Businesses Need To Prioritise Cybersecurity In 2023

Uploaded on 2023-02-16 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Last year proved to be a year full of high profile cyberattacks, with incidents occurring across all sectors and business types. Indeed, figures show that global cyberattacks increased by 38 percent in 2022, compared to 2021, with the same research showing the UK saw a 77 percent increase in overall cyberattacks last year.

However, if businesses thought the worse was over, then unfortunately, they are in for a rude awakening as the beginning of 2023 has shown that cybercriminals are more active than ever and more capable than ever of hacking into systems and getting their hands-on data.

With less than two months of the year gone, we have already seen the following attacks:

Royal Mail:   Ransomware attack by a Russian hacker group which led to chaos across its international postal services.   

PayPal:   Hackers gained access to nearly 35,000 customer’s personal data, including name, address, Social Security numbers, tax ID and/or date of birth.

MailChimp:  The email marketing and newsletter giant, was hacked, with dozens of customers’ data exposed. More worryingly, this was the second successful hack on the company in the past six months.

DNV:    A shipping giant, saw a ransomware attack affect 70 companies and potentially 1,000 vessels.

UK Schools:  14 UK schools were hit with ransomware attacks, with some of the pupil data (much of it old) being released onto the dark web after the ransoms were not paid.

ION Trading UK:   A ransomware attack on the financial data firm saw scores of brokers unable to process derivatives trades. However, the gang behind the attack said that the ransom had been paid by an anonymous benefactor.

Undoubtedly, there have been many other attacks that have not grabbed the headlines as cybercriminals up their efforts to gain access to data. These attacks are across multiple sectors, both public and private, using different tactics, with gangs originating from all over the world. However, the determination of cybercriminals to gain access to data is the common thread, and all companies now hold data that is worth something to criminals.

Recognising this fact is the first step for most companies. A close second though is locating where your data is held. For many companies, data has been stored in various locations over a number of years, by individuals who may well now have left the business. This means that there is potentially sensitive data left in unprotected systems.
Without understanding what data is held, where it is stored and what could be safely disposed of, companies cannot effectively protect themselves. The key to cybersecurity though is to stop the cybercriminal from getting through in the first place.

The weakest point in most companies are the employees. This situation has become worse since more employees are now working out of the office or in hybrid roles. This leaves them out of the corporate network and potentially working on personal devices that are not updated or patched.

Some solutions constantly warn employees of potential dangers. However, the messages and alerts bombarding users have caused ‘security fatigue’ in some. This has led to employees making rash decisions, and ignoring all warnings, even the most urgent ones. This has made it easier for cybercriminals to gain access to systems.
Only warning employees at the point of danger is the key. This allows decisions to be made at the right time without being lost amongst other, less urgent messages. It also provides a real-time learning as employees can clearly see what the malicious threat looks like and can more easily identify one in the future.

With the threat from cybercriminals very obviously increasing, companies have to identify where their data sits (including legacy data) and whether any of it can be safely disposed of. Also, by turning your employees from the weakest to one of the strongest links in your cybersecurity strategy companies will be in a much stronger position to keep cybercriminals out and data safe. 

AJ Thompson is CCO of Northdoor plc 

You Might Also Read:

Will The Insider Threat Intensify During The Recession?

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Royal Mail Refuses To Pay LockBit Ransom Demand
Policing Digital Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Guidewire

Guidewire

Guidewire Cyence™ Risk Analytics is a cloud-native economic cyber risk modeling solution built to help the insurance industry quantify cyber risk exposures.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

ADNET Technologies

ADNET Technologies

ADNET Technologies is a SOC 2, Type II Compliant IT management and cybersecurity firm.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.