08 March 2023

Five Security Trends that Companies Need to Prepare For

If companies are to prepare for the year ahead, it is important that they are not only aware of but also rectify their security vulnerabilities.

The year 2022 was an exceptional year that was defined by the COVID-19 pandemic, supply chain bottlenecks, geopolitical conflicts and economic attacks. Added to this was the growing number of cyberattacks. These developments are making life difficult for companies. Experts such as those at Interpol also anticipate a significant increase in cyberattacks such as ransomware and phishing for the coming year. If companies are to prepare for the year ahead, it is important that they are not only aware of but also rectify their security vulnerabilities. There are several trends in this context that will be important for 2023. 

Critical infrastructure remains a target for cybercriminals 

According to media reports, critical infrastructure is targeted by cyberattacks on an almost daily basis. This situation is a source of growing uncertainty for companies. In particular, highly sensitive infrastructure such as healthcare or energy providers will be targeted to an even greater degree by cybercriminals in 2023. What is striking is that attacks are becoming more frequent, faster and more focused. This is due not only to the increasing professionalism of hackers but also to the trend towards Cybercrime-as-a-Service (CaaS), which also makes it easier for amateur criminals to develop their own attacks and profit from them. 

New regulations are on the way

At the end of this year, the European Parliament agreed a framework (NIS 2) with EU member states that aims to better protect networks and information systems against cyberattacks. The states then have a period of 21 months in which to transpose NIS 2 into national legislation. NIS 2 establishes minimum requirements for the cooperation between countries and seeks to harmonise it in this way. Here too, the focus is on critical infrastructure because heavy fines will be imposed if the new requirements are not adhered to. Other companies are also required to improve their security measures based on the new framework and must submit a report to the relevant authorities within 24 hours of an event occurring. However, it is of concern that 47 per cent of the IT security managers from companies in the latest Security Barometer 2022 indicated that they were completely unaware of the current measures. Ten per cent of those surveyed said that they do not take precautions to enhance IT security. Therefore, companies need to take steps now to remedy their weaknesses and update their security measure to the latest status not only to avoid cyberattacks but also fines.

Companies still suffer from a shortage of IT experts 

According to the German Federal Statistical Office, more than three quarters of German companies had problems filling vacancies in 2022. The international situation is no better. According to the Cybersecurity Workforce Study 2022, the shortfall of security experts in the area of IT security was more than 26 per cent compared with 2021. Expressed in numbers, this means that companies need 3.4 million additional workers. At the same time, cyberattacks are on the rise. As a result, the situation will become even more critical next year because security vulnerabilities are either closed too late or not at all because they are simply being overlooked. To address these challenges, companies should be hiring young talented workers, even those with limited professional experience. Training and further education measures are also suitable measures for companies that want to implement new security standards and regulations in a timely manner. 

Banks will increasingly be affected by social engineering

Social engineering attacks are often only the start of a larger-scale cyberattack. This will continue to be the case in future, and criminals will expand their range of targets in 2023 as they focus increasingly on the banking and financial sector. Social engineering attacks conducted in real time also pose a serious threat. This is where an individual claiming to work at a bank or a public body calls a customer and urges them to transfer their money to a ‘secure’ account. Since the customer is transferring the money themselves, it is difficult for the real bank to determine whether this is a case of fraud. However, the incidence of identity theft and account takeovers for criminal purposes in the banking sector will also increase in 2023 because cybercriminals are becoming increasingly proficient in this field as well.

Deepfakes a new threat

According to Europol and the FBI, deepfakes pose a serious threat. Although deepfakes have yet to evolve to a stage where they can be regarded as widespread, cybercriminals will increasingly misuse this technology to make their fraud scenarios even more authentic. There have already been reports of fake videos or even deepfake voice-overs being used to overcome know-your-customer processes (KYC). As technology continues to develop rapidly, it is only a matter of time until it is used by cybercriminals. After all, the technical principles are established and the necessary source code to create a deepfake is openly available. 

Taking dangers seriously

Companies and IT decision-makers need to prepare for stricter IT security requirements. They also need to get their security measures up to speed to better protect their customers. After all, the risk of falling victim to a cyberattack is merely a question of time.

Original article on Nevis Security’s website