What are five of the top cybersecurity concerns in 2023 and beyond, and how can SMBs successfully circumvent them?
The team of ethical hackers here at Packetlabs aren’t just dedicated to providing you with 360-degree cybersecurity solutions–we’re also committed to expanding the public’s knowledge on how (and why) to bolster their existing security systems.
Read on for tips, tricks, and FAQs regarding some of cybersecurity’s top trends.
Before we jump into some of the top concerns plaguing businesses just like yours, we first have to outline why they matter.
Here’s what the numbers are saying:
Nearly half of executives expect cyberattacks to target their accounting and other financial assets
2022’s record number of phishing cyberattacks will only continue to grow in future years
Business email-related scams are accounting for 70% of employee-targeted cyberattacks, with the number growing 53% year-over-year
Compromised credentials are now the most common source of data breaches, and are both the most expensive and the longest for internal cybersecurity teams to identify: clocking in at an average of 327 days to identify and costing $150,000 more on average than other types of breaches
The hardest hit industries? Healthcare, law, retail, ecommerce, technology, energy, finance, education, and government–all industries whose employees primarily moved to remote work in the wake of the COVID-19 pandemic.
With many businesses shifting to online work for the first time, there are many common gaps in work-from-home cybersecurity systems that are leaving businesses vulnerable to attack.
The top five kinds of these breaches that we’re seeing in 2023 and beyond are:
Social engineering is a type of cyberattack that manipulates a victim (typically a work-from-home employee) to gain control over a business device, access financial information, or steal personal data.
Common types of social engineering include:
Phishing: Phishing generally comes in the form of impersonation or false information. It attempts to coerce victims into clicking malicious links, opening malware, or revealing sensitive personal or professional information. Phishing can be done via text messaging, by phone, or by email–and, if successful, commonly steal usernames, passwords, and even banking information… all of which could cost your business millions
Baiting: Baiting is an off-shoot of phishing that takes a more personal approach. With baiting, bad actors leverage false threats or promises to try to force victims into revealing compromising information. This could be pretending that they have sensitive information about the victim that they will release to the public or masquerading as the CEO of the organization claiming that they need access to certain accounts
Collecting: Just like your physical sensitive information, digital information that is not properly stored or destroyed after use can be skimmed by criminals in order to gain access to a plethora of sensitive info
Scareware: Last but certainly not least is scareware. Pop-ups claiming that an employee’s computer is infected with malware or claims that software needs to be installed that grants remote access are both popular forms of scareware
And if you think that your business couldn’t possibly fall prey to these tactics? Think again: in 86% of interviewed organizations, at least one employee had already become a victim to social engineering.
The Solution: “Education, education, education” is the “location, location, location” of cybersecurity. A professional compromise assessment works to identify undetected threat actors who are (or who have ever been) in your business’s network. This blend of automated and manual inspection covers firewalls, endpoints, and servers–which, in turn, can lead to more thorough cybersecurity briefings for employees. How many employees are falling victim to social engineering? What devices is it happening on the most? What myths or misconceptions about cybersecurity is your team buying into it? Compromise assessments unveil all these, and more.
While there is a multitude of advantages to cloud storage, it isn’t without its vulnerabilities. In fact, the National Security Agency has flagged four common types of cloud vulnerabilities: poor access control, shared tenancy, supply chain vulnerabilities, and misconfiguration.
Poor access control (otherwise known as “uncontrolled privilege access”) is defined as cloud-based deployments being directly accessible from the public Internet. Although this is a boon for employees who work remotely and may need to take their work on-the-go on occasion, cloud storage being operational outside an organization’s on-premises infrastructure means that, unless quality access control is in place, threat actors have greater opportunity to gain access to privileged cloud-based resources.
Likewise, shared tenancy–or “multi-tenancy”–is a commonly-used type of cloud structuring wherein multiple clients of a single cloud storage vendor share the same resources. These clients are known as tenants, and share software resources as well as hosting. Due to numerous people having access to your cloud resources, shared tenancy is oftentimes a magnet for data breaches.
Supply chain vulnerabilities are another significant cybersecurity concern in 2023 and beyond. Although rare, supply chain vulnerabilities occur when computer software itself is targeted by malicious threat actors before being installed by an organization. This leads to insidious data breaches that can wreak both financial and reputational havoc long before they’re detected.
Last but not least, misconfiguration happens when organizations that are unfamiliar with securing cloud infrastructure accidentally leave their resources exposed to attacks by not properly securing their infrastructure (especially if they are working with multi-cloud deployments.)
The Solution: Invest in periodic cloud pentesting to identify the common vulnerabilities that may be comprising the security of your cloud storage. Packetlabs' cloud penetration testing methods, as an example, are 95% manual and are derived from a blend of the SANS Pentest Methodology, the MITRE ATT&CK framework for enterprises, the Azure Threat Research Matrix, and the NIST SP800-115 to ensure your organization’s compliance with most regulatory requirements.
Attacks on devices linked to the IoT (“Internet of Things”) are only growing by the day–and, with Statista estimating that the number of devices connected to the Internet expected to reach a staggering 75 billion by 2025, we here at Packetlabs aren’t the least bit surprised.
Internet-linked devices include, but aren’t limited to:
Webcams
Routers
Laptops
Tablets
Medical devices
Household appliances
Smart watches
Automobiles
Home security systems
And manufacturing equipment
While this widespread interconnectedness across devices often results in peak communication and productivity across organizations, it also equates to a spike in data breach spikes. All that collected data, business processes, and stored credentials are ripe for the hacking… and, once controlled by threat actors, can be used as a weapon to overload networks, lock down equipment essential to your organization’s functionality, or even steal valuable data.
An example of this? Smart medical devices and electronic medical records (EMRs) being compromised. Because hospitals and medical facilities across North America are adjusting to the widespread digitization of patient medical records and other key information, malicious threat actors often target their defenses in an attempt to steal the sensitive information found on patient records and employee medical devices… and, in the worst-case scenario, cause physical harm to patients.
The Software Engineering Institute of Carnegie Mellon University puts it perfectly in their statement on the matter: “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.”
The Solution: Pinpoint overlooked security weaknesses with infrastructure penetration testing. Each penetration test gives you and your organization an independent view of the effectiveness of your existing security processes, and outlines steps that can be taken to ensure both short-term and long-term infrastructure protection.
How good is your organization’s cyber hygiene?
Used as a term to describe the habits, practice, and protocols regarding your organization’s technology use–like regularly enacting MFA (multi-factor authentication) or banning employees from connecting to unprotected Wi-Fi networks–cyber hygiene is crucial… and, according to statistics, woefully under-utilized by the globe’s remote workforce.
With 60% of businesses relying solely on human memory to manage and remember work-related passwords, 54% of Information Technology professionals not enabling MFA to protect organization-related accounts, and less than half of North Americans stating that they would change their password after a data breach, work-from-home and hybrid employees often have worse cyber hygiene practices than they may think.
The Solution: Simulate real-world cyberattacks with objective-based penetration testing to determine where exactly your cyber hygiene is leaving you most vulnerable. OBPT is a comprehensive pentest that includes advanced adversary simulation for added security assistance, and gives your in-house security team what they need to identify and address vulnerabilities.
With cybercrime only continuing to spike year after year, organizations and governments alike are struggling to keep on top of the best practices needed in order to fight sophisticated cyberattacks–and hire enough qualified professionals to enact these practices.
Here at Packetlabs, our team of highly-skilled ethical hackers have over 10+ certifications and years of collective experience tackling cybercrime head-on. We work both directly with organizations and with MSPs to provide expert penetration testing services to leave your digital space safer than we found it.
We are a proud member of the Entrepreneurs’ Organization, the GIAC, and the Retail Council of Canada. Our array of cybersecurity services strive to go beyond the checkbox for your organization.
The Solution: Partner with Packetlabs for cybersecurity solutions you can trust, every time.
“What is the top cybersecurity concern in 2023?”
Ransomware as the result of social engineering, cloud storage vulnerabilities, IoT attacks, and poor cyber hygiene was listed as one of the top cybersecurity concerns in 2023 by over 66% of IT professionals.
“What is the criteria for strong cybersecurity?”
Your cybersecurity should follow the five-pillar approach of confidentiality, availability, authenticity, integrity, and the renouncement of user data.
“How do you identify cybersecurity risks?”
Periodic pentesting is one of the best ways to evaluate and remedy cybersecurity risks.
“What types of businesses are most at risk of cyberattacks?”
Businesses and organizations in the industries of healthcare, retail, energy, law, government, ecommerce, technology, and finance are all high-risk in 2023 and beyond.
“What is one of the biggest cybersecurity risks businesses face?”
Keeping employees informed about the dangers of data breaches is a consistent challenge for organizations across all industries.
“What can I do to keep my organization safe from cyberattacks?”
Contact the Packetlabs team today for a free, zero-obligation quote regarding how to get your organization’s security up to its full potential.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
© 2024 Packetlabs. All rights reserved.