What The Latest Cybersecurity Trends Mean For Your SME 

Uploaded on 2023-05-11 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

It's open season for cybercriminals. Research from TWC highlights that the time between March and July is the peak period for cyber attacks targeting organisations, meaning that businesses of all shapes and sizes must remain vigilant. Comparing that with the uptick in cybersecurity incidents that hampered governments and global corporations alike this year already, it’s clear that smaller businesses must act quickly to avoid being caught out.

To stay safe in cyberspace, prevention is always better than the cure. Below, we’ll tackle emerging cybersecurity trends and how businesses can enhance their security and stay vigilant at a time when cybercriminals and fraudsters are growing ever more sophisticated.  

Playing Tricks With Packages 

Hackers will use many of the daily routine, mundane tasks we do to probe for weaknesses. That now includes targeting users as they download digital “packages” of files. There have been increasing incidents of package impersonation attacks via public repositories such as NPM, RubyGems, and PyPl. These play out as cybercriminals create fake packages that mimic legitimate ones in these repositories, and when developers unknowingly download one of these ‘packages’, they also install malware or other malicious code into their systems. The impact of such attacks can be serious as the information on a business’s servers is sensitive. 

To reduce the risk of these attacks, businesses must act to expand the verification and software composition analysis to identify potential threats.

Having verification measures in place checks a package's cryptographic signature and can authenticate the source, therefore ensuring the package is genuine. It can also verify the integrity and dependencies of the package, adding another layer of reassurance that it has not been tampered with. A final check is to run a software composition analysis, which can detect suspicious or malicious code within a package. 

 Multiplying Attacks From Multi-Factor Authentication

Most associate multi-factor authentication with an added layer of security. But even this can potentially be exploited. Businesses are seeing increasing incidents of push spam attacks, where an attacker will send countless push notifications demanding access, tricking an overwhelmed user into approving their entry into their system. The other increasingly common tactic is the ‘man in the middle attack’, which gives access to an account when an attacker intercepts the communication between the user and the server — thus obtaining authentication information. 

One obvious solution is improved employee education on the importance of not approving such requests, and increasing vigilance against unsolicited pop-ups or other suspicious activity. However, that will never fully eliminate the chance for human error.

So how can we bolster security? Hardware tokens could be a compelling solution to this threat. These tokens form an additional layer of security by generating a unique, one-time password that’s entered alongside regular login credentials. Since the password changes every time a user logs in, it’s much harder for attackers to access accounts.

Generating Security With AI

The rise of generative AI is offering many businesses opportunities to find new efficiencies. Unfortunately, cybercriminals are finding ways to benefit from this technology too. With tools like ChatGPT, cybercriminals have a powerful tool to craft more convincing phishing and smishing lures, even with limited technical skills of their own. 

Whether it’s phishing over email or text, companies must be on the front foot to tackle these incidents as they become more common. As before, employee education and training can form a crucial first step in helping with this, as well as staying vigilant against suspicious texts, emails and links. The second line of defense, as mentioned, is having resilient security measures in place, such as multi-factor authentication, as well as keeping device software up to date. 

Finally, don’t let the good name of your company be used against you. Some attackers may copy your domain name and impersonate a legitimate business in a homograph attack. It’s all too easy to overlook the small differences between characters that might be used to replicate a safe domain name with a malicious one — which is why it’s crucial to also consider choosing a domain name with built-in protection to guard against such vulnerabilities. Some domain providers are protecting their customers by automatically blocking all homographs of customers’ domain names at the time of purchase, effectively preventing any efforts to mimic legitimate websites.

API Attacks On The Rise

APIs have undoubtedly become the foundation of modern software development, given their data sharing capabilities and ease of integration. But this reliance on APIs comes at a risk. With attacks only getting more sophisticated–for instance, injection-based attacks, such as cross-site scripting (XSS) or SQL injection, or smarter social engineering tactics–hackers are getting better at getting users into divulging sensitive information. Thankfully, that risk can be mitigated.

While cybercriminals can exploit vulnerabilities in APIs to steal data, compromise systems or launch attacks on other applications or networks, implementing authentication protocols can reduce the likelihood of this threat. Tools like these can help businesses control access to their APIs, review access controls lists and ensure only authorised users can access APIs. Proper encryption of API data can also go a long way in helping protect sensitive data in transit, so data gets to where it needs to be safely. 

But this isn’t a checkbox exercise - instead, businesses must perform regular penetration testing to identify and address any vulnerabilities before it's too late. 

Securing The Path Ahead

Businesses must be vigilant that new technologies bringing them new efficiencies are not also working against them. After all, cybercriminals are just as invested in utilising the latest and greatest trends in technology.

But by having strong awareness and security-savvy employees, a protected domain name, as well as strong authentication protocols across the board, businesses can rise above the risks in 2023 and beyond. 

By Alexander Falatovich, Senior Cyber Security Threat Analyst at Identity Digital

You Might Also Read:

The Reality Check For Small & Medium Businesses:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NSA Warning: China Is Stealing AI Technology
What Is The Difference Between Phishing, Smishing & Vishing?  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

Responsive Technology Partners

Responsive Technology Partners

Responsive Technology Partners provides superior IT support services including cybersecurity and compliance, telephony, cloud services, cabling, access control, and camera systems.

Confidencial

Confidencial

Confidencial is a provider of solutions that help organizations secure their most sensitive information, regardless if that information exists inside or is shared outside the organization.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.

Infrassist Technologies

Infrassist Technologies

We're Infrassist - a trusted white label Managed IT & Professional Services partner for MSP businesses.