Monday, 20 February 2023

The 2023 cyber threats for which you should prepare

The cyber landscape is continually changing so we’ve compiled a list of the most pressing 2023 cyber threats for which we think you should be preparing.

The cyber threat landscape is always changing. That’s one of the reasons that the National Cyber Security Centre significantly updated the UK Cyber Essentials scheme last year. But what are the biggest cyber threats we face this year? And how can you prepare for them?

The cyber landscape is continually changing and it pays to stay up to date. That’s why we’ve compiled a list of some of the most pressing 2023 cyber threats for which we think you should be preparing.

#1. War and the threat of war

State-sponsored cyber crime burgeoned in the time immediately preceding and after Russia’s invasion of Ukraine. With tensions rising in the Pacific, the threat of state-sponsored cyber crime is on the rise again. Government agencies and public sector organisations are most likely to be targets.  

Ransomware and, increasingly, wiperware are favourite attack vectors, so ensure your defences are as good as they can be and make sure you have a very good (and tested) recovery and backup solution in place. Phishing tends to be one of the most common delivery methods, so keep your staff cyber awareness training up to date too.

#2. Cyber criminals are working in smaller and more agile gangs

The National Cyber Security Centre (NCSC)’s January 2023 update(1) explained that the increase in cyber-attacks during 2022 was down to smaller, agile hacker and ransomware gangs.

It cited a report into global cyber-attacks in 2022 by Check Point Research which identified a 38% increase compared to 2021. Education, government and healthcare organisations were the most targeted. The report explained that the criminal groups instigating the attacks are now smaller and more agile, and are using business collaboration tools and the rapid shift to online working and learning to provide opportunities for exploitation.

The NCSC’s recommended mitigation is its Cyber Essentials scheme and it highlighted the importance of developing an action plan to work on and improve readiness.

#3. The cost-of-living crisis

When times are hard, crime rates soar. With malware and ransomware available to download on the dark web (for a price) today’s would-be cyber criminals can access the resources they need surprisingly easily. If the unemployment rate begins to rise as well, that could prompt even more activity – we saw criminal cyber activity rise during the pandemic when people found themselves bored at home. 

Make sure you have defences in place to protect against malware and ransomware activity. Invest in training your people so they understand how to recognise scams and suspicious emails. Cyber criminals like to exploit current events, so make sure everyone thinks twice before clicking on emails relating to the cost-of-living crisis.

#4. Business email attacks, especially payroll diversion

According to Microsoft(2), email is the starting point for 91 percent of cyberattacks. Business email attacks are a growing problem as cyber-attackers seek to target the potential of higher-value pay-outs. One of the most common scams in this area is the payroll diversion scam. 

Scammers masquerading as an employee email the HR or payroll team and ask to change their bank account details. Fraudsters would typically pretend to be high-ranking executive because of the perceived value of their salaries. However, Forbes(3) warns that scams are not limited to the C-suite and that mid-level employees are being targeted more often. It warns that emails can look legitimate and often contain a good backstory to lend credibility.

Ensure your HR and payroll staff are aware of the heightened risk of this type of scam communication. Institute internal processes so that this type of request doesn’t have to come via email and is confirmed with the employee by payroll before any changes are instituted. 

#5. Crypto scams

Crypto scams, encouraging investment in “get rich quick” cryptocurrency schemes, are an increasing risk online. Victims are often drawn in by links shared by Instagram and TikTok influencers or direct messages on these platforms.

While businesses are less likely to be targets in this type of scam, it’s worth being aware of the risk. These scammers are willing to play the long game, recommending smaller-scale early investments on dedicated websites which initially show good returns to build trust with their victims. It’s only when later, larger investments into those website accounts are made that the scammers clean up and disappear with the funds.

#6. Identity related attacks

Identity and authentication attacks will remain a continued threat. A recent Venture Beat(4) cybersecurity post quoted Google executives’ warnings that “relatively unsophisticated threat actors are able to purchase credentials in the underground or con their way into the organisation”. 

Data breach dumps circulating on the dark web make attacks that leverage reused and compromised passwords and other personal information likely. At the same time, federated identity and authentication vendors will come under increasing attack as hackers attempt to find ways in to other service providers. 

Instituting best-practice password recommendations and secure identification tools, including passkeys, within your organisation is the first line of defence. Switching to a “zero trust” approach to security in which you “never trust and always verify” offers another layer of protection and provides a basis for next-generation cyber security.

#7. Ransomware for hire

Connections on the dark web make ransomware as a service a growing problem. The easy availability of malware strains such Emotet, Conti and Trickbot enables criminals without deep technical skills to make money by extorting ransoms or selling or exploiting compromised data. 

The timely patching of software and firmware is vital here to close down the known vulnerabilities these ransomware-as-a-service providers seek to exploit. Lock down network access with a zero trust approach that includes multi-factor authentication and privileged access management.

The NCSC and IASME updated the Cyber Essentials scheme last year in order to address this growing threat. The new, additional guidance emphasises the need for effective backup and recovery. Although the NCSC has stopped short of requiring this as part of the certification process, it is vital you have an effective (and tested) backup and recovery solution in place.

#8. Supply chain attacks

Supply chain attacks are another focus for the NCSC. In October 2022, it issued new guidance around supply chain security(5). That’s because cyber criminals are increasingly targeting companies in a supply chain in order to find paths into other organisations – whether customers or suppliers. 

A recent DCMS Security Breaches Survey found that only thirteen percent of businesses review the risks of their immediate suppliers. And only seven percent of businesses review the risks posed their wider supply chain. The NCSC recommends instituting these risk assessments across their supply chains.

#9. End user devices

With many workers continuing to work flexibly or from home, organisations continue to face the challenge of how to secure end-user devices. Increasingly, the devices being used are not owned by the organisations they serve. 

It’s one of the reasons the NCSC and IASME updated the Cyber Essentials scheme in 2022 to place greater emphasis of the management of end-user devices. It has updated Cyber Essentials again in 2023 to provide a clearer explanation of which devices fall into scope.

Organisations need to ensure they have the tools in place to manage those devices. Microsoft Intune and Autopilot are a fantastic way to address these threats and manage all end-user devices more securely.

#10. Rising cost of cyber insurance

The rising cost of cyber attacks has sent cyber insurance policy charges soaring over the last few years. The market index of international cyber insurance broker Marsh shows that the cost of cyber insurance in the US was rising at a rate of more than 100 per cent year-on-year by the end of 2021, although that had moderated to 79 per cent in the second quarter of this 2022 and 48 per cent in the third.

The Financial Times(6) warns that, “On top of that, cyber insurers have become pickier about the business they will take on, insisting on reams of information about the security clients have in place, and excluding some types of incident from the cover they offer.”

Get Cyber Essentials certified and maintain an asset register to demonstrate that you have the necessary controls in place. Smaller Cyber Essentials certified companies and charities can access cyber insurance schemes for free or subsidised cover.

What next?

The UK Government’s Cyber Essentials scheme is a great place to start when it comes to protecting your organisation against the most common types of cyber threat. 

Our team can help you prepare for Cyber Essentials.

If you’d like to talk to us about this, or any of the other cyber security threats or solutions we talk about in this article, please reach out.

Call us: 0808 164 4142

Message us: 

Further reading

Find more information about cyber security topics on our blog:

•    A recent case exposes why cyber security requires multiple lines of defence

•    Nine months on… meeting the new Cyber Essentials requirements

•    How do you solve a problem like Suella?

•    What is Zero Trust and Should I Be Implementing It?

•    How to implement multi-factor authentication 

•    Why SMEs Should Get Expert Help with Cyber Security