Trends in Cybersecurity 2023

Cyber-crime is increasing at an alarming rate. According to Cybersecurity Ventures, the cost of cyber-crime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025. eSentire | 2022 Official Cybercrime Report

According to a Deloitte Center for Controllership poll in 2022, Press Release here. “During the past 12 months, 34.5% of polled executives report that their organizations' accounting and financial data were targeted by cyber adversaries. Within that group, 22% experienced at least one such cyber event and 12.5% experienced more than one.” And “nearly half (48.8%) of C-suite and other executives expect the number and size of cyber events targeting their organizations' accounting and financial data to increase in the year ahead. And yet just 20.3% of those polled say their organizations' accounting and finance teams work closely and consistently with their peers in cybersecurity.”

Moreover, as Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft describes: “Cybercriminals continue to act as sophisticated profit enterprises. Attackers are adapting and finding new ways to implement their techniques, increasing the complexity of how and where they host campaign operation infrastructure.”

Cyber-crime is increasingly prevalent across all our markets and industry verticals, impacting businesses daily, as everyone continues to navigate this new and fast changing technology landscape. The attack on the Scottish Environmental Protection Agency (SEPA) in 2021, was an example of “sophisticated and complex ransomware” attack in the Waste sector. Similarly, Waste Management Services in US, revealed a data breach of employees healthcare data in January 2021.

How does a cyber-attack work?

As a recent Microsoft Digital Defense Report highlights (see infographic below): ‘people are now the primary attack vector and represent the greatest vulnerability to an organization’s security.¹ A recent industry study found that identity-driven attacks accounted for 61 percent of breaches.² The risk-to-return ratio makes these human-centered attacks irresistible for cybercriminals. For example, password-spray attacks cost an attacker almost nothing and can yield invaluable access to business information. Phishing remains the most prevalent form of cyberattack, with business email compromise (BEC) potentially the most costly.³ From the time your business email is compromised, it takes only an average of one hour and 12 minutes for an attacker to access your private data.^4’

Infographic below showing key trends in cyber security (from Microsoft Digital Defense Report 2022)

Source links:

Microsoft Digital Defense Report 2022, Microsoft. 2022.

IBM & Blumira Report

IT security checklist for waste and recycling companies article

Types of cyber-attacks

Phishing is still the tool of choice for many hackers. Phishing is commonly defined as a technique by hackers to exfiltrate your valuable data, or to spread malware, in your IT system. It can be relatively easy to trick employees with a phishing email, especially when it appears to be a personal email from a boss or senior executive in your organization, or from an institution like a bank, or a frequently used, well known, website.

Currently, ransomware, mostly via phishing activities, is the top threat through enterprise organizations. Ransomware allows cyber criminals to access critical information on IT networks and hold organizations hostage for electronic cash payments.

“In 2022, 76% of organizations were targeted by a ransomware attack, out of which 64% were actually infected. Only 50% of these organizations managed to retrieve their data after paying the ransom. Additionally, a little over 66% of respondents reported to have had multiple, isolated infections.” New cyberattack tactics rise up as ransomware payouts increase | CSO Online

The specific IT characteristics of the waste, recycling and transport industries, show many operating a central ERP system across departments in a Head Office, regional satellite depots, many drivers using mobile devices and vehicle fleets with IoT sensors, cameras and other technology employed, increasing the number of nodes in the IT system, adding more complexity, extra risk and increasing network vulnerability. So as our businesses grow, our dependency on technology grows and often this is through siloed legacy systems, which work against IT departments quickly trying to detect threats and breaches, with many moving parts increasing the difficulty of containing these security risks.

In summary

To meet these challenges, businesses require intelligent, automated, integrated security to ensure they can provide prevention, detection and response across end users using the right infrastructure. In today’s world, this security innovation and support is driven by cloud-based solutions. Software as a service (or SaaS) offers many technical and business benefits, including world class service supporting greater business resilience in areas such security, agility, mobility, scalability, business continuity and performance management. Ensuring every business manages its security profile is paramount, especially as the cyber security threat grows ever more sophisticated and challenging.

If you want to learn more about AMCS’s approach to managing cyber security threats, you can read some of our articles here: AMCS IT Security Checklist, An overview of AMCS’s approach to Cloud Security, or you can watch our Webinar on Demand here Executive Briefing on Security Resilience

Source:

¹SANS 2022 Security Awareness Report, the SANS Institute. June 28, 2022.

²50 Identity And Access Security Stats You Should Know In 2022, Caitlin Jones. January 6, 2023.

³Phishing Scams are the Most Common Cyber Attack, Says FBI, Conor Cawley. May 10, 2022.

⁴Microsoft Digital Defense Report 2022, Microsoft. 2022.