With emerging technologies like 5G and others, human reliance on technology, the internet, and smart devices is rising, and 2023 has more in store! Both work and personal life seem unimaginable without smartphones, laptops, gadgets, and the internet. While we move further into the era of technology, cybercriminals are also pacing to develop new hacking mechanisms.
As per a new survey by EEE polling chief information officers, 350 chief technology officers, and IT directors, 51% of respondents called cloud vulnerability a top concern (up from 35% in 2022), and 43% called data centre vulnerability as a big concern (up from 27% in 2022).
Hence, it is crucial for Australian and world businesses to be aware of the latest cyber threats and act on time and implement robust security systems to combat intrusions.
Cybersecurity is, therefore, the need of the hour and is essential to protect networks, devices, and data from unauthorized access or criminal use. It also ensures confidentiality, integrity, and availability of information to the stakeholders in a secure format.
Latest Threats in Cyber Security in 2023
Here is Anitech’s blog on the latest threats in Cyber Security that Australian organisations should watch out for in 2023.
1) Phishing and Social Engineering
Phishing and social engineering are tactics used by cybercriminals to fool individuals into revealing sensitive information or performing actions that compromise their security.
It is a scam that uses email, text messages, or phone calls to trick individuals into providing personal information or login credentials. These messages have been sent from legitimate sources, such as banks or other financial institutions, and may include links to fake websites or attachments with malware.
ii) Social engineering
It is a tactic that manipulates people into performing actions or divulging sensitive information. Social engineering attacks can take different forms, such as pretexting, baiting, quid pro quo, tailgating, and shoulder surfing.
To protect yourself from phishing and social engineering attacks, you should:
- Be suspicious of unsolicited emails, text messages, or phone calls, especially those that ask for personal information or login credentials.
- Always verify the identity of the sender before providing any information.
- Be wary of emails or messages that create a sense of urgency or pressure.
- Never click on suspicious links or download email attachments from unknown sources.
- Keep your antivirus software up to date.
- Be mindful of your surroundings, especially when typing in passwords or other sensitive information in public places.
- Educate yourself and your employees about the latest social engineering tactics and how to avoid them.
- Regularly review and clean up old emails, especially those containing sensitive information.
2) Malware and Ransomware
Malware is monitored and stopped before it enters networks and systems using firewalls and antivirus software. Still, malicious actors keep developing new malware to get around these defences, making it crucial to keep firewalls and security software up to date. Malware, such as viruses and worms, is injected into systems and networks to cause havoc. Malware can access systems, steal sensitive data, and block services.
Ransomware is a type of malware that either threatens to publish confidential information or blocks access to a system. To unlock systems or restore data, ransomware offenders demand cash payments from their victims’ businesses.
Ransomware attacks on businesses increased by 33% in 2022 compared to 2021. Many companies agree to pay ransoms to restore their systems, only to experience another ransomware attack from the same hackers.
Whether they are using malware, spyware, exfiltrating valuable data, or using other types of attack, bad actors can hide within a company’s network, according to Rob Floretta, who is a cybersecurity manager for a major utility provider. Hence, reducing their dwell time “inside” corporate systems is crucial.
He further defines ‘dwell time’ as the duration someone stays in your house or company until you detect their presence. This time spent by malicious actors has significantly reduced over the years but needs some work.
According to Mandiant, the average global dwell time for intrusions discovered by outside parties and disclosed to the victims decreased from 73 days in 2020 to 28 days in 2019. In contrast, 55% of investigations in 2021 had dwell times of 30 days or less, and 67% of these intrusions (37% of the total) were found in one week or less. The report also revealed that 17% of intrusions in 2021 were caused by supply chain compromise, up from less than 1% in 2020.
3) IoT Devices
IoT was being used by 61% of businesses in 2020, and this number is only rising. As IoT grows, security risks also increase, especially with the introduction of 5G telecommunications, which has become the de facto communications network for connected devices.
IoT vendors are known for integrating minimal to no security on their devices, which poses a threat that can be reduced by conducting a more thorough RFP security vetting of IoT vendors upfront and resetting default IoT security settings on devices to comply with corporate standards.
IoT devices typically have easy-to-guess or default passwords that are easily found online. Hence, it is essential to implement simple yet best practices, like changing passwords after installation, making it much more challenging for malicious actors to compromise a system.
4) Cloud Computing
New cybersecurity threats have emerged in cloud and on-premises environments due to the growing popularity of remote work. The total number of records exposed by cloud misconfigurations increased by 80% between 2018 and 2019. Misconfiguration can lead to data breaches, brute-force attacks, exploits, and data exposure.
The increased reliance on cloud computing has formed the apt environment for cybercriminals to take advantage of unprepared companies. Organisations that use cloud computing for their systems face a real risk of data loss.
Data leakage and loss were named as the top cloud security concern by 64% of cybersecurity experts.
Cloud service data accessibility has a double-edged effect in which malware is also readily available. DoS attacks, hyperjacking, and hypervisor infections are some examples of the various types of attacks that malware in the cloud can manifest.
Furthermore, Cloud Snooper is another cloud malware infecting cloud infrastructure servers.
Top cloud security threats
Various threats are associated with the cloud, some of which are not considered. Below, we have briefly discussed five security threats Australian and world organizations are exposed to when on the cloud network.
a) Misconfigured cloud services
One of the major problems that organisations face today is cloud misconfiguration. Even though they’re easily preventable, human negligence is the primary cause of this threat. Misconfiguring your organisation’s cloud service can pave the way to unauthorised access to your server, and this can invite huge problems in the future.
b) Data loss
When you’re using a platform that makes it easy to transfer data, it also brings along data loss resources. Several Australian organisations have complained that data loss and sprawl are their most significant issues regarding cloud storage. When you migrate huge amounts of data to the cloud, the chance of data loss cannot be denied. The best way to comply with this is to create updated backups for your data stores.
c) API vulnerabilities
Cloud services rely on APIs to communicate with applications. Although it might seem like a neat little tool, these APIs are primarily susceptible to cyberattacks. Cybercriminals can launch DoS attacks and inject codes to intrude into your Company’s cloud server and access the organisation’s important data.
d) Malware attacks
While the cloud is easily accessible to all, it is also accessible to people with ill intent. To top it off, cloud environments are interconnected, which means if there is any cyberattack, the damage caused will spread like wildfire. Some of the most dangerous cyberattack instances include hyperjacking, hypervisor infections, and DoS attacks.
e) Insufficient access management controls
Cloud storage is an economical way to store all your Company data and free up resources within your organisation, but most enterprises forget that not all data is for everyone.
Hasty cloud migration can make your important data available to everyone to access.
Before migrating the data, ensure to have appropriate access controls in place.
Insufficient safeguard identity policies will increase the risk of external attacks and lead to human error and employee negligence.
f) Cybercrime and Cloud computing
Not only do corporate giants risk having their data compromised, but small to mid-sized businesses also face a threat from cybercrime even if they believe they can fly under the radar. According to the National Cyber Security Alliance, over 70 percent of small businesses are attacked, and many don’t bounce back.
Rewind’s 2020 Data Protection Survey Report found that 1 in 4 e-commerce stores will lose the critical data and content that runs their store.
5) Supply chain vulnerabilities
Supply chain vulnerabilities refer to weaknesses or vulnerabilities in the systems, networks, and processes of a company’s suppliers, contractors, and other third-party partners. Cybercriminals can exploit these vulnerabilities to gain access to a company’s networks and data or launch attacks on the company’s customers or other partners.
Some of the common supply chain vulnerabilities include:
- Lack of security controls: Some suppliers may need adequate security measures to protect their networks and systems from cyber-attacks.
- Outdated software and hardware: Suppliers may use older versions of software and hardware that are no longer supported and have known vulnerabilities.
- Unsecured data transfer: Suppliers may not use secure protocols or encryption when transferring data, making it vulnerable to interception or tampering.
- Insufficient visibility: A company may need more visibility into the security practices of its suppliers, making it difficult to identify and address vulnerabilities.
- Third-party risk: A company may be exposed to risks from its suppliers’ suppliers, known as third-party risk, which can be difficult to manage.
6) Internal employees
Employees with bad security habits may unintentionally share passwords and leave equipment unprotected, while dissatisfied employees may sabotage networks or steal intellectual property and business secrets. Due to this, more businesses are using social engineering audits to evaluate how effective employee security policies and procedures are being implemented.
Social engineering audits will still be used in 2023 to verify that IT’s workforce security policies and procedures are reliable.
7) Data poisoning
According to an IBM 2022 study, 42% of businesses were exploring AI, while 35% were already using it. New opportunities will arise due to artificial intelligence for businesses in every sector. Unfortunately, malicious actors are also aware of this.
Data poisoning in AI systems is on the rise, and the Log4J Log4Shell bug serves as ample evidence of this. In data poisoning, a malicious actor devises a method to introduce tarnished data into an AI system, distorting the outcomes of an AI query and potentially returning a false AI result to business decision-makers.
In corporate systems, data poisoning is a new attack method. Constantly keeping an eye on your AI results is one way to defend against it. It’s time to examine the data’s integrity if you notice a system suddenly trending noticeably in a different direction from what it has previously revealed.
8) Multi-layer security
How much security is more than enough? Are you protected if you’ve secured your servers, installed security monitoring and interception software, firewalled your network, provided employees with multi-factor identification sign-on and implemented data encryption, but what if you forgot to lock the buildings where the servers are located or update the security software on your smartphones?
IT must regroup and keep an eye on numerous security layers. IT can tighten security by establishing a checklist for each workflow step that could lead to a security breach.
9) New technology
Companies are implementing new technology, such as biometrics. Although these technologies have significant advantages, because IT has little experience with them, they also pose new security risks. Before entering into a purchase agreement, IT can take the initiative to thoroughly investigate each new technology and its suppliers.
Various technologies are included in biometrics, including voice, retinal scanning, and even behaviour. Some biometrics, unlike passwords, are irreversible, which is a significant advantage.
A behaviour-based authentication method known as contextual authentication (or adaptive authentication) basically states, “I’m pretty sure I know you based on your behaviour, but if I see something different in you which is not normal, I need to act.”
Steps to Protect Organisations from Cyber Security Threats
a) Guidelines for Email Protection
- Use a strong password and update it regularly.
- Enable two-factor authentication.
- Be cautious of phishing attempts, and do not click on links or download attachments received from unknown sources.
- Use encryption to protect sensitive information in email messages and attachments.
- Keep your email client and operating system up to date with the latest security patches.
- Use reputable antivirus software.
- Be mindful of the information you share in emails and limit the amount of personal information included.
- Use a virtual private network (VPN) for accessing email on public Wi-Fi.
- Be aware of and adhere to relevant compliance regulations, such as HIPAA, for healthcare organizations.
- Regularly review and clean up old emails, especially those containing sensitive information.
b) Guidelines for Mobile Device Protection
- Use a strong passcode or biometric lock to protect your device from unauthorized access.
- Keep your mobile operating system and apps up to date with the latest security patches.
- Be cautious of downloading apps from untrusted sources. Only download apps from official app stores such as Google Play or the Apple App Store.
- Use a reputable mobile security app or antivirus software to protect your device from malware and other threats.
- Enable remote wipes or locate features on your device to protect against loss or theft.
- Be aware of and strictly adhere to any relevant compliance regulations, such as HIPAA for healthcare organizations.
- Do not store sensitive information on your device unless it is encrypted.
- Be mindful of the information you share on your device and limit the amount of personal information stored.
- Avoid using public Wi-Fi networks for sensitive transactions.
- Regularly review and clean up old data and apps on your device.
c) Guidelines for Cloud Security
In 2019, a Company not only faced a theft of 100 million credit, but the exfiltration of a misconfigured AWS storage bucket in the cloud led to regulatory headaches for the organisation.
Organisations failing to manage cloud network configuration and its regulatory compliance are subjected to fines, and lawsuits, and it can compromise their reputation in the market.
He elaborated that modern cybersecurity and associated regulatory frameworks need data encryption at rest and in transit.
1. Adapt the principle of least privilege
As a business grows its online presence, it’s typical for multiple employees to have access to the online resources needed to run the company. Only those who require the tools to do their jobs should have access to them, according to the principle of least privilege. For instance, your development team shouldn’t have access to sensitive financial data, and your finance team shouldn’t need access to your code repository.
Some tools have “temporary permission” features that give an employee outside the core team a brief window of time to finish a task. By doing this, businesses can continue as usual while providing better data protection.
2. Use a password manager
Numerous tools necessitate numerous passwords. Today’s office workers may have to decide between using weak passwords that are simple to remember and strong passwords that are difficult to remember.
Therefore, using a password manager like 1Password or LastPass is recommended instead of trying to create stronger passwords. This allows you to use unique, strong passwords for each of your online accounts while only needing to remember one master password. These managers aid in encrypting and locking away your passwords from prying eyes. However, the security of your password manager will depend on the master password you select for it. To find out how easy it would be for a computer to crack a potential password, visit a website like howsecureismypassword.net.
3. Embrace two-factor authentication
Two-factor authentication (2FA) is crucial because it provides protection above and beyond a password. Passwords can be stolen, guessed, or cracked, but with 2FA enabled, an attacker would also require physical access to the user’s device or token to access the system or service. Because an attacker would need the user’s password and physical access to their device or token, the chance of a successful attack is considerably reduced. Furthermore, 2FA helps guard against phishing and social engineering attacks, which try to fool users into disclosing their passwords. Overall, 2FA can assist in safeguarding sensitive information and systems from unauthorised access and lessen the risk of data breaches.
d) Other Measures
a) Regularly update software
- Regularly updating software, including the operating system and apps, is important for several reasons:
- Security: Software updates often include security patches that address known vulnerabilities in the software. By not updating, you are leaving your device or computer vulnerable to potential attacks.
- Bug fixes: Software updates often include fixes for bugs and errors that can cause problems or crashes.
- New features: Updates may include new features or improvements to existing ones.
- Compliance: Some organizations may require you to use specific versions of software for compliance reasons. Regularly updating ensures that you are using the most recent and compliant version.
- It’s important to set the updates to automatic to ensure that the device will always have the latest security patches and updates. You should also check for updates regularly if automatic updates are not enabled.
b) Use encryption
- Encryption is the method of converting plaintext (readable data) into ciphertext (unreadable data) through a mathematical algorithm and a secret key. This makes it very difficult for unauthorised parties to access or read the information. There are several types of encryption, but the two most common are symmetric and asymmetric encryption.
- Symmetric encryption: It uses the same secret key for encryption and decryption. This is faster than asymmetric encryption, but the key must be securely shared between the sender and receiver.
- Asymmetric encryption: It uses a pair of keys, which include a public and a private key. While the public key encrypts data, the private key decrypts it. This is slower than symmetric encryption but provides better security as the private key can be kept secret and only used by the intended recipient.
- Encryption can be used to protect various types of information, including:
- Email messages and attachments
- Files and folders on your computer or mobile device
- Data stored in the cloud
- Data transmitted over a network
- Hard drives and other storage media
- It’s important to use reputable encryption software and keep the encryption keys safe, as losing them may result in losing access to the encrypted data.
So, this was our blog on the latest threats in cyber security to watch out for in 2023 and tips to combat them.
This year, take a pledge to practice and follow strict security measures to prevent cyber-attacks.
Anitech’s ISMS consultants can provide a robust security framework to safeguard your management systems from intrusion and data breaches. We also have training programs for employees of organisations tailored to the requirement.
To talk to our consultants, ring us at 1300 802 163 or email us at email@example.com
For more updates on cyber security, information security, occupational hygiene, and more, stay tuned to Anitech.