Blog post by: George Ralph – RFA
Insider threats and ransomware set to increase for 2023
The year 2022 was an intense and busy year for both cybersecurity experts and cybercriminals alike. Businesses across the world were subjected to numerous attacks. The personal information for more than 50,000 users of the fintech company Revolut was accessed during a data breach that took place in September 2022. In the same year, a leading automotive company was hit by three separate ransomware attacks within a span of two weeks, Sophos researchers (via ITPro) confirmed. Now that 2022 is behind us, these kind of cyberthreats are showing no signs of slowing now. Managing Director of RFA, George Ralph takes a look at two trends set to gain momentum in the cybersecurity landscape in 2023.
Insider threats and espionage
In 2023, ‘knowing thy enemy’ will become increasingly more complicated. Whilst attacks can arise from outside of organisations, insider threats remain a pressure and concern in terms of cybercrime. It can be incredibly challenging to prove who carried out a breach and this is even more difficult should it be carried out by an insider working for an operation. Human error can be problematic for safeguarding cybersecurity for businesses. It is one of the key reasons why businesses experience data breaches. To minimise this risk, firms in the financial services industry should seek to secure cybersecurity training for their staff. However, intentional corporate malice and espionage can also be problematic for businesses. They are incredibly difficult to prepare for and protect against. Cybercriminals know this and therefore this poses a threat for businesses in 2023. In order to combat this risk, firms must limit privileged access to sensitive information such as trade secrets, financial and customer data and intellectual property. It is critical to have tools in place that layer security access to individuals, so staff can only access what they need to. This level of detail is possible with today’s technical advances. This strategy takes both human and technical awareness, yet it is essential for good governance and practice.
Increase in targeted ransomware
Ransomware proved to be a significant challenge for cybersecurity professionals in 2022 and this is expected to increase in 2023. No company is safe from the threat of ransomware attacks or other cyber threats. Samsung, Uber, Microsoft and T-Mobile were all subjected to breaches in 2022. According to the Verge; ‘in the first two quarters of 2022, there were a total of 236.1 million ransomware attacks globally. These attacks were estimated to be worth $14 billion to cybercrime groups.’ Ransomware attacks happen in two ways: by opportunistic means or by targeting someone or something. Targeted attacks are growing much more sophisticated and specific and they are expected to get even more so throughout this year. It will be essential for firms to increase their protection this year and can do so by being protected by a triad of methods. Through a cybersecurity strategy, businesses will need to ensure they are operating in a secured environment whilst also having a plan to recover quickly and efficiently should a breach happen. Should a company fall victim to an attack, they need to have an ongoing security and compliance assurance plan to ensure they are able to continue to operate.
As we look to progress into 2023 financial services firms should be investing in an ongoing cybersecurity strategy and make it a key priority moving forward.This should include investing in training, policies and procedures so that staff can carry out their operations and day-to-day activities in an environment that is safe and secure. At the same time, firms should be seeking to create frameworks that help protect the business from any potential cyberattacks. This year, the C-suite should be allocating a significant budget for cybersecurity and it should be considered as essential with a high ROI. Although it is not an income generator, it should be viewed as the most important income protector.
