Five reasons organisations are at increased cyber risk in 2023

Janine Chasmer
Janine Chasmer

As technology advances, so do the cyber threats that organisations must defend themselves against. More than half (54%) of UK organisations were successfully targeted by cyberattacks in 2022, with 31% being targeted by criminals at least once a week.

Crime levels have been proven to go up during times of economic crisis, meaning we can only expect the 42% increase documented in early 2022 to soar in 2023 and beyond. In fact, experts predict that cybercrime will create ten trillion US dollars of damage each year by 2025.

However, by keeping abreast of cybercrime developments,  organisations will be much better equipped with an impactful line of defence and pave the way to a much more sustainable future.

That said, here are our top five developing cybercrime trends to watch out for during the rest of 2023 and beyond:

Digital imposters and impersonations

As AI grows increasingly powerful, the messaging that services – like ChatGPT – can be used to generate appears ever more human – pushing obvious imposters out of the cybercrime market to make way for threats that could easily have come from your colleagues. Indeed, AI services are  democratising cybercrime, making it possible for a greater number of would-be criminals to carry out successful attacks.

It’s not just written impersonations that have become more of a problem. Deepfake technology can also be used to impersonate trusted individuals using their image or voice. This allows cybercriminals to gain easy, unauthorised access to key files and data, with plenty of time to get away with the proceeds without detection or consequence.

Employee exploitation

As hybrid work becomes the norm, networks grow increasingly vulnerable to external attacks. This is because more and more employees will  use their personal devices and Wi-Fi networks to access sensitive information. What’s more – with the exception of certain specific circumstances – people working from home are unlikely to encrypt their files before sharing.

Realising this, opportunist cyber criminals have made it their mission to target unsuspecting individuals with cleverly disguised tactics such as fake apps and desktop programs that mimic well-known brands. When people download these programs or even interact with their assumed-recognised operating systems, they will inadvertently be inviting malware onto their systems, granting cybercriminals subtle and unobstructed access to entire data systems and company networks, which can easily and surreptitiously be leveraged to carry out large-scale attacks.

It just serves to prove that people really are our weakest links – a fact attackers are well aware of. That’s why many now focus on social engineering, using human psychology to their advantage. With the power of AI-generated messaging behind them, they  can coax even the savviest of users into handing over key data or passwords, be it via email, social media, or even over the phone.

In addition to these ‘evergreen’ phishing tactics, they might use scareware to achieve their means, convincing people to download a malware problem posing as the solution under the false belief that they have already been attacked. They might even attempt to bait or lure users into handing over access by offering them lucrative rewards specifically designed to mimic that well-deserved recognition from the boss.

Of course, as soon as one person gives in, trojans can be activated, spyware can be launched and other types of malware can sink its claws into organisation-wide systems, causing large-scale mayhem that is difficult to rectify and control.

Threats to the cloud

 Whilst cloud storage solutions are generally more secure than on-premises infrastructure when  protecting your data, they come with unique vulnerabilities that organisations must still be aware of. From misconfiguration, poor access control, shared tenancies and supply-chain vulnerabilities, poorly governed cloud storage can soon become an open door to opportunist cybercriminals. This is also the case if you continue  operating with insecure APIs or with easily replicable multi-factor authentication.

Next-generation data breaches

In the past, attackers used ransomware to take valuable data hostage and demand a fee for its return. In order to do this, they would encrypt company data to prevent access to it, before asking for ransom. Nevertheless, the encryption process proves incredibly time-consuming, particularly when it has to be applied to vast numbers of individual files. As such, companies that had been targeted were able to recover some of their data by terminating the malware before encryption was complete, minimising the damage caused.

New-wave attackers are responding to this solution by skipping the encryption step altogether, simply stealing data and demanding a sum outright, knowing that their advances will be harder to detect and cannot be remedied with backups. Some will even go as far as using wipers and other types of destructive malware to delete your data entirely.

Control over the Internet of Things

Finally, as more and more devices are connected together in integrated smart systems under the Internet of Things (IoT), the efficiencies gained as a result stand to be compromised by the looming threat of complete external control. In other words, if these networks are overloaded or locked down by hackers for financial gain, companies stand to lose much more than they would in the event of a simple, single-system takedown.

The complete takeover of central systems has already affected companies as large as Tesla, with a 19-year-old confessing to using a bug to hack into 25 vehicles in 2022. In fact, Jeep Cherokee also suffered a major attack  in 2015, with hackers shutting down the vehicles’ engines on the move, seriously threatening the future of the automotive giant’s reputation.

Beating the hackers at their own game

While there is no one or singular action that organisations can take for guaranteed security, the below practices will go a long way to ensuring safety and success:

Establish protocols, access controls and best practices

Having a solid, organisation-wide approach allows you to act fast and as a collective. Make sure that every member of your team is up to speed with your password policies, data hygiene strategies, cloud best practices and everything in between – remembering that cybersecurity is not just an issue for IT.

Commit to continued learning

It’s not enough to put policies in place. You must also train your team to recognise new, advanced risks, giving them real-life examples to tackle GenZ security ennui by showing that it could easily happen to them.

Avoid cyber debt

Investing in new technologies and digital initiatives without investing just as much into your cybersecurity strategy can lead to what is known as ‘cyber debt’. And it will ultimately leave you more vulnerable to risk.  Therefore, you must plan your investments carefully, always ensuring that you have the staff, systems and support required to deal with any corresponding threats.

Eliminate zero-day vulnerabilities

The longer a cyber threat is left untreated, the more damage it can cause for your organisation. Zero-day vulnerabilities occur when an attack has been discovered – and a corresponding patch may even exist – but it takes time for teams to act and respond, allowing issues to escalate.

Making sure that you always have a remedial plan and experts on call to readily implement any solutions and patches is a simple way to avoid this.

Back up your efforts with professional help

With an estimated 2.93 million unfilled cybersecurity positions around the world, it is clear that organisations lack the knowledge and teams required to keep themselves safe. Understandably, not all organisations can dedicate full-time efforts to staying ahead of the cyber threat curve – especially when their area of expertise lies outside of IT. Partnering with an external security company is a great way to overcome this, also providing you with the strategies, insight and guidance you need to move confidently into the digital future with reduced risk of attack.

The cyber threat landscape may be ever-evolving, but by remaining aware and securing the right support, there’s no reason  your organisation should join the ranks of the 50%+ of those suffering each year.

Are you looking for support in implementing an impactful and effective cybersecurity strategy?

Equantiis is committed to helping our clients achieve their maximum potential by optimising their processes and technology. Contact a member of our team today to book an initial consultation.

Share this article

More about the author

Janine Chasmer
Janine Chasmer - Principal Consultant

Janine’s career includes 10 years in the not-for-profit sector, specifically within membership, and she leverages her industry expertise and first-hand experience with a wider range of clients, including Membership and Charity, where she provides consultancy on a range of areas including Business Strategy, Customer Experience improvement and process optimisation. In recent years, Janine has applied these consulting skills to the Education sector, supporting HE and FE institutions to improve their applicant and student experience at key phases such as application, enrolment, Clearing and progression. Other projects include Digital and Data Strategy, process and automation, and Student Journey optimisation. She has also worked as a SRM Functional Consultant, using this unique insight of both sector knowledge, and enabling technology to achieve transformational outcomes. Janine is also a regular event speaker and creates and shares industry and sector insights with her network.