To gain a full appreciation of the need for stringent cyber security in the modern business world, it pays to break down the numbers. Take the Australian Cyber Security Centre (ACSC), the Federal Government’s lead agency for cyber security. Hazard a guess at how many cybercrime reports the organisation received in 2021/2022. A few thousand? Thirty thousand? Try more than 76,000 … or 6,300-plus per month … or almost 1,500 each week … or more than 200 every day. Worse still, that was an increase of nearly 13% on the previous financial year1.
Do you want a bigger number? How about the fact that the Anti-Phishing Working Group (APWG), an international fraud prevention consortium, recorded almost 3.4 million phishing attacks in the first three-quarters of 2022 alone2? Or that market and consumer data company Statista has estimated the cost of global cybercrime will reach $10.5 trillion by 20253?
Source: Check Point Research: Cyber Attacks Increased 50% Year over Year - Check Point Software
Digital transformation has created a world where few businesses do not rely on computers and other connected devices to manage their daily activities. Given that, it has never been more important for business leaders to be aware of the cyber security threats set to dominate headlines in 2023.
Phishing and social engineering
As highlighted above, phishing attacks soared in 2022, with every quarter breaking the record for the worst three-month period the APWG has ever observed4. Scarily, the situation does not look like changing any time soon. Experts believe an expected downturn in the economy will lead to more people taking risks to commit fraud and with many organisations still unprepared for coordinated and targeted attacks, that is a recipe for disaster. eCommerce sites are tipped to be particularly hit hard by Bank Identifying Number (BIN) attacks where criminals take incomplete credit card details gained during phishing or social engineering attacks (eg: the first six numbers of a bank card) and use software to generate the remainder of the required information.
Smart devices and Internet of Things (IoT)
There has never been a more exciting time for tech lovers, with AI and machine learning increasingly being integrated into smart devices of all shapes and sizes. It is predicted there will be more than 75 billion Internet of Things-connected devices worldwide by 20255 but the flipside is there will never be more targets for cyber criminals. An estimated 80% of IoT devices are vulnerable to a wide range of attacks6 and 2023 will see many businesses feel the brunt of inadequate security measures on smart devices such as lights, appliances and locks. From device hacking and permanent denial of service to ‘man-in-the-middle’ attacks that breach, interrupt or spoof communications, businesses should take measures to be protected by a comprehensive IoT security solution.
Smishing scams
SMS phishing - aka smishing - has been a concern for several years but has received widespread attention in recent times due to a significant rise in ‘Hi Mum’ scams. Relying on exploiting human trust rather than technical exploits, smishing is a cybersecurity attack carried out over mobile text messaging and often assisted by malware or fraud websites. More than 1,150 Australians fell victim to the so-called ‘Hi Mum’ scam in the first seven months of 2022, with total reported losses of $2.6 million7. Scammers pose as a family member or friend making contact from a new number due to a “lost or damaged phone” and after developing a rapport, they ask for personal information or money to help urgently pay a bill or replace their phone. As the primary channel typically used by businesses as a second factor of authentication, it is concerning that SMS is becoming less secure and less trusted.
Business email attacks
Business email compromise (BEC) is a perennial feature on cyber security lists and that will not change in 2023 as they continue to reap rewards for cyber criminals. The FBI’s Internet Crime Complaint Center recorded nearly $2.4 billion in BEC-related losses in 20218, with fake emails from trusted sources (eg: CEO, payroll office) often convincing employees or customers to provide personal information or transfer funds. One evolution is that while fraudsters have traditionally impersonated company executives, there has been a shift in recent times to see mid-level employees being impersonated more often.
Summary
Just as cybercriminals are becoming more sophisticated, the technology that can protect businesses and their systems from attack is improving. Tools such as voice biometrics are playing a vital role in enhancing multi-authentication strategies by asking users to provide something they are (eg: a voiceprint) with something they know (eg: pin number, password) and something they have (eg: RSA security token, SMS code, authenticator app code). The options are available - it is simply a matter of finding the best protection for your organisation.
AI chatbots have enhanced the customer experience landscape. Now discover how conversational AI is making life easier for employees as well.
References
[1] Critical Cyber Crime Statistics in Australia (Updated) - eftsure
[2] APWG | Phishing Activity Trends Reports
[3] Cybersecurity - Worldwide | Statista Market Forecast
[4] APWG Q3 2022 REPORT: Phishing Reaches New Quarterly High in (globenewswire.com)
[5] IoT devices installed base worldwide 2015-2025 | Statista
[6] Smart Home: Threats and Countermeasures - Rambus
[7] ACCC warning of suspicious messages as "Hi Mum" scams spike | ACCC
[8] https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf
