Businesses Need To Prioritise Cybersecurity In 2023

Last year proved to be a year full of high profile cyberattacks, with incidents occurring across all sectors and business types. Indeed, figures show that global cyberattacks increased by 38 percent in 2022, compared to 2021, with the same research showing the UK saw a 77 percent increase in overall cyberattacks last year.

However, if businesses thought the worse was over, then unfortunately, they are in for a rude awakening as the beginning of 2023 has shown that cybercriminals are more active than ever and more capable than ever of hacking into systems and getting their hands-on data.

With less than two months of the year gone, we have already seen the following attacks:

Royal Mail:   Ransomware attack by a Russian hacker group which led to chaos across its international postal services.   

PayPal:   Hackers gained access to nearly 35,000 customer’s personal data, including name, address, Social Security numbers, tax ID and/or date of birth.

MailChimp:  The email marketing and newsletter giant, was hacked, with dozens of customers’ data exposed. More worryingly, this was the second successful hack on the company in the past six months.

DNV:    A shipping giant, saw a ransomware attack affect 70 companies and potentially 1,000 vessels.

UK Schools:  14 UK schools were hit with ransomware attacks, with some of the pupil data (much of it old) being released onto the dark web after the ransoms were not paid.

ION Trading UK:   A ransomware attack on the financial data firm saw scores of brokers unable to process derivatives trades. However, the gang behind the attack said that the ransom had been paid by an anonymous benefactor.

Undoubtedly, there have been many other attacks that have not grabbed the headlines as cybercriminals up their efforts to gain access to data. These attacks are across multiple sectors, both public and private, using different tactics, with gangs originating from all over the world. However, the determination of cybercriminals to gain access to data is the common thread, and all companies now hold data that is worth something to criminals.

Recognising this fact is the first step for most companies. A close second though is locating where your data is held. For many companies, data has been stored in various locations over a number of years, by individuals who may well now have left the business. This means that there is potentially sensitive data left in unprotected systems.
Without understanding what data is held, where it is stored and what could be safely disposed of, companies cannot effectively protect themselves. The key to cybersecurity though is to stop the cybercriminal from getting through in the first place.

The weakest point in most companies are the employees. This situation has become worse since more employees are now working out of the office or in hybrid roles. This leaves them out of the corporate network and potentially working on personal devices that are not updated or patched.

Some solutions constantly warn employees of potential dangers. However, the messages and alerts bombarding users have caused ‘security fatigue’ in some. This has led to employees making rash decisions, and ignoring all warnings, even the most urgent ones. This has made it easier for cybercriminals to gain access to systems.
Only warning employees at the point of danger is the key. This allows decisions to be made at the right time without being lost amongst other, less urgent messages. It also provides a real-time learning as employees can clearly see what the malicious threat looks like and can more easily identify one in the future.

With the threat from cybercriminals very obviously increasing, companies have to identify where their data sits (including legacy data) and whether any of it can be safely disposed of. Also, by turning your employees from the weakest to one of the strongest links in your cybersecurity strategy companies will be in a much stronger position to keep cybercriminals out and data safe. 

AJ Thompson is CCO of Northdoor plc 

You Might Also Read:

Will The Insider Threat Intensify During The Recession?

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Royal Mail Refuses To Pay LockBit Ransom Demand
Policing Digital Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Globant

Globant

Globant is an It and software development company. We leverage the latest technologies and methodologies to help organizations transform in every aspect, including software security.

Onyxia Cyber

Onyxia Cyber

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

Dedagroup (Deda)

Dedagroup (Deda)

Dedagroup provide application solutions and IT services to bring innovation at the core of business processes.