Featured Posts
Cyber security crimes caused mass havoc in 2022, what should we be on the lookout for in 2023?
This blog was originally published by Phriendly Phishing on LinkedIn Pulse
1. Cyber Security Awareness and Culture is top of mind
In 2023, in the wake of the last two years of cyber attacks around the world, more businesses will have cyber security at the top of their mind. It will become apparent that no business is too small to secure theirs and their customers data, and there will be a focus to create a security culture in both the workplace and personal lives.
Awareness training in data retention and cyber security will become as procedural as basic training in every workplace.
There is a real opportunity to set some realistic standards for the digital generation to secure their personal data so that soon, growth in business won't even think to be without cyber hygiene training and procedures. For those just now waking up to the breadth of this issue, it'll be a case of scrambling to patch existing systems - not unlike the wake of the Y2K 'bug'.
Behavioural change and a cultural shift, coupled with realistic simulated training will take some of the steam out of future cyber attacks and we expect that business will follow suit in the coming year.
2. Social Engineering and BEC (Business Email Compromise)
A form of social engineering is a tactic called Business Email Compromise (BEC) and it's an uncomplicated way for a cyber criminal to get immediate gains. This can be done in two ways – spoofing an email, either by using a similar domain name to the legitimate one they are impersonating or using software to edit the ‘from’ email address on display and compromising the email account which would have started with a phishing attack installing malware on the network and therefore the criminal can send from the legit account and exploit all the opportunities that it affords.
The criminal usually will send invoices demanding payment to a ‘new’ bank account, or directives to employees to make purchases or reveal information. They will have urgency and be brief and targeted. If you have been the victim of phishing, this makes verification difficult, especially if you WFH (working from home) or aren’t in the same office, and the best way to prevent BEC is to have strict financial procedures in place, and employee training on how to respond to requests of that nature.
As people conduct almost 90% of their lives online, this creates quite a large attack surface, and the fast-paced way we like to move, makes this a growth area in cyber crime. As deepfake technology becomes more sophisticated and easier to access, you might not even be able to trust a video call for authorisation.
3. Special Event Opportunism
The past several years has seen more than this generation’s fair share of unprecedented events – a pandemic, a war, election controversy in more than one country to name a few. Widespread unrest and a shift in priorities of the public at large, is like waving a red flag at cyber criminals, even geopolitical state actors have been known to take the opportunity while the world is in disarray.
Sadly, charity scams are on the way up; pleading with people to assist victims of natural disaster, pandemic related poverty and holiday season goodwill. It’s a time when people are wanting to help and give back, not realising that this is the scammers time to shine.
Sadly, war related opportunism was also set to be a large motivator for hacktivists, criminals and state actors with domains registered in or with the TLD using the word Ukraine used for fake fundraising. Donation swindles have hampered legitimate human rights agencies and made people weary of helping, which has in turn reduced the efforts needed to assist.
In 2023, while we hope that these once in a lifetime event will be solved or wind down, we do not know what is on the horizon, and companies and individuals best be aware of how to spot a scam in the wild.
4. Digital Impersonation and Fraud
Social media platforms are full of rich information, which can spell trouble for the individual as well as the organisation they work for. They have always been a gold mine of searchable information about a person’s updates, and a cyber criminal will waste no time in using this information for a spear phishing scam attack or even the long game of gathering info until they have complete dossier to use in a social engineering experiment.
Augmented reality, AI (Artificial Intelligence) chat, filters and ‘deepfakes’ can also be used to gather more information and even foster an element of trust between the criminal and the intended victim, which has in the past opened the doors to romance scams, marketplace frauds and even personal information that can be used to verify login to accounts and impersonate the victim.
Impersonation lead the charge in 2022 with many social media cyber attacks involving impersonating a company or individual for fraudulent purposes – A form of fraud that can affect small and large business alike.
With one certain social platform allowing paid verification, it is clear the scams and impersonation will continue to climb, as criminals get bolder, and the technology gets wiser. The more we rely on IoT (Internet of Things) devices, the Metaverse and become early adopters of emerging technologies, we increase our personal, and organisational attack surface.
5. Credentials compromise in small to medium businesses will rise.
In 2023, there will be an increase in cyber-crime affecting small to medium businesses, as they struggle to implement identity-based access across their systems. Still too many businesses, both large and small have gaps in building a robust security culture and an important piece of the puzzle is password management. A lot of data breaches are due to criminals using compromised credentials to gain access to networks that do not have MFA (Multi Factor Authentication) in use, and that can allow anyone with a compromised password to gain access – bypassing the ‘authority’ layer of the access model.
MFA (Multi-Factor Authentication) means that more than one kind of security authentication method is used for a user to access their account – it’s something you have such as an authentication app, something you know - meaning your password, and something you are which can be a biometric signal such as a fingerprint.
It is not the be all and end all of security, but in addition to a great password policy, which ideally includes the use of a Password Management tool, it is a good first step, and it’s an easy step to implement for businesses and individuals that might not have the resources for a larger solution just yet. It can help prevent attacks in the initial stages and keep credentials safe. The benefit is, it keeps security top of mind for employees, as it’s a frequent use solution and the intent is that it can help drive greater security cognition thus better enabling a strong security culture going forward.
It takes many hands to stay on top of cyber security, for some hands-on training on cyber security awareness, contact us today for a demo of our award-winning training platform.