Key Cybersecurity Threats To Watch For

Eric Schifflers


May 3, 2023

Watching for cyberthreats

Cybercrime has become more lucrative and is occurring more frequently than ever before. Owing to our growing dependence on technology, a ransomware attack now hits an organization every 11 seconds. Simply put, the more we adopt and use digital technology, the more opportunities there are for criminals to profit from emerging vulnerabilities. Despite growing awareness and increased spending by organizations to protect themselves and to build resilience in the event of a successful attack, specific cyberthreats will continue to proliferate. Cyberrisks will have to be mitigated by managing direct threats, but sufficient resources will also be required to navigate an increasingly complicated regulatory and operational environment.

Ransomware on the Rise
Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall. The increased use of digital communication during the pandemic and widespread use of digital tools has provided hackers with more room to maneuver. Their phishing scams and targeted deep fakes are becoming more and more sophisticated and as a result employees must take extra care when they receive requests for internal information.

Internal Threats from Malicious Insiders
Financial companies are disproportionately targeted by cyber criminals due to the profitability of the data they accumulate. Financially motivated criminals attempt to infiltrate systems using tactics like server access, misconfigurations and fraud, often monetizing their activities through ransomware.

Given these tactics, providing cybersecurity awareness training is key to avoid incidents. Almost one third of successful breaches in the financial services sector come from internal actors, and in some cases, employees are not even aware they are putting their company at risk.

Insiders who willingly aid cybercriminals, on the other hand, can be difficult to single out. To reduce the threat from malicious insiders, cyber security systems need to take into account a broad range of information and be able to detect unusual or erratic user activity. In this regard, user and entity behavior analytics (UEBA) can be critical to properly vet new hires and to keep an eye out for unusual practices in the workplace. Processes and controls must also be established for granting access to sensitive data and followed closely at all times.

State-sponsored Actors Causing Significant Collateral Damage
State-sponsored cybercrime is now one of the most notorious forms of cybercriminal activity, and it will likely flourish in the current period of  heightened geo-political tensions. Taking advantage of our increased technological dependency, nation-states use cybercrime for espionage, sabotage or simply to spread misinformation. Some nations may even turn a blind eye to cybercriminal groups operating inside their borders, as long as they are targeting the private sector in other countries.  

Private companies will therefore need to closely monitor potential collateral damage caused in some cases by state-sponsored threat actors whose motives may not be obvious.

Many outside the cybersecurity industry may unknowingly assume that government departments are the key target of state-sponsored criminal activity. However, only a quarter of the cyberattacks in 2021 reported in Europe were directed at public administrations. In fact, more than half of those targeted were private-sector companies across a wide range of sectors. Increasingly, targets involve critical infrastructure. For example, in January, the U.K.’s Royal Mail suffered what they claimed to be a ”cyber incident” with various news outlets attributing the crime to the LockBit ransomware group, an organization with ties to Russia.

The Vulnerability of Global Supply Chains
Globalization has dramatically increased the amount of goods moving around the world. This surge in demand has placed greater pressure on both supplies and manufacturers resulting in supply chains that are stretched over large distances and logistics that are extremely sensitive to any disruption. Already weakened from pandemic bottlenecks, the manufacturing sector has become an attractive target for cybercriminals.

Manufacturers and service providers often adopt new digital technology in order to quickly enhance productivity but sometimes do so without paying sufficient attention to security issues. The introduction of robotics and the internet of things has provided hackers with new avenues to explore and exploit. One example is Norsk Hydro, one of the largest producers of light metals. In 2019, the Norwegian energy giant had to switch to manual production due to a cyberattack that locked all employees out of the company’s IT network. For several weeks, Norsk Hydro operated without computers, costing the firm $70 million.

A Changing Regulatory Landscape
Policymakers and regulators around the world have reacted to growing fears concerning the vulnerability of critical national infrastructure, businesses and private citizens to cybercriminal activity. New legislation to improve resilience and to try to stem the growing tide of cyber incidents is beginning to appear.

Spurred into action by a series of high-profile cybercrimes involving businesses and infrastructure, such as the Colonial Pipeline hack in 2021, the U.S. passed the Strengthening American Cybersecurity Act of 2022. The legislation obliges companies to contact the Cybersecurity and Infrastructure Security Agency within 72 hours of discovering a cybersecurity breach and within 24 hours of paying ransom to cybercriminals. The law specifically targets companies that provide critical infrastructure.

Last November, the European Parliament introduced the new Digital Operational Resilience Act (DORA) as well as a comprehensive framework for the digital operational resilience of the financial sector. Almost all regulated financial institutions are bound by DORA to implement sufficient safeguards to protect against cyber and other IT-related risks.

As the implications of these new laws become clearer and more countries produce their own cybersecurity legislation, meeting the increasing cybersecurity-specific regulatory requirements across all countries and regions where companies operate will be a growing challenge for cyber security managers.

Attracting and Holding onto Cybersecurity Talent
Unfortunately, the increased use of technology and the rise of cybercrime has not been accompanied by an increase in the number of qualified cybersecurity professionals available to protect company infrastructure. Therefore, attracting and retaining the right talent has proved difficult for businesses and this will continue to be the case in the future.

Recruiting professionals with the required skill set is critical, but just as important is keeping that talent. Many cybersecurity professionals want to work at organizations where their voices will be heard at senior management level, where well-defined cybersecurity procedures and automation are in place and where cybersecurity training and investment throughout the organization is considered a key priority. Many also want to feel challenged to come up with creative solutions to important issues and to feel a connection with the company they work for. For these reasons, organizations must focus on creating an environment that allows cybersecurity professionals to enjoy a fulfilling career, not simply addressing the company’s specific needs. In order to keep pace with the constantly evolving cyber environment, companies must adopt a broad vision and provide those defending their digital infrastructure with adequate resources.  

Eric Schifflers is chief information security officer at Ria Money Transfer.