More businesses are becoming victims of cybercrime with each passing day. Cybercriminals and hackers are continuing to find covert and discreet ways of penetrating networks and systems, compromising sensitive data and information.
Even in the early days of 2023, we have already seen Royal Mail become the victim of a severe cyber attack which has resulted in exceptional delays to its overseas operations. In a bitter twist of irony, towards the end of 2022, hackers had stolen sensitive information from the secure online password management provider, LastPass. It’s believed that this LastPass hack affected 30 million users, whose IP addresses, email addresses, phone numbers and usernames were compromised.
If these organisations can be hacked, what does that mean for businesses that don’t have as well-defined or structured cybersecurity procedures in place?
Cybercrime doesn’t show any signs of slowing down. So with these two prominent examples in mind, it’s important to consider the growing and emerging cyber security threats in 2023. The trends are clear, but what about the types of threats that are growing more commonplace?
Current Cyber Threats Facing Your Business
1. Phishing and Social Engineering
Phishing attacks involve cybercriminals tricking users into providing sensitive information so they can gain access to devices and install malware. A SlashNext survey reported more than 255 million attacks in 2022 over six months, with many cybercriminals shifting to mobile devices. These types of attacks have grown increasingly more complex and difficult to detect.
2. Cryptojacking
Cryptojacking (also known as cryptomining) has grown by approximately 230% over the last year, as research from Kaspersky shows. With over 200,000 new miners surfacing and compromising vulnerabilities in computers where they can conduct unlawful cryptojacking activities and anonymise transaction data.
3. IoT Malware
Malware attacks are becoming more covert, with more cybercriminals seemingly targeting email or IoT (Internet of Things) devices and IoT platforms. During 2022, 75% of organisations experienced malware activity that spread from one employee to another, with the number of malware attacks rising to 10.4 million per year.
4. Cloud Security Attacks
Cloud computing providers assure customers of improved cyber resilience when compared to local systems. However, cyber threats like data leaks, access management, misconfigured storage and insecure APIs are some of the vulnerabilities that are becoming more exploited by hackers. VentureBeat found that 94% of companies they surveyed experienced API incidents in 2021.
5. Cyber Crime-as-a-Service (CCaaS)
Experienced cybercriminals and threat actors develop sophisticated services or tools which are sold to other, often less knowledgeable criminals. CaaS has already caused a surge in cyber attacks, becoming more of a commodity than ever before, suggesting that it is reaching unprecedented levels.
6. Supply Chain Attacks
Government data shows that 13% of companies regularly review the risks posed by their immediate suppliers. Across the wider supply chain, this figure drops to 7%. Supply chain attacks can severely disrupt operations as commodities move from location to location. Yet surprisingly, very few companies are cognizant of the potential cyber risks that come with working with suppliers. Expect more cybercriminals to exploit this gaping loophole.
The Severity of Cyber Attacks
Whether your business is a startup, scale-up, or established multinational, the cyber threat landscape is constantly evolving. The Covid-19 pandemic brought on several changes that affected all types and sizes of companies, with cybercrime seemingly exacerbated due to the uncertainty around remote working and businesses being insufficiently protected.
Statistically speaking, the UK lost more than £34.5 million due to coronavirus scams, fraud and cybercrime by March 2021. The GCHQ National Cyber Security Centre (NCSC) covered and responded to 723 incidents, 200 of which were coronavirus-related. These incidents rose again the following year.
At this present time, with Covid-19 protective measures seemingly a relic of gloomier, darker days, cybercrime has only worsened in severity. Looking at the 300+ 2023 cybercrime statistics reported by CompariTech, it’s clear that cyber attacks are becoming more commonplace. That’s not even considering a crime that isn’t reported. The threat landscape, much like cyber attacks themselves, is evolving, even as cybersecurity professionals continue to counteract these damaging threats and hacks. However, it’s expected that by 2025, global cybercrime damages could total up to $10.5 trillion (USD).
Cyber attacks can affect organisations in numerous ways. Businesses may suffer any of the following types of aftereffects:
- Reputational damage
- Financial losses
- Productivity
- Morale
- Business continuity
- Partnerships
- Restructuring
- Legal liability
Some businesses could be more prone to cyber attacks than others, primarily due to the nature of their industry and service. For instance, financial institutions like banks may be more prone to cybercrime than solicitors or legal firms. While that doesn’t mean that assets are risk-free, it’s in companies' best interests to secure these as much as possible, by enabling multiple verification methods or investing in cloud-based management software.
While that doesn’t absolve any industry of complete data security, companies that hold sensitive information or data are arguably the most common targets of cybercriminals. In 2022, IBM reported that the average time frame it took to identify and contain a cyber attack was 277 days, nearly a full year, with healthcare being one of the most susceptible industries and one that was hit particularly hard financially.
Reducing the Risks of Cybercrime
Implementing the right preventative measures and implementing protection with Integrated Security and Identity Solutions is paramount. Of course, many companies are bound by industry-wide legislation or regulations, which means their data protection measures must fulfil more criteria than others, while every industry must comply with GDPR, for example.
For larger Cloud-based Service Providers, an integrated package of measures to secure your data and communication platforms is the most responsible and proactive thing you can do. As a general guide, the steps listed below will improve your security posture in the wake of all these growing threats.
- Avoid unnecessary downloads or file transfers from unverified sources.
- Use strong, secure passwords and regularly update them.
- Install all the latest updates and security patches on your devices and software.
- Prevent the spread of sensitive data beyond your devices.
- Install reputable antivirus software with built-in firewalls and internet security scanners.
- Establish a robust cybersecurity response and recovery strategy to adopt in the event of data breaches or hacks.
- Manage user permissions for shared files or drives, encrypting the most sensitive ones.
- Enable multi-factor authentication on devices.
- Consider taking out cyber liability or data protection insurance.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.
