Businesses Need To Prioritise Cybersecurity In 2023

Last year proved to be a year full of high profile cyberattacks, with incidents occurring across all sectors and business types. Indeed, figures show that global cyberattacks increased by 38 percent in 2022, compared to 2021, with the same research showing the UK saw a 77 percent increase in overall cyberattacks last year.

However, if businesses thought the worse was over, then unfortunately, they are in for a rude awakening as the beginning of 2023 has shown that cybercriminals are more active than ever and more capable than ever of hacking into systems and getting their hands-on data.

With less than two months of the year gone, we have already seen the following attacks:

Royal Mail:   Ransomware attack by a Russian hacker group which led to chaos across its international postal services.   

PayPal:   Hackers gained access to nearly 35,000 customer’s personal data, including name, address, Social Security numbers, tax ID and/or date of birth.

MailChimp:  The email marketing and newsletter giant, was hacked, with dozens of customers’ data exposed. More worryingly, this was the second successful hack on the company in the past six months.

DNV:    A shipping giant, saw a ransomware attack affect 70 companies and potentially 1,000 vessels.

UK Schools:  14 UK schools were hit with ransomware attacks, with some of the pupil data (much of it old) being released onto the dark web after the ransoms were not paid.

ION Trading UK:   A ransomware attack on the financial data firm saw scores of brokers unable to process derivatives trades. However, the gang behind the attack said that the ransom had been paid by an anonymous benefactor.

Undoubtedly, there have been many other attacks that have not grabbed the headlines as cybercriminals up their efforts to gain access to data. These attacks are across multiple sectors, both public and private, using different tactics, with gangs originating from all over the world. However, the determination of cybercriminals to gain access to data is the common thread, and all companies now hold data that is worth something to criminals.

Recognising this fact is the first step for most companies. A close second though is locating where your data is held. For many companies, data has been stored in various locations over a number of years, by individuals who may well now have left the business. This means that there is potentially sensitive data left in unprotected systems.
Without understanding what data is held, where it is stored and what could be safely disposed of, companies cannot effectively protect themselves. The key to cybersecurity though is to stop the cybercriminal from getting through in the first place.

The weakest point in most companies are the employees. This situation has become worse since more employees are now working out of the office or in hybrid roles. This leaves them out of the corporate network and potentially working on personal devices that are not updated or patched.

Some solutions constantly warn employees of potential dangers. However, the messages and alerts bombarding users have caused ‘security fatigue’ in some. This has led to employees making rash decisions, and ignoring all warnings, even the most urgent ones. This has made it easier for cybercriminals to gain access to systems.
Only warning employees at the point of danger is the key. This allows decisions to be made at the right time without being lost amongst other, less urgent messages. It also provides a real-time learning as employees can clearly see what the malicious threat looks like and can more easily identify one in the future.

With the threat from cybercriminals very obviously increasing, companies have to identify where their data sits (including legacy data) and whether any of it can be safely disposed of. Also, by turning your employees from the weakest to one of the strongest links in your cybersecurity strategy companies will be in a much stronger position to keep cybercriminals out and data safe. 

AJ Thompson is CCO of Northdoor plc 

You Might Also Read:

Will The Insider Threat Intensify During The Recession?

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Royal Mail Refuses To Pay LockBit Ransom Demand
Policing Digital Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Lakeside Software

Lakeside Software

Lakeside Software is how organizations with large, complex IT environments can finally get visibility across their entire digital estates and see how to do more with less.

Netsparker

Netsparker

Netsparker provide a web application security scanner to automatically find security flaws in your websites, web applications and web services.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

Appgate

Appgate

Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.

Frontier Technology Inc. (FTI)

Frontier Technology Inc. (FTI)

Frontier Technology Inc provides the technology and deep data expertise to drive the best defense and intelligence solutions.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

Hurricane Labs

Hurricane Labs

Hurricane Labs is a managed security services provider (MSSP) that focuses on Splunk.