Next Year, Cybercriminals Will Be As Busy As Ever. Are IT Departments Ready?

According to a recent post on the TechRepublic webpage, going into 2023, cybersecurity is still topping the list of CIO concerns. “This comes as no surprise. In the first half of 2022, there were 2.8 billion worldwide malware attacks and 236.1 million ransomware attacks. By year end 2022, it is expected that six billion phishing attacks will have been launched.”

The article identifies the eight top security threats for next year being the following:

Malware: Malware is malicious software that is injected into networks and systems with the intention of causing disruption to computers, servers, workstations and networks. Malware can extract confidential information, deny service and gain access to systems. Malware bad actors continue to evolve ways to elude the defenses in place. That makes maintaining current updates to security software and firewalls essential.

Ransomware: Ransomware is a type of malware that blocks access to a system or threatens to publish proprietary information. So far, in 2022, ransomware attacks on companies are 33% higher than they were in 2021. Many companies agree to pay ransoms to get their systems back, only to be hit again by the same ransomware perpetrators.

Phishing: Phishing is a major threat to companies because it is easy for unsuspecting employees to open bogus emails and unleash viruses. Employee training on how to recognize phony emails, report them and never open them can really help.

IoT: In 2020, 61% of companies were using IoT, and this percentage only continues to increase. With the expansion of IoT, security risks also grow. IoT vendors are notorious for implementing little to no security on their devices. IT can combat this threat by vetting IoT vendors upfront in the RFP process for security and by resetting IoT security defaults on devices so they conform to corporate standards.

Internal employees: Disgruntled employees can sabotage networks or make off with intellectual property and proprietary information, and employees who practice poor security habits can inadvertently share passwords and leave equipment unprotected. This is why there has been an uptick in the number of companies that use social engineering audits to check how well employee security policies and procedures are working.

Data poisoning: An IBM 2022 study found that 35% of companies were using AI in their business and 42% were exploring it. Now, cases of data poisoning in AI systems have started to appear. In a data poisoning, a malicious actor finds a way to inject corrupted data into an AI system that will skew the results of an AI inquiry, potentially returning an AI result to company decision makers that is false. Data poisoning is a new attack vector into corporate systems. One way to protect against it is to continuously monitor your AI results.

New technology: Organizations are adopting new technology like biometrics. These technologies yield enormous benefits, but they also introduce new security risks since IT has limited experience with them

Multi-layer security: There are many layers of security that IT must batten down and monitor. IT can tighten up security by creating a checklist for every security breach point in a workflow.

For more, visit Top cybersecurity threats for 2023 | TechRepublic.