Businesses Need To Prioritise Cybersecurity In 2023

Last year proved to be a year full of high profile cyberattacks, with incidents occurring across all sectors and business types. Indeed, figures show that global cyberattacks increased by 38 percent in 2022, compared to 2021, with the same research showing the UK saw a 77 percent increase in overall cyberattacks last year.

However, if businesses thought the worse was over, then unfortunately, they are in for a rude awakening as the beginning of 2023 has shown that cybercriminals are more active than ever and more capable than ever of hacking into systems and getting their hands-on data.

With less than two months of the year gone, we have already seen the following attacks:

Royal Mail:   Ransomware attack by a Russian hacker group which led to chaos across its international postal services.   

PayPal:   Hackers gained access to nearly 35,000 customer’s personal data, including name, address, Social Security numbers, tax ID and/or date of birth.

MailChimp:  The email marketing and newsletter giant, was hacked, with dozens of customers’ data exposed. More worryingly, this was the second successful hack on the company in the past six months.

DNV:    A shipping giant, saw a ransomware attack affect 70 companies and potentially 1,000 vessels.

UK Schools:  14 UK schools were hit with ransomware attacks, with some of the pupil data (much of it old) being released onto the dark web after the ransoms were not paid.

ION Trading UK:   A ransomware attack on the financial data firm saw scores of brokers unable to process derivatives trades. However, the gang behind the attack said that the ransom had been paid by an anonymous benefactor.

Undoubtedly, there have been many other attacks that have not grabbed the headlines as cybercriminals up their efforts to gain access to data. These attacks are across multiple sectors, both public and private, using different tactics, with gangs originating from all over the world. However, the determination of cybercriminals to gain access to data is the common thread, and all companies now hold data that is worth something to criminals.

Recognising this fact is the first step for most companies. A close second though is locating where your data is held. For many companies, data has been stored in various locations over a number of years, by individuals who may well now have left the business. This means that there is potentially sensitive data left in unprotected systems.
Without understanding what data is held, where it is stored and what could be safely disposed of, companies cannot effectively protect themselves. The key to cybersecurity though is to stop the cybercriminal from getting through in the first place.

The weakest point in most companies are the employees. This situation has become worse since more employees are now working out of the office or in hybrid roles. This leaves them out of the corporate network and potentially working on personal devices that are not updated or patched.

Some solutions constantly warn employees of potential dangers. However, the messages and alerts bombarding users have caused ‘security fatigue’ in some. This has led to employees making rash decisions, and ignoring all warnings, even the most urgent ones. This has made it easier for cybercriminals to gain access to systems.
Only warning employees at the point of danger is the key. This allows decisions to be made at the right time without being lost amongst other, less urgent messages. It also provides a real-time learning as employees can clearly see what the malicious threat looks like and can more easily identify one in the future.

With the threat from cybercriminals very obviously increasing, companies have to identify where their data sits (including legacy data) and whether any of it can be safely disposed of. Also, by turning your employees from the weakest to one of the strongest links in your cybersecurity strategy companies will be in a much stronger position to keep cybercriminals out and data safe. 

AJ Thompson is CCO of Northdoor plc 

You Might Also Read:

Will The Insider Threat Intensify During The Recession?

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Royal Mail Refuses To Pay LockBit Ransom Demand
Policing Digital Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

Sentropi

Sentropi

Sentropi is an online protection solution against charge backs, account takeovers, identity thefts and online scams.

Brainloop

Brainloop

Brainloop's security architecture enables you to work on and distribute strictly confidential documents both within and beyond the firewall.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

SignalSEC

SignalSEC

SignalSEC provides vulnerability intelligence, malware analysis, penetration testing and associated training services.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

Yokai

Yokai

Yokai is a secure, distributed platform for data communication with enhanced security features tailored for classified environments such as finance, defence, healthcare, cybersecurity, and more.