Posted 8th January 2023
The beginning of a new year is always a good time to reflect and plan when it comes to your IT security. More than ever, there’s a necessity to meticulously plan for potential cyber attacks on your business, especially as cyber criminals become even more adept at bypassing security measures.
The UK Government tracks and reports on Cyber Security Breaches via surveys every year. The proportion of UK businesses identifying cyber-attacks over the last 6 years can be seen in the table below. Sadly, the report also identifies underreporting as a possibility.
2017 | 2018 | 2019 | 2020 | 2021 | 2022 |
46% | 43% | 32% | 46% | 39% | 39% |
Protecting your business is vital, and it is important to understand the cyber attack trends. Understanding these trends will help you plan and implement the correct cyber security strategies to help protect against attacks.
So, what are the expected cyber-attack trends for 2023?
The Accellion Supply Chain Attack in 2021 brought the risk of supply chain vulnerabilities into sharp focus. Accellion was a small cloud company, but the implications of their breach had a worldwide impact on banks and supermarket chains and many other businesses. Shell Oil were hacked as a result of the initial breach. Considering the success of such an attack, we are expecting to see more Supply Chain Attacks in 2023.
Is your business the weakest link in the chain of a bigger organisation? That could make your business a target of cyber criminals trying to access another business. Using the same train of thought, have you looked at your supply chain? Who can access your business systems? How strong are the cyber security defences of those in your supply chain?
If you are interested in finding out more about Supply Chain Vulnerabilities, take a look at our dedicated blog.
As many people embrace 5G technology, it is becoming a more focused target for cybercriminals. Hackers want to attack the 5G hardware that powers routers and devices, and cloud services are also expected to be a major vulnerability, and therefore target, in 2023. Because this is a new technology, it is inevitable that there may be some vulnerabilities in it. It’s these vulnerabilities that hackers target so don’t be afraid to ask your 5G providers for information about the safeguards they have put in place.
The impact of the pandemic is still being felt in this area. Unfortunately, during the pandemic, the number of cyberattacks on both private individuals and businesses skyrocketed. This, in turn, has ensured that organised criminal groups have realised that world events such as the pandemic can be lucrative. For example, they may launch phishing campaigns for world events, and unfortunately, innocent people are fooled. We have seen this in the current energy crisis, where multiple phishing campaigns were launched to target people looking for energy grants and information.
A Phishing attack uses an email to send someone a fake communication. The aim of the Phishing email is to collect commercially or personally sensitive data such as logins and credit card details. Phishing emails have become increasingly sophisticated and can look extremely professional, and will often pretend to be from a reputable source such as a bank, energy company or other service providers.
Our mobiles go with us everywhere, and cyber criminals take advantage of that too. There is an increasing trend for more mobile device-based attacks, including SMS-based phishing, also known as smishing.
Mobile phone numbers are unfortunately not as private as they once were, as cyber criminals can buy lists of them online. They can then send very convincing fake texts that, for example, replicate shipping notifications. Included in the texts is a link, and when the user clicks on it, malware is often used to gain their personal information. We have again seen a spike in these during the Christmas period in respect of parcel deliveries, as well as in relation to the energy crisis.
If you would like to read more about Smishing Scams, take a look at our dedicated Smishing blog
The term insider attack may sound a little dramatic, but they are an ever-present threat and something that employers need to be aware of. Insider attacks are not accidents - they are deliberate attempts to damage your business or organisation. The trigger for the attack is often when a staff member has felt a slight against them, missed out on a promotion, or is not happy with feedback or the way a situation has been handled. Disciplinary action and being fired are quite often the catalyst. We have written two blogs dedicated to the issues surrounding insider attacks:
We have already warned about Phishing emails, but now cyber criminals are utilising AI to make Phishing emails more professional looking than ever before. This means that the emails can look identical to trusted brands and they can also be personalised much easier. Previously some Phishing emails were easy to spot due to bad spelling, bad grammar and the structure of the sentences that just seemed a little off. But now, by using AI a lot of the initial tell-tale signs of a phishing email cannot be relied upon; you and your staff need to be on your guard even more than usual.
If you’re concerned about any of these cyber attack trends, do give us a call and schedule a cybersecurity check-up. We can offer staff training to help identify phishing emails, and other potential security threats. Sadly, staff are often, although unintentionally, a business's weakest link.
The IoT market has already seen exponential growth in the last couple of years, and the expectation for the coming years is the continued expansion into new industries and products, especially with 5G now in the mix. IoT is in no way restricted to home-based products, although that is where a lot of people's initial exposure occurs. There are multiple industries which plan to utilise IoT, including SaaS, Remote Equipment Management, Data Analysis, Medical and Healthcare, Security, Manufacturing, and Smart homes and Cities.
But as with the majority of new technologies, there are flaws and loopholes that are available for cyber criminals to exploit. Due to the nature of some of the devices and the way they communicate, they are considered a significant security risk, especially when they are connected to a shared network.
In a world of home/remote working, where staff are often accessing business networks from their home internet hub, have you taken steps to set up a secure network? Or are they using the same network that their doorbell, Roomba and other IoT devices are connected to? Find out more about why IoT devices should be on a separate Wi-Fi network in our blog.
We are never far from our mobile phones. Mobile phones and being connected to a data network have become so intrinsically linked to our everyday lives that we don’t always stop and think about the security aspects associated with mobile devices or the use of public Wi-Fi. Mobile device attacks continue to be on the rise, potentially exacerbated by BYOD policies brought in during the pandemic. There are multiple potential Mobile Device attacks that you need to consider, and we have identified them for you in this blog.
Ransomware reports seemed to be in the news often in 2022, and in fact, it is likely to be the worst year on record for ransomware attacks globally. The Guardian Newspaper, Nvidia & South Staffordshire (Water Utilities) are just three of many businesses and organisations that were breached in 2022. The expectation that ransomware attacks will continue to grow in 2023 is more than reasonable.
Ransomware is a form of Malware, and at its simplest level, once it is in your IT systems, it locks all the data and access to the systems connected to the network it has infected. Many businesses do not recover from a Ransomware attack, which is why prevention is always better than cure. There is an ongoing debate regarding whether you should pay a ransomware demand, which we have explored in detail in our blog.
Malware stands for Malicious Software, from viruses, worms, bots and Trojans, to name a few. Malware comes in various different shapes and sizes, but all with the same basic aims: disruption, theft, and to cause harm in some way.
So, we can all agree it should be avoided at all costs. Because Malware comes in many different guises, it becomes easier for businesses and organisations to understand that cyber security needs a multi-layer, multi-pronged approach.
Is your computer showing signs it is infected with Malware?
Reply Chain Phishing attacks are incredibly sneaky as they turn up as part of an email conversation that you are involved in, rather than via someone emailing you unexpectedly out of the blue claiming to be a long-lost relative that has an inheritance for you. You may be part of an email conversation with perhaps multiple parties, but what you don’t know is that one of those other parties has had their email hacked, and they are now being impersonated. The impersonator can add to the ongoing conversation a weblink or link to a document, which is, in fact, Malware. You can find out more about Reply Chain Phishing and Business email compromise in our dedicated blog.
When was the last time you updated all the patches on the software on your devices? How many applications are you using that are now considered end-of-life? At least six significant pieces of software were discontinued in 2022 - are you still using them on your network? Software with missing patches or software that is no longer being updated due to being considered at the end of life are prime targets for hackers. Make sure you have an asset management and patch management system in place.
We have mentioned staff being a security risk when they are disgruntled, but it is quite common for happy and productive members of staff to accidently introduce ransomware and other cyber threats to your business networks. We highly recommend you ensure you train your staff to recognise cyber threats and the part they can play in accidently introducing them into business systems. Are your staff aware of Spear Phishing attacks?
One layer of security is just not enough to protect your business against Cyber Threats and Cyber Criminals. The best approach to cyber security is a multi-layered approach, which includes both training, education and technology. The goal is to make your business difficult to breach, as some less sophisticated attackers will give up if their usual attempts are unsuccessful, and they will move on to other less protective businesses and organisations. Do your current cyber security protections provide your business with enough defence? Get in touch to discuss your cyber security!