What The Latest Cybersecurity Trends Mean For Your SME 

Uploaded on 2023-05-11 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

It's open season for cybercriminals. Research from TWC highlights that the time between March and July is the peak period for cyber attacks targeting organisations, meaning that businesses of all shapes and sizes must remain vigilant. Comparing that with the uptick in cybersecurity incidents that hampered governments and global corporations alike this year already, it’s clear that smaller businesses must act quickly to avoid being caught out.

To stay safe in cyberspace, prevention is always better than the cure. Below, we’ll tackle emerging cybersecurity trends and how businesses can enhance their security and stay vigilant at a time when cybercriminals and fraudsters are growing ever more sophisticated.  

Playing Tricks With Packages 

Hackers will use many of the daily routine, mundane tasks we do to probe for weaknesses. That now includes targeting users as they download digital “packages” of files. There have been increasing incidents of package impersonation attacks via public repositories such as NPM, RubyGems, and PyPl. These play out as cybercriminals create fake packages that mimic legitimate ones in these repositories, and when developers unknowingly download one of these ‘packages’, they also install malware or other malicious code into their systems. The impact of such attacks can be serious as the information on a business’s servers is sensitive. 

To reduce the risk of these attacks, businesses must act to expand the verification and software composition analysis to identify potential threats.

Having verification measures in place checks a package's cryptographic signature and can authenticate the source, therefore ensuring the package is genuine. It can also verify the integrity and dependencies of the package, adding another layer of reassurance that it has not been tampered with. A final check is to run a software composition analysis, which can detect suspicious or malicious code within a package. 

 Multiplying Attacks From Multi-Factor Authentication

Most associate multi-factor authentication with an added layer of security. But even this can potentially be exploited. Businesses are seeing increasing incidents of push spam attacks, where an attacker will send countless push notifications demanding access, tricking an overwhelmed user into approving their entry into their system. The other increasingly common tactic is the ‘man in the middle attack’, which gives access to an account when an attacker intercepts the communication between the user and the server — thus obtaining authentication information. 

One obvious solution is improved employee education on the importance of not approving such requests, and increasing vigilance against unsolicited pop-ups or other suspicious activity. However, that will never fully eliminate the chance for human error.

So how can we bolster security? Hardware tokens could be a compelling solution to this threat. These tokens form an additional layer of security by generating a unique, one-time password that’s entered alongside regular login credentials. Since the password changes every time a user logs in, it’s much harder for attackers to access accounts.

Generating Security With AI

The rise of generative AI is offering many businesses opportunities to find new efficiencies. Unfortunately, cybercriminals are finding ways to benefit from this technology too. With tools like ChatGPT, cybercriminals have a powerful tool to craft more convincing phishing and smishing lures, even with limited technical skills of their own. 

Whether it’s phishing over email or text, companies must be on the front foot to tackle these incidents as they become more common. As before, employee education and training can form a crucial first step in helping with this, as well as staying vigilant against suspicious texts, emails and links. The second line of defense, as mentioned, is having resilient security measures in place, such as multi-factor authentication, as well as keeping device software up to date. 

Finally, don’t let the good name of your company be used against you. Some attackers may copy your domain name and impersonate a legitimate business in a homograph attack. It’s all too easy to overlook the small differences between characters that might be used to replicate a safe domain name with a malicious one — which is why it’s crucial to also consider choosing a domain name with built-in protection to guard against such vulnerabilities. Some domain providers are protecting their customers by automatically blocking all homographs of customers’ domain names at the time of purchase, effectively preventing any efforts to mimic legitimate websites.

API Attacks On The Rise

APIs have undoubtedly become the foundation of modern software development, given their data sharing capabilities and ease of integration. But this reliance on APIs comes at a risk. With attacks only getting more sophisticated–for instance, injection-based attacks, such as cross-site scripting (XSS) or SQL injection, or smarter social engineering tactics–hackers are getting better at getting users into divulging sensitive information. Thankfully, that risk can be mitigated.

While cybercriminals can exploit vulnerabilities in APIs to steal data, compromise systems or launch attacks on other applications or networks, implementing authentication protocols can reduce the likelihood of this threat. Tools like these can help businesses control access to their APIs, review access controls lists and ensure only authorised users can access APIs. Proper encryption of API data can also go a long way in helping protect sensitive data in transit, so data gets to where it needs to be safely. 

But this isn’t a checkbox exercise - instead, businesses must perform regular penetration testing to identify and address any vulnerabilities before it's too late. 

Securing The Path Ahead

Businesses must be vigilant that new technologies bringing them new efficiencies are not also working against them. After all, cybercriminals are just as invested in utilising the latest and greatest trends in technology.

But by having strong awareness and security-savvy employees, a protected domain name, as well as strong authentication protocols across the board, businesses can rise above the risks in 2023 and beyond. 

By Alexander Falatovich, Senior Cyber Security Threat Analyst at Identity Digital

You Might Also Read:

The Reality Check For Small & Medium Businesses:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NSA Warning: China Is Stealing AI Technology
What Is The Difference Between Phishing, Smishing & Vishing?  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

Cyber Secure Forum

Cyber Secure Forum

The Cyber Secure Forum is a premier cybersecurity event dedicated to bringing together experts, and professionals to explore the latest trends, share knowledge, and discuss strategies.

Panaseer

Panaseer

Panaseer is an enterprise cybersecurity automation and data analytics company that helps organizations stop preventable breaches by ensuring security controls are working effectively.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

Offenso Hackers Academy

Offenso Hackers Academy

At Offenso we focus on cyber security training focused on producing cyber security professionals with a wide range of abilities to counter threats from the internet and cloud to a business.