Cyber threat actors continue to adapt to break the latest technologies, practices, and data privacy laws. All organizations must stay ahead of cybercrime by implementing strong cybersecurity measures and programs for today and the New Year.
Expect an increase in digital supply chain attacks - With the rapid modernization and digitization of supply chains come new security risks. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains. This is a three-fold increase from 2021. Previously, these types of attacks were not even likely to happen because supply chains were not connected to the internet. Since they are now connected at many levels, supply chains must be adequately secured. Introducing new technology around software supply chains means there are likely security holes that have yet to be identified but are essential to uncover to protect your organization in 2023.
Mobile-specific cyber threats are increasing - It should come as no surprise that with the increased use of smartphones in the workplace, mobile devices are becoming a more significant target for cyber-attack. Cyber crimes involving mobile devices have increased by 22% in the last year, according to the Verizon Mobile Security Index (MSI) 2022, with no signs of slowing down in advance of the New Year. As hackers target mobile devices, SMS-based authentication has inevitably become less secure. Even the seemingly most secure companies can be vulnerable to mobile device hacks. Case in point, several major companies, including Uber and Okta, were impacted by security breaches involving one-time passcodes in 2022.
Organizations need to take extra precautions to prevent attacks that begin with the frontline by implementing software that helps verify user identity. According to the World Economic Forum's 2022 Global Risks Report, 95% of cybersecurity incidents are due to human error. This fact alone emphasizes the need for a software procedure that decreases the chance of human error regarding verification. Implementing a tool like Specops' Secure Service Desk helps reduce vulnerabilities from socially engineered attacks targeting the help desk, enabling secure user verification at the service desk without the risk of human error.
Increase cloud security - As more companies opt for cloud-based activities, cloud security, any technology, policy, or service that protects information stored in the cloud, should be a priority in 2023. Cyber criminals become more sophisticated and evolve their tactics as technologies evolve, which means cloud security is essential as you rely on it more frequently in your organization.
Ransomware-as-a-Service (RaaS) - Ransomware attacks continue to increase as it is so profitable for cybercriminals Data from Verizon discovered a 13% increase in ransomware breaches year-over-year. Ransomware attacks have also become increasingly targeted. Sectors such as healthcare and food and agriculture are some of the latest industries to be victims, according to the FBI.
With the increase of ransomware threats comes the increased use of RaaS. This is a service where ransomware criminals lease out their infrastructure to other cybercriminals or groups. RaaS kits make it even easier for threat actors to deploy their attacks quickly and affordably, which is a dangerous combination to combat for anyone leading the cybersecurity protocols and procedures. To increase protection against threat actors who use RaaS, enlist the help of your end-users.
End-users are your organization's frontline against ransomware attacks, but they need the proper training to ensure they're protected. Ensure your cybersecurity procedures are clearly documented and regularly practiced so users can stay aware and vigilant against security breaches. Employing backup measures like password policy software, MFA whenever possible, and email-security tools in your organization can also mitigate the onus on end-user cybersecurity.
Data privacy laws are getting stricter - We cannot discuss cybersecurity in 2023 without mentioning data privacy laws. With new data privacy laws set to effect in several states over the next year, it is time to assess your current procedures and systems to ensure they comply. These new state-specific laws are just the beginning; companies would be wise to review their compliance as more states are likely to develop new privacy laws in the years to come. With these new regulations, hefty fines are often assessed for the loss of any PII.
Data privacy laws often require changes to how companies store and process data, and implementing these new changes might open you up to additional risk if they are not implemented carefully. Ensure your organization is following proper cyber security protocols, including zero trust.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
Comments