Although the variety of tools to fight malicious actors has proliferated, attacks themselves haven’t receded. In fact, they’ve been soaring: According to a recent report from the FBI, the number of complaints jumped 81% between pre-pandemic 2019 and 2021.
As we enter 2023, external actors remain a concern, accounting for 80% of data breaches, according to the 2022 Verizon Data Breach Investigations Report. But internal security incidents outnumber external ones when taking the broad range of security incidents into account. Many of the things I’m going to list below can be mitigated at the organizational level, so there’s a lot we can do to make our jobs easier.
Here are the most significant threat vectors I see for this year:
1. Ransomware: The skill level required to deploy ransomware has decreased. It’s a service now, and you don’t need real skills. The fact that people and organizations still have a high willingness to pay to unlock their files makes it continue to be a significant threat. According to the 2022 Verizon Data Breach Investigations report, ransomware continued its upward trend with an almost 13% rise – as much as the last five years combined. Organizations need to improve their backup and recovery strategies if they are going to win the fight against ransomware.
2. Public cloud misconfigurations: As the cloud plays a more prominent and significant role in our lives, so does the accidental exposure of information proliferate because developers don’t have the proper skill set or training. McAfee, in a survey of 1,000 enterprises across 11 countries, found that companies average 3,500 misconfiguration incidents monthly, up 54% on the year. When adopting any new or not so new technology, invest in your tech and security teams to make sure they have the proper training.
3. Insider threat: The insider attack can be carried out accidentally or by someone with malicious intent, but either way, the harm is costly. A 2022 study by the Ponemon Institute found that insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to a whopping $15.4 million. Organizations need to continuously improve their user monitoring capabilities and implement the practice of least privilege.
4. Poor asset management: What’s old is new. Most mid-size and large organizations still struggle with asset management. If you don’t know how many assets you have, you can’t be sure to protect them appropriately. A good inventory is crucial for good coverage and should include physical and software assets.
5. Social engineering: The malicious manipulation of people to gain access to confidential information continues to be a significant problem. It’s human nature to be helpful, so make sure people in your organization are well trained so they ask better questions and are better able to detect it. Vigilance is key.
6. Business email compromise: People fall for this subset of social engineering, in which legitimate-looking business emails engineer victims into disclosing confidential information. FBI statistics show that combined domestic and international losses from business email compromise between 2016 and 2021 amounted to more than $43 billion. Check your cyber insurance and business coverage, as BEC is not usually covered by ransomware insurance or hacking protection, as the organization was not a victim of hacking.
7. Static information security programs: Information security programs should be reevaluated annually to ensure everything in place is still effective – and maybe more frequently if your organization has adopted new technologies or changed its risk appetite. As the threat landscape continuously evolves, so must our programs.
8. Smart contracts: As the use of smart contracts expands beyond DEFI to other business activities, people need to be able to ensure the code in the smart contract lines up with the legalese. You also need to look for logic flaws before they’re actioned.
9. Cryptocurrencies: If organizations hold them, they become a bigger target. And if they’re holding them for business purposes, they should keep them in a secure hardware wallet rather than on an exchange because we’ve seen so many crypto failures recently.
10. Poor identity and access management: Some organizations are still struggling to get this right, failing to remove people in a timely fashion or to modify privileges when someone’s role in an organization changes. If you’re one of those organizations, it’s time to harden your IAM practices. According to the Verizon report, stolen credentials are the most popular path into an organization, accounting for 50% of all breaches.
Cybercriminals won’t be taking a break this year. We can’t afford to, either.