Data theft is reaching a new high. In the first half of 2023, the number of data compromises was higher than the total breaches in almost every year since 2005, according to the Identity Theft Resource Center (ITRC).
With so many cyberattacks and breaches, it’s prudent to look at the trends likely to affect the cybersecurity industry in the second half of 2023.
Why should physical security pros worry about cyber risk?
Many companies consider IT security separate from physical security. They are often handled by different departments and those departments may not report to the same leaders in the organization.
That’s a mistake; physical security and cyber security are deeply and intrinsically related — especially now that technology is a part of almost every aspect of our lives. Several cyberattacks in 2022 ground industrial operations to a halt, and affected the physical operations of transportation companies. As long as we continue to see physical risk and IT risk as different, companies leave themselves vulnerable to the places where those risks intersect.
Even if physical security and cyber security are handled by different teams at your organization, they should see each other as partners when planning to handle risk.
Need help with your security plan? Contact us now for a demo.
Emerging trends in the IT security industry
1. Ransomware isn’t going anywhere
Ransomware is malware — or malicious software — that holds an organization’s information, systems, data or networks for ransom. It does this by blocking access to data, either by encrypting the data or by locking a system. The attackers then demand a ransom for the encryption key. If the ransom isn’t paid, you don’t get your data back, and some attackers will threaten to publish proprietary information on the public internet.
Many of the biggest attacks of the last year were ransomware-related, and a recent report from Verizon found that ransomware played a role in 24%of all data breaches in 2022.
Ransomware attacks are unlikely to stop; unfortunately criminals have found that this sort of crime pays. That said, more and more ransoms are not being paid; less than half of victims paid ransoms last year.
2. Data privacy regulations are changing
This year has been the year of data privacy laws. This year has seen the number of U.S. states with data privacy regulations more than double. There are now 12 states with data privacy laws on the books.
Data protection laws are good news for consumers, but compliance may be tricky for businesses — especially those not in highly-regulated industries. Businesses who haven’t had to worry about data protection previously will need to upgrade their processes and privacy to stay in compliance.
3. All suppliers should be vetted
You do background checks on your new hires. You should also complete background checks on vendors, because they are often an attractive target for hackers, who can potentially gain access to many companies by breaching one.
Vendor hacks are common. According to Verizon, 62% of attacks last year involved a supply chain partner. SANS found that attacks on technology companies more than doubled in the early months of this year, meaning criminals are focused on compromising service providers in technology in hopes of getting to their clients.
4. ChatGPT is getting into crime
Generative Artificial Intelligence is already being used by criminals to conduct phishing more effectively. A SANS Institute analyst demonstrated the dangers of generative AI by asking ChatGPT to help her write like a 9 year-old. Generative AI also used photos of her as an adult to create an image of her as a child — showing how AI can be used by predators to lure children.
5. SIM Card swaps
Not all cybercrime happens online. SIM card swaps are crimes that combine physical security and IT security. Criminals snatch unattended devices, swap their SIM card with a malicious SIM card and take over the device routing the victim’s incoming calls and text messages to a different phone. Using SIM card swaps, criminals are often able to obtain access to a victim’s various personal accounts, including email accounts, bank accounts, and cryptocurrency accounts, as well as any other accounts that use two-factor authentication. This can be particularly devastating if a company phone or table is compromised.
SIM card fraud has become increasingly common since companies have been requiring two factor authentication, and is likely to increase in the next year.
6. People will always be the weakest link
Social engineering continues to be prevalent in breaches; 74% of all breaches involve a human element. This can mean a variety of things: employees who made a mistake that allows a cyberattack, malicious insiders, or a company falling victim to a social engineering attack like phishing. Given that phishing is a popular attack vector, social engineering attacks – essentially, tricking employees into responding to messages from criminals pretending to be someone else — are probably here to stay.
That said, there are ways you can prevent your people from being scammed into giving up credentials, access, or clicking a link that will compromise your company. Training is the first line of defense against recognizing a phishing scam or making a server configuration error that might expose sensitive data. The second line of defense is testing your people — an IT team that periodically sends out test phishing emails will be able to see which of your employees are most likely to click on a bad link and who needs more training. Another line of defense against phishing scams is a good email filter. It won’t catch the most sophisticated scams, but it will weed out common phishing attacks before an employee can see or click on them.
Ready to create a plan for IT security? Talk to us now about assessing your security.
About the Author
