be spectacular,” one community member said.
Other users warned that deep fakes can be used to trick users into giving up sensitive data and login information or even transferring money to foreign accounts.
“It's not that hard to impersonate a CEO now, given that there are usually plenty of recordings for them to use for training.”
Some feared that foreign actors may sow chaos and division in light of the upcoming US elections. Other notable mentions were automated disinformation campaigns, phishing, business email compromise, or even the trend of the “entire world moving to a single Cloud provider.”
There was also a cyber pro who pointed a finger at colleagues, who may also be a threat.
“Cybersecurity departments who are living in worlds from 10 years ago. I spend more time talking to ‘cybersecurity departments,’ telling them why their practices are bad for security. It is no longer a technical problem to be more secure – it's not even a user problem, it's an organizational problem. Unless an organization makes bold decisions and moves at pace, then the problem solely lies at its door, nowhere else.”
Your email address will not be published. Required fields are markedmarked